Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
How Did Dread Pirate Roberts Acquire and Protect his Bitcoin Wealth? Kapitel lesen Erstes Kapitel lesen

2014 | OriginalPaper | Buchkapitel

Fair Two-Party Computations via Bitcoin Deposits

verfasst von : Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, Łukasz Mazurek

Erschienen in: Financial Cryptography and Data Security

Verlag: Springer Berlin Heidelberg

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

We show how the Bitcoin currency system (with a small modification) can be used to obtain fairness in any two-party secure computation protocol in the following sense: if one party aborts the protocol after learning the output then the other party gets a financial compensation (in bitcoins). One possible application of such protocols is the fair contract signing: each party is forced to complete the protocol, or to pay to the other one a fine.
We also show how to link the output of this protocol to the Bitcoin currency. More precisely: we show a method to design secure two-party protocols for functionalities that result in a “forced” financial transfer from one party to the other.
Our protocols build upon the ideas of our recent paper “Secure Multiparty Computations on Bitcoin” (Cryptology ePrint Archive, Report 2013/784). Compared to that paper, our results are more general, since our protocols allow to compute any function, while in the previous paper we concentrated only on some specific tasks (commitment schemes and lotteries). On the other hand, as opposed to “Secure Multiparty Computations on Bitcoin”, to obtain security we need to modify the Bitcoin specification so that the transactions are “non-malleable” (we discuss this concept in more detail in the paper).

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel The Bitcoin P2P Network
Nächstes Kapitel Increasing Anonymity in Bitcoin
Fußnoten
1
A real-life example of such situation is the recent case when the German tax authorities paid 4 million euro to an anonymous informant for a CD containing information about the German tax evaders with bank accounts in Switzerland [13].
 
2
In the original Bitcoin documentation this is called “simplified \(T_{x}\)”.
 
3
Technically in Bitcoin \([T_{x}]\) is not directly passed as an argument to \(\pi '_{i}\). We adopt this convention to make the exposition clearer.
 
4
The reason is that it is impossible to construct a signature, in such a way, that it is a part of the message being signed.
 
5
In this paper we usually treat input scripts as arguments for the corresponding output scripts. In reality, however, they are scripts in Bitcoin scripting language, which are supposed to push arguments for an output script on the stack.
 
6
To read more about such deposits see [26].
 
7
The server signs a transactions \( Fuse \) without seeing the transaction \( Put \) and a malicious client could try to send a hash of an existing transaction instead of \( Put \). Therefore, the server should use a fresh key every time to prevent itself from being tricked into signing a transaction spending some other transaction of its to the client.
 
8
The only exception are the so-called generation transactions, which create new bitcoins and can have arbitrary input scripts (the script is called “coinbase” in this case). However, it is not difficult to ensure that each such transaction has a different hash, by using a new pair of keys for each generation.
 
9
Except of that, what she can learn from her inputs and from the function being computed.
 
10
The number of outputs created this way is limited and not greater than \(30\) as a bitcoin is not infinitely divisible. The smallest amount of bitcoins is called “satoshi” and is equal to \(10^{-8}\)  https://static-content.springer.com/image/chp%3A10.1007%2F978-3-662-44774-1_8/330030_1_En_8_IEq308_HTML.gif .
 
Literatur
1.
Abadi, M., Glew, N.: Certified email with a light on-line trusted third party: design and implementation. In: WWW ’02
2.
3.
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: How to deal with malleability of Bitcoin transactions. CoRR, abs/1312.3230 (2013)
4.
Ateniese, G., Nita-Rotaru, C.: Stateless-recipient certified e-mail system based on verifiable encryption. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 182–199. Springer, Heidelberg (2002)CrossRef
5.
6.
Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Trans. Inf. Theor. 36(1), 40–46 (1990)CrossRef
7.
Blum, M.: Coin flipping by telephone. In: CRYPTO 1981 (1981)
8.
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)CrossRef
9.
Clark, J., Essex, A.: CommitCoin: carbon dating commitments with Bitcoin. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 390–398. Springer, Heidelberg (2012)CrossRef
10.
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: STOC ’86
11.
Cramer, Ronald: Introduction to secure computation. In: Damgård, Ivan Bjerre (ed.) EEF School 1998. LNCS, vol. 1561, p. 16. Springer, Heidelberg (1999)CrossRef
12.
Damgård, I.B.: Practical and provably secure release of a secret and exchange of signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 200–217. Springer, Heidelberg (1994)CrossRef
13.
Der Spiegel International. Swiss Bank Data: German Tax Officials Launch Nationwide Raids, April 2013
14.
Pfitzmann, B., et al.: Optimal efficiency of optimistic contract signing. In: PODC ’98
15.
Miers, I., et al.: Zerocoin: anonymous distributed e-cash from Bitcoin. IEEE S&P (2012)
16.
Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better—how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012)CrossRef
17.
Gordon, S., et al.: Complete fairness in secure two-party computation. J. ACM 58(6), 1–37 (2011)CrossRef
18.
Even, S., Yacobi, Y.: Relations among public key signature schemes. Technical report 175, Computer Science Department, Technion, Israel (1980)
19.
Garay, J.A., Jakobsson, M.: Timed release of standard digital signatures. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 168–182. Springer, Heidelberg (2003)CrossRef
20.
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: STOC 1987 (1987)
21.
Goldreich, O.: The Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2004)CrossRef
22.
Goldreich, O., Micali, S., Wigderson, A: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In: FOCS ’86
23.
Goldreich, O., Vainish, R.: How to solve any protocol problem - an efficiency improvement. In: CRYPTO ’87
24.
Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM J. Comput. 18(1), 186–208 (1989)MathSciNetCrossRefMATH
25.
Pinkas, B.: Fair secure two-party computation. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 87–105. Springer, Heidelberg (2003)CrossRef
26.
27.
28.
29.
Yao, A.C.-C.: How to generate and exchange secrets. In: FOCS 1986 (1986)
30.
Zhou, J., Gollmann, D.: A fair non-repudiation protocol. In: IEEE S&P (1996)
31.
Zhou, J., Gollmann, D.: Certified electronic mail. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 160–171. Springer, Heidelberg (1996)CrossRef
Metadaten
Titel
Fair Two-Party Computations via Bitcoin Deposits
verfasst von
Marcin Andrychowicz
Stefan Dziembowski
Daniel Malinowski
Łukasz Mazurek
Copyright-Jahr
2014
Verlag
Springer Berlin Heidelberg
Buch
Financial Cryptography and Data Security

Print ISBN: 978-3-662-44773-4

Electronic ISBN: 978-3-662-44774-1

Copyright-Jahr: 2014

DOI
https://doi.org/10.1007/978-3-662-44774-1_8

Premium Partner

    Bildnachweise