Researches On Fairness Of Secure Multi-party Computation

Secure multi-party computation (SMPC) is one of the hot topics in modern cryptography. Generally, SMPC deals with computing an arbitrary desired functionality f(x1,...,xn)=(O1,...,On) among n mutually untrusted partiesP1,...,Pn, where each party Pi holds his private input xi and wants to know the output Ot without leaking to others any additional information. The design of any cryptographic scheme or any cooperative computation may be viewed as the design of a secure protocol for implementing a suitable functionality.Fairness is a very desirable property in designing such SMPC protocols, it’s very important in many applications such as fair (secret) exchange, e-contract negotiation, and so on. Informally, a protocol is fair if either all the parties know their (private) outputs, or none of them knows anything.Timed commitment is a cryptographic tool for the construction of fair SMPC protocols. First, we constructed an efficient timed commitment and an efficient gradual release timed commitment based on Pedersen commitment and time-lines technique. These two protocols both had two advantadges that they were more efficient than other timed commitment protocols and had another important property:homomorphism. Then, based on our new gradual release timed commitment, Pedersen commitment, and committed oblivious transfer, we proposed a fair SMPC protocol, FairS2PC, which was a fair and secure Yao’s garbled circuit protocol against the malivious adversary. FairS2PC didn’t required any trusted third party to be involved which is very important in many applications; it was more efficient than other protocols according to the gradual release model, especially for the bandwidth. Timed commitment could be also used to ensure fairness of exchange protocols or coin-flipping protocols. We designed a fair and secure multi-party coin-flipping protocol based on the gradual release timed commitment and GBBS (generalized Blum-Blum-Shub) assumption, which enjoyed two advantadges that the bias was reduced to0from the best previously known0(1/r)(r is the number of communication round) and there was no limitation to the number of corrupted parties. We improved the constructions of fair SMPC prtocols based on timed commitment. However, the security of the above protocols couldn’t be proved according to the standard simulation paradigm. In order to prove the security of SMPC protocols according to the standard simulation paradigm, we constructed an efficient resource-fair protocol, NewGradRel, for the "commit-prove-fair-open"(FCPHFP) functionality. We had proven the security of NewGradRel according to the resource-fair ideal/real world simulation paradigm. Compared with GradRel that was the only construction of FCPHFO, the communications and computations of NewGradRel was less than1/5of GradRel. In addition, NewGradRel allowed commitment to value0, which is not possible in the plain GradRel construction. Then, based on NewGradRel and Camenisch-Shoup (CS)/Simplified Camenisch-Shoup (sCS) encryptions, CS/sCS commitments and committed oblivious transfer, we constructed a fair SMPC protocol, RSFairS2PC, in the malicious mdoel, which not only had the advantages of FairS2PC and also its security could be proved according to the resource-fair ideal/real world simulation paradigm. According to our best knowledge, RSFairS2PC is the first fair and UC-secure Yao’s garbled circuit protocol against the malivious adversary.At the same time, we introduced the "commit-prove-honest-fair-open"(FCPHFO) functionality that is a new variant of FCPFO. Then, we constructed a resource-fair and secure two-party coin-flipping protocol according to the resource-fair ideal/real world simulation paradigm in the FCPFO-hybrid model. Compared with the other coin-flipping protocols, our protocol enjoyed another important advantage that its bias is0.