Utility dependence in correct and fair rational secret sharing

Gilad Asharov, Yehuda Lindell

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

36 Scopus citations


The problem of carrying out cryptographic computations when the participating parties are rational in a game-theoretic sense has recently gained much attention. One problem that has been studied considerably is that of rational secret sharing. In this setting, the aim is to construct a mechanism (protocol) so that parties behaving rationally have incentive to cooperate and provide their shares in the reconstruction phase, even if each party prefers to be the only one to learn the secret. Although this question was only recently asked by Halpern and Teague (STOC 2004), a number of works with beautiful ideas have been presented to solve this problem. However, they all have the property that the protocols constructed need to know the actual utility values of the parties (or at least a bound on them). This assumption is very problematic because the utilities of parties are not public knowledge. We ask whether this dependence on the actual utility values is really necessary and prove that in the basic setting, rational secret sharing cannot be achieved without it. On the positive side, we show that by somewhat relaxing the standard assumptions on the utility functions, it is possible to achieve utility independence. In addition to the above, observe that the known protocols for rational secret sharing that do not assume simultaneous channels all suffer from the problem that one of the parties can cause the others to output an incorrect value. (This problem arises when a party gains higher utility by having another output an incorrect value than by learning the secret itself; we argue that such a scenario is not at all unlikely.) We show that this problem is inherent in the non-simultaneous channels model, unless the actual values of the parties' utilities from this attack is known, in which case it is possible to prevent this from happening.

Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2009 - 29th Annual International Cryptology Conference, Proceedings
Number of pages18
StatePublished - 2009
Event29th Annual International Cryptology Conference, CRYPTO 2009 - Santa Barbara, CA, United States
Duration: 16 Aug 200920 Aug 2009

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5677 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference29th Annual International Cryptology Conference, CRYPTO 2009
Country/TerritoryUnited States
CitySanta Barbara, CA

Bibliographical note

Funding Information:
Research supported by the israel science foundation (grant No. 781/07).


Dive into the research topics of 'Utility dependence in correct and fair rational secret sharing'. Together they form a unique fingerprint.

Cite this