Cryptology ePrint Archive: Report 2008/206
Partial Fairness in Secure Two-Party Computation
Dov Gordon and Jonathan Katz
Abstract: A seminal result of Cleve (STOC '86) is that, in general, complete fairness is impossible to achieve in two-party computation. In light of this, various techniques for obtaining partial fairness have been suggested in the literature. We propose a definition of partial fairness within the standard real-/ideal-world paradigm that addresses deficiencies of prior definitions. We also show broad feasibility results with respect to our definition: partial fairness is possible for any (randomized) functionality $f:X \times Y \rightarrow Z^1 \times Z^2$ at least one of whose domains or ranges is polynomial in size. Our protocols are always private, and when one of the domains has polynomial size our protocols also simultaneously achieve the usual notion of security with abort. In contrast to some prior work, we rely on standard assumptions only.
We also show that, as far as general feasibility is concerned, our results are optimal. Specifically, there exist functions with super-polynomial domains and ranges for which it is impossible to achieve our definition.
Category / Keywords: cryptographic protocols / Secure computation, fairness
Publication Info: Eurocrypt 2010
Date: received 9 May 2008, last revised 4 Aug 2010
Contact author: jkatz at cs umd edu
Available formats: PDF | BibTeX Citation
Note: Added Section 4.1
Version: 20100805:022801 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]