TY - GEN
T1 - On fair exchange, fair coins and fair sampling
AU - Agrawal, Shashank
AU - Prabhakaran, Manoj
N1 - Funding Information:
Research supported in part by NSF grants 1228856 and 0747027.
PY - 2013
Y1 - 2013
N2 - We study various classical secure computation problems in the context of fairness, and relate them with each other. We also systematically study fair sampling problems (i.e., inputless functionalities) and discover three levels of complexity for them. Our results include the following: - Fair exchange cannot be securely reduced to the problem of fair cointossing by an r-round protocol, except with an error that is Ω(1/r). - Finite fair sampling problems with rational probabilities can all be reduced to fair coin-tossing and unfair 2-party computation (or equivalently, under computational assumptions). Thus, for this class of functionalities, fair coin-tossing is complete. - Only sampling problems which have fair protocols without any fair setup are the trivial ones in which the two parties can sample their outputs independently. Others all have an Ω(1/r) error, roughly matching an upperbound for fair sampling from [21]. - We study communication-less protocols for sampling, given another sampling problem as setup, since such protocols are inherently fair. We use spectral graph theoretic tools to show that it is impossible to reduce a sampling problem with common information (like fair cointossing) to a sampling problem without (like "noisy" coin-tossing, which has a small probability of disagreement). The last result above is a slightly sharper version of a classical result by Witsenhausen from 1975. Our proof reveals the connection between the tool used by Witsenhausen, namely "maximal correlation," and spectral graph theoretic tools like Cheeger inequality.
AB - We study various classical secure computation problems in the context of fairness, and relate them with each other. We also systematically study fair sampling problems (i.e., inputless functionalities) and discover three levels of complexity for them. Our results include the following: - Fair exchange cannot be securely reduced to the problem of fair cointossing by an r-round protocol, except with an error that is Ω(1/r). - Finite fair sampling problems with rational probabilities can all be reduced to fair coin-tossing and unfair 2-party computation (or equivalently, under computational assumptions). Thus, for this class of functionalities, fair coin-tossing is complete. - Only sampling problems which have fair protocols without any fair setup are the trivial ones in which the two parties can sample their outputs independently. Others all have an Ω(1/r) error, roughly matching an upperbound for fair sampling from [21]. - We study communication-less protocols for sampling, given another sampling problem as setup, since such protocols are inherently fair. We use spectral graph theoretic tools to show that it is impossible to reduce a sampling problem with common information (like fair cointossing) to a sampling problem without (like "noisy" coin-tossing, which has a small probability of disagreement). The last result above is a slightly sharper version of a classical result by Witsenhausen from 1975. Our proof reveals the connection between the tool used by Witsenhausen, namely "maximal correlation," and spectral graph theoretic tools like Cheeger inequality.
UR - http://www.scopus.com/inward/record.url?scp=84884484159&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84884484159&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-40041-4_15
DO - 10.1007/978-3-642-40041-4_15
M3 - Conference contribution
AN - SCOPUS:84884484159
SN - 9783642400407
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 259
EP - 276
BT - Advances in Cryptology, CRYPTO 2013 - 33rd Annual Cryptology Conference, Proceedings
T2 - 33rd Annual International Cryptology Conference, CRYPTO 2013
Y2 - 18 August 2013 through 22 August 2013
ER -