## Abstract

The well known impossibility result of Cleve (STOC 1986) implies that in general it is impossible to securely compute a function with \emph{complete fairness} without an honest majority. Since then, the accepted belief has been that \emph{nothing} non-trivial can be

computed with complete fairness in the two party setting. The surprising work of Gordon, Hazay, Katz and Lindell (STOC 2008) shows that this belief is false, and that there exist \emph{some} non-trivial (deterministic, finite-domain) boolean functions that can be computed fairly. This raises the fundamental question of characterizing complete fairness in secure two-party computation.

In this work we show that not only that some or few functions can be computed fairly, but rather an \emph{enormous number} of functions can be computed fairly. In fact, \emph{almost all} boolean functions with distinct domain sizes can be computed with complete fairness (for instance, more than of the boolean functions with domain sizes ). The class of functions that is shown to be possible includes also rather involved and highly non-trivial tasks, such as set-membership, evaluation of a private (boolean) function, private matchmaking and set-disjointness.

In addition, we demonstrate that fairness is not restricted to the class of symmetric boolean functions where both parties get the same output, which is the only known feasibility result. Specifically, we show that fairness is also possible for asymmetric boolean functions where the output of the parties is not necessarily the same. Moreover, we consider the class of functions with \emph{non-binary} output, and show that fairness is possible \emph{for any finite range}.

The constructions are based on the protocol of Gordon et.~al, and its analysis uses tools from convex geometry.

computed with complete fairness in the two party setting. The surprising work of Gordon, Hazay, Katz and Lindell (STOC 2008) shows that this belief is false, and that there exist \emph{some} non-trivial (deterministic, finite-domain) boolean functions that can be computed fairly. This raises the fundamental question of characterizing complete fairness in secure two-party computation.

In this work we show that not only that some or few functions can be computed fairly, but rather an \emph{enormous number} of functions can be computed fairly. In fact, \emph{almost all} boolean functions with distinct domain sizes can be computed with complete fairness (for instance, more than of the boolean functions with domain sizes ). The class of functions that is shown to be possible includes also rather involved and highly non-trivial tasks, such as set-membership, evaluation of a private (boolean) function, private matchmaking and set-disjointness.

In addition, we demonstrate that fairness is not restricted to the class of symmetric boolean functions where both parties get the same output, which is the only known feasibility result. Specifically, we show that fairness is also possible for asymmetric boolean functions where the output of the parties is not necessarily the same. Moreover, we consider the class of functions with \emph{non-binary} output, and show that fairness is possible \emph{for any finite range}.

The constructions are based on the protocol of Gordon et.~al, and its analysis uses tools from convex geometry.

Original language | American English |
---|---|

Article number | 2014/098 |

Number of pages | 41 |

Journal | IACR Cryptology ePrint Archive, |

Volume | 2014 |

State | Published - 10 Feb 2014 |