We propose (and formally define) an extension of the model where, when an honest party detects cheating, it also receives a certificate that can be published and used to persuade other parties, without revealing any information about the honest party's input. In addition, malicious parties cannot create fake certificates in the attempt of framing innocents.
Finally, we construct a secure two-party computation protocol for any functionality $f$ that satisfies our definition, and our protocol is almost as efficient as the one of Aumann and Lindell. We believe that the fear of a public humiliation or even legal consequences vastly exceeds the deterrent given by standard covert security. Therefore, even a small value of the deterrent factor $\epsilon$ will suffice in discouraging any cheating attempt.
As the overall complexity of covert security and the parameter $\epsilon$ are inversely proportional to each other, we believe that the small price to pay to get the public verifiability property on top of covert security will be dominated by the efficiency gain obtained by using a smaller value $\epsilon$.Category / Keywords: foundations / secure computation, covert security Publication Info: Preliminary full version of an ASIACRYPT 2012 paper. Date: received 17 Dec 2012 Contact author: orlandi at cs au dk Available format(s): PDF | BibTeX Citation Note: This version fixes a technical problem in Section 3 of the proceeding version. Version: 20121218:130850 (All versions of this report) Short URL: ia.cr/2012/708 Discussion forum: Show discussion | Start new discussion