Paper 2014/129

How to Use Bitcoin to Design Fair Protocols

Iddo Bentov and Ranjit Kumaresan

Abstract

We study a model of fairness in secure computation in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty. We then show how the Bitcoin network can be used to achieve the above notion of fairness in the two-party as well as the multiparty setting (with a dishonest majority). In particular, we propose new ideal functionalities and protocols for fair secure computation and fair lottery in this model. One of our main contributions is the definition of an ideal primitive, which we call $\mathcal{F}_{\mathrm{CR}}^\star$ ($\mathrm{CR}$ stands for ``claim-or-refund''), that formalizes and abstracts the exact properties we require from the Bitcoin network to achieve our goals. Naturally, this abstraction allows us to design fair protocols in a hybrid model in which parties have access to the $\mathcal{F}_{\mathrm{CR}}^\star$ functionality, and is otherwise independent of the Bitcoin ecosystem. We also show an efficient realization of $\mathcal{F}_{\mathrm{CR}}^\star$ that requires only two Bitcoin transactions to be made on the network. Our constructions also enjoy high efficiency. In a multiparty setting, our protocols only require a constant number of calls to $\mathcal{F}_{\mathrm{CR}}^\star$ per party on top of a standard multiparty secure computation protocol. Our fair multiparty lottery protocol improves over previous solutions which required a quadratic number of Bitcoin transactions.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
fair exchangesecure computationBitcoin
Contact author(s)
idddo @ cs technion ac il
History
2014-02-24: received
Short URL
https://ia.cr/2014/129
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/129,
      author = {Iddo Bentov and Ranjit Kumaresan},
      title = {How to Use Bitcoin to Design Fair Protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/129},
      year = {2014},
      url = {https://eprint.iacr.org/2014/129}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.