2010 | OriginalPaper | Buchkapitel
On Complete Primitives for Fairness
verfasst von : Dov Gordon, Yuval Ishai, Tal Moran, Rafail Ostrovsky, Amit Sahai
Erschienen in: Theory of Cryptography
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
For secure two-party and multi-party computation with abort, classification of which primitives are
complete
has been extensively studied in the literature. However, for
fair
secure computation, where (roughly speaking) either all parties learn the output or none do, the question of complete primitives has remained largely unstudied. In this work, we initiate a rigorous study of completeness for primitives that allow fair computation. We show the following results:
No “short” primitive is complete for fairness.
In surprising contrast to other notions of security for secure two-party computation, we show that for fair secure computation, no primitive of size
O
(log
k
) is complete, where
k
is a security parameter. This is the case even if we can enforce parallelism in calls to the primitives (i.e., the adversary does not get output from any primitive in a parallel call until it sends input to all of them). This negative result holds regardless of any computational assumptions.
A fairness hierarchy.
We clarify the fairness landscape further by exhibiting the existence of a “fairness hierarchy”. We show that for every “short” ℓ =
O
(log
k
), no protocol making (serial) access to any ℓ-bit primitive can be used to construct even a (ℓ + 1)-bit simultaneous broadcast.
Positive results.
To complement the negative results, we exhibit a
k
-bit primitive that
is
complete for two-party fair secure computation. We show how to generalize this result to the multi-party setting.
Fairness combiners.
We also introduce the question of constructing a protocol for fair secure computation from primitives that may be faulty. We show that this is possible when a majority of the instances are honest. On the flip side, we show that this result is tight: no functionality is complete for fairness if half (or more) of the instances can be malicious.