TY - GEN

T1 - Complete fairness in secure two-party computation

AU - Dov Gordon, S.

AU - Hazay, Carmit

AU - Lindell, Yehuda

AU - Katz, Jonathan

PY - 2008

Y1 - 2008

N2 - In the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable property is fairness, which guarantees that if either party receives its output, then the other party does too. Cleve (STOC 1986) showed that complete fairness cannot be achieved in general in the two-party setting; specifically, he showed (essentially) that it is impossible to compute Boolean XOR with complete fairness. Since his work, the accepted folklore has been that nothing non-trivial can be computed with complete fairness, and the question of complete fairness in secure two-partyr computation has been treated as closed since the late '80s. In this paper, we demonstrate that this widely held folklore belief is false by showing completely-fair secure protocols for various non-trivial two-party functions including Boolean AND/OR as well as Yao's "millionaires' problem". Surprisingly, we show that it is even possible to construct completely-fair protocols for certain functions containing an "embedded XOR", although in this case we also prove a lower-bound showing that a super-logarithmic number of rounds are necessary. Our results demonstrate that the question of completely-fair secure computation without an honest majority is far from closed.

AB - In the setting of secure two-party computation, two mutually distrusting parties wish to compute some function of their inputs while preserving, to the extent possible, various security properties such as privacy, correctness, and more. One desirable property is fairness, which guarantees that if either party receives its output, then the other party does too. Cleve (STOC 1986) showed that complete fairness cannot be achieved in general in the two-party setting; specifically, he showed (essentially) that it is impossible to compute Boolean XOR with complete fairness. Since his work, the accepted folklore has been that nothing non-trivial can be computed with complete fairness, and the question of complete fairness in secure two-partyr computation has been treated as closed since the late '80s. In this paper, we demonstrate that this widely held folklore belief is false by showing completely-fair secure protocols for various non-trivial two-party functions including Boolean AND/OR as well as Yao's "millionaires' problem". Surprisingly, we show that it is even possible to construct completely-fair protocols for certain functions containing an "embedded XOR", although in this case we also prove a lower-bound showing that a super-logarithmic number of rounds are necessary. Our results demonstrate that the question of completely-fair secure computation without an honest majority is far from closed.

KW - Cryptography

KW - Fairness

KW - Secure computation

UR - http://www.scopus.com/inward/record.url?scp=57049135299&partnerID=8YFLogxK

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:57049135299

SN - 9781605580470

T3 - Proceedings of the Annual ACM Symposium on Theory of Computing

SP - 413

EP - 422

BT - STOC'08

T2 - 40th Annual ACM Symposium on Theory of Computing, STOC 2008

Y2 - 17 May 2008 through 20 May 2008

ER -