Abstract
In ACM CCS’17, Choudhuri et al. designed two fair public-ledger-based multi-party protocols (in the malicious model with dishonest majority) for computing an arbitrary function f. One of their protocols is based on a trusted hardware enclave \(\mathcal {G}\) (which can be implemented using Intel SGX-hardware) and a public ledger (which can be implemented using a blockchain platform, such as Ethereum). Subsequently, in NDSS’19, a stateless version of the protocol was published. This is the first time, (a certain definition of) fairness – that guarantees either all parties learn the final output or nobody does – is achieved without any monetary or computational penalties. However, these protocols are fair, if the underlying core MPC component guarantees both privacy and correctness. While privacy is easy to achieve (using a secret sharing scheme), correctness requires expensive operations (such as ZK proofs and commitment schemes). We improve on this work in three different directions: attack, design and performance.
Our first major contribution is building practical attacks that demonstrate: if correctness is not satisfied then the fairness property of the aforementioned protocols collapse. Next, we design two new protocols – stateful and stateless – based on public ledger and trusted hardware that are: resistant against the aforementioned attacks, and made several orders of magnitude more efficient (related to both time and memory) than the existing ones by eliminating ZK proofs and commitment schemes in the design.
Last but not the least, we implemented the core MPC part of our protocols using the SPDZ-2 framework to demonstrate the feasibility of its practical implementation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
\(\mathcal {G}\) is implemented using Intel SGX hardware.
- 3.
If \(P_1\) posts an incorrect ciphertext to BB then he himself gets a wrong tag from BB, preventing him from obtaining the f from \(\mathcal {G}\).
- 4.
The auxiliary input is derived by the adversary (as well as the simulator) from the previous executions of the protocol.
- 5.
Another way of designing \(\pi \) is by using SPDZ directly [11].
- 6.
Note that none of the parties know the key K; \(P_i\) knows only \(k_i\).
References
Certificate transparency. https://www.certificate-transparency.org/. Accessed 25 Feb 2019
SPDZ, MASCOT, and Overdrive offline phases Github (2017). https://github.com/bristolcrypto/SPDZ-2
Obscuro. Github (2017). https://github.com/BitObscuro/Obscuro
Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_8
Bahmani, R., et al.: Secure multiparty computation from SGX. In: Kiayias, A. (ed.) FC 2017. LNCS, vol. 10322, pp. 477–497. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70972-7_27
Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_24
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_15
Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: fair multiparty computation from public bulletin boards. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 719–728. ACM (2017)
Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, pp. 364–369. ACM (1986)
Costan, V., Devadas, S.: Intel SGX explained. In: IACR Cryptology ePrint Archive, vol. 2016, no. 086, pp. 1–118 (2016)
Damgård, I., Keller, M., Larraia, E., Pastro, V., Scholl, P., Smart, N.P.: Practical covertly secure MPC for dishonest majority – Or: breaking the SPDZ limits. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 1–18. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40203-6_1
Du, W., Atallah, M.J.: Secure multi-party computation problems and their applications: a review and open problems. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 13–22. ACM (2001)
Goldreich, O.: Foundations of Cryptography: Basic Tools, vol. 1. Cambridge University Press, Cambridge (2007)
Goldreich, O.: Foundations of Cryptography: Basic Applications, vol. 2. Cambridge University Press, Cambridge (2009)
Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the Nineteenth Annual ACM Symposium on Theory of Computing, pp. 218–229. ACM (1987)
Kaptchuk, G., Green, M., Miers, I.: Giving state to the stateless: augmenting trustworthy computation with ledgers. In: 26th Annual Network and Distributed System Security Symposium, NDSS (2019)
Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_25
Kumaresan, R., Moran, T., Bentov, I.: How to use bitcoin to play decentralized poker. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 195–206. ACM (2015)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Consulted 1(2012), 28 (2008)
Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. (TISSEC) 6, 365–403 (2003)
Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)
Yao, A.C.-C.: Protocols for secure computations. In: FOCS, pp. 160–164. IEEE (1982)
Acknowledgment
Second author is supported by a research fellowship generously provided by Tata Consultancy Services (TCS). We thank the anonymous reviewers for their constructive comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Program prog and \(\textsf {prog}'\) for \(\mathcal {G}\)
A Program prog and \(\textsf {prog}'\) for \(\mathcal {G}\)
The algorithmic description of prog and \(\textsf {prog}'\) is given in Fig. 6.
Algorithmic descriptions of \(\textsf {prog}\) and \(\textsf {prog}'\). We get \(\textsf {prog}'\) by removing the boxed statements of \(\textsf {prog}\). Here, \(j=1\,-\,i\). It is parameterized by: a cut-off time \(\varDelta t\), the verification key \(\textsf {vk}_{\textsf {BB}}\) of Bulletin Board, a set of parties \(\mathcal {P}=\{P_0, P_1\}\), and the party index i. It uses the following primitives: commitment Com, the authenticated encryption scheme AE, a one-way function OWF, and the Bulletin Board BB (see Sect. 3 for more details). Here, the state variables are marked 
, and the variables that are not stored locally are marked 
. (Color figure online)
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Paul, S., Shrivastava, A. (2019). Efficient Fair Multiparty Protocols Using Blockchain and Trusted Hardware. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-30530-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30529-1
Online ISBN: 978-3-030-30530-7
eBook Packages: Computer ScienceComputer Science (R0)