Cryptology ePrint Archive: Report 2008/206

Partial Fairness in Secure Two-Party Computation

Dov Gordon and Jonathan Katz

Abstract: A seminal result of Cleve (STOC '86) is that, in general, complete fairness is impossible to achieve in two-party computation. In light of this, various techniques for obtaining partial fairness have been suggested in the literature. We propose a definition of partial fairness within the standard real-/ideal-world paradigm that addresses deficiencies of prior definitions. We also show broad feasibility results with respect to our definition: partial fairness is possible for any (randomized) functionality $f:X \times Y \rightarrow Z^1 \times Z^2$ at least one of whose domains or ranges is polynomial in size. Our protocols are always private, and when one of the domains has polynomial size our protocols also simultaneously achieve the usual notion of security with abort. In contrast to some prior work, we rely on standard assumptions only.

We also show that, as far as general feasibility is concerned, our results are optimal. Specifically, there exist functions with super-polynomial domains and ranges for which it is impossible to achieve our definition.

Category / Keywords: cryptographic protocols / Secure computation, fairness

Publication Info: Eurocrypt 2010

Date: received 9 May 2008, last revised 4 Aug 2010

Contact author: jkatz at cs umd edu

Available format(s): PDF | BibTeX Citation

Note: Added Section 4.1

Version: 20100805:022801 (All versions of this report)

Short URL: ia.cr/2008/206

Discussion forum: Show discussion | Start new discussion