TY - GEN
T1 - Resource fairness and composability of cryptographic protocols
AU - Garay, Juan
AU - MacKenzie, Philip
AU - Prabhakaran, Manoj
AU - Yang, Ke
N1 - Funding Information:
This study was partially performed in the MATEIS CNRS UMR5510 laboratory of INSA-Lyon (Prof. H. Idrissi) as part of a doctoral thesis of Dr Alexis Tshimombo (ISTA Kinshasa, République Démocratique du Congo) prepared under joint supervision between the Department of Metallurgy at the Faculty of Engineering, University of Mons—UMONS and INSA Lyon. The authors especially thank all the staff of the RI2S (Reactivity of Interfaces and Surfaces Engineering) laboratory. One of the authors (A. Tshimombo) wishes to thank the CTB (Agence belge de développement) and the CUD (Coopération universitaire au développement) for funding.
PY - 2006
Y1 - 2006
N2 - We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to similar previously proposed definitions, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to "invest resources" in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a "wrapper.") Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a "commit-prove-fair-open" functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as "time-lines." With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.
AB - We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to similar previously proposed definitions, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to "invest resources" in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a "wrapper.") Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a "commit-prove-fair-open" functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as "time-lines." With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.
UR - http://www.scopus.com/inward/record.url?scp=33745536762&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33745536762&partnerID=8YFLogxK
U2 - 10.1007/11681878_21
DO - 10.1007/11681878_21
M3 - Conference contribution
AN - SCOPUS:33745536762
SN - 3540327312
SN - 9783540327318
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 404
EP - 428
BT - Theory of Cryptography
T2 - 3rd Theory of Cryptography Conference, TCC 2006
Y2 - 4 March 2006 through 7 March 2006
ER -