Cryptology ePrint Archive: Report 2015/064

Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation

Handan Kılın and Alptekin Kp

Abstract: Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are is under-studied field of research, with practical importance. In particular, we consider MFE scenarios where at the end of the protocol, either every participant receives every other participants item, or no participant receives anything. We analyze the case where a trusted third party (TTP) is optimistically available, although we emphasize that the trust put on the TTP is only regarding the fairness, and our protocols preserve the privacy of the exchanged items against the TTP. In the fair SMPC case, we prove that a malicious TTP can only harm fairness, but not security. We construct two asymptotically optimal multi-party fair exchange protocols that require a constant number of rounds (in comparison to linear) and O(n^2) messages (in comparison to cubic), where n is the number of participating parties. In one protocol, we enable the parties to efficiently exchange any item that can be efficiently put into a verifiable encryption (e.g., signatures on a contract). We show how to apply this protocol on top of any SMPC protocol to achieve fairness with very little overhead (independent of the circuit size), especially if the SMPC protocol works with arithmetic circuits. In our other protocol, we let the parties exchange any verifiable item, without the constraint that it must be efficiently put into a verifiable encryption (e.g., a file cannot be efficiently verifiably encrypted, but if its hash is known, once obtained, the file can be verified). We achieve this via the use of electronic payments, where if an item is not obtained, the payment of its owner will be obtained in return of the item that is sent. We then generalize our protocols to efficiently handle any exchange topology (participants exchange items with arbitrary other participants). Our protocols guarantee fairness in its strongest sense: even if all n-1 other participants are malicious and colluding with each other, the fairness is still guaranteed.

Category / Keywords: cryptographic protocols / multi-party fair exchange, fair computation, optimistic model, secure multi-party computation, electronic payments

Original Publication (with major differences): CT-RSA 2015

Date: received 28 Jan 2015, last revised 7 Mar 2019

Contact author: handan kilinc at epfl ch

Available format(s): PDF | BibTeX Citation

Version: 20190307:174130 (All versions of this report)

Short URL: ia.cr/2015/064


[ Cryptology ePrint archive ]