Paper 2015/064

Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation

Handan Kılınç and Alptekin Küpçü


Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are is under-studied field of research, with practical importance. In particular, we consider MFE scenarios where at the end of the protocol, either every participant receives every other participant’s item, or no participant receives anything. We analyze the case where a trusted third party (TTP) is optimistically available, although we emphasize that the trust put on the TTP is only regarding the fairness, and our protocols preserve the privacy of the exchanged items against the TTP. In the fair SMPC case, we prove that a malicious TTP can only harm fairness, but not security. We construct two asymptotically optimal multi-party fair exchange protocols that require a constant number of rounds (in comparison to linear) and O(n^2) messages (in comparison to cubic), where n is the number of participating parties. In one protocol, we enable the parties to efficiently exchange any item that can be efficiently put into a verifiable encryption (e.g., signatures on a contract). We show how to apply this protocol on top of any SMPC protocol to achieve fairness with very little overhead (independent of the circuit size), especially if the SMPC protocol works with arithmetic circuits. In our other protocol, we let the parties exchange any verifiable item, without the constraint that it must be efficiently put into a verifiable encryption (e.g., a file cannot be efficiently verifiably encrypted, but if its hash is known, once obtained, the file can be verified). We achieve this via the use of electronic payments, where if an item is not obtained, the payment of its owner will be obtained in return of the item that is sent. We then generalize our protocols to efficiently handle any exchange topology (participants exchange items with arbitrary other participants). Our protocols guarantee fairness in its strongest sense: even if all n-1 other participants are malicious and colluding with each other, the fairness is still guaranteed.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision. CT-RSA 2015
multi-party fair exchangefair computationoptimistic modelsecure multi-party computationelectronic payments
Contact author(s)
handan kilinc @ epfl ch
2019-03-07: last of 5 revisions
2015-01-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Handan Kılınç and Alptekin Küpçü},
      title = {Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation},
      howpublished = {Cryptology ePrint Archive, Paper 2015/064},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.