Paper 2021/095

Collusion-Deterrent Threshold Information Escrow

Easwar Vivek Mangipudi and Donghang Lu and Aniket Kate

Abstract

Timed-release encryption (TRE) is a prominent distributed way for sending messages to the future. Beyond its applications to e- voting and auctions, TRE can be easily generalized to a threshold information escrow (TIE) service, where a user can encrypt her message to any condition instead of just expiration of time as in TRE. Nevertheless, TRE and by extension TIE realized using threshold es- crow agents is vulnerable to premature, selective, and undetectable unlocking of messages through collusion among curious agents offering the service. This work presents a novel provably secure TIE scheme where any collusion attempt among the escrow agents offering the service towards premature decryption results in penalization through a loss of cryptocurrency and getting banned from the system. The proposed collusion-deterrent escrow (CDE) scheme intro- duces a novel incentive-penalty mechanism using a user-induced in- formation asymmetry among the agents such that they stay honest until the user-specified condition for decryption is met. In particular, each agent makes an escrow deposit before the start of the protocol such that the cryptocurrency deposit amount is transferred back to the agent when the condition specified by the user is met or can be transferred by anyone who holds the secret key corresponding to the public key of the protocol instance. CDE offers information escrow as a service and ensures that whenever the agents collude to decrypt the user data before the condition is met, there would be at least one whistle-blower agent who can withdraw/transfer the deposits of all other agents thereby penalizing them. We analyse the CDE protocol and model collusion as a game induced among rational agents offering the service and show in game-theoretic terms that the agents do not collude at equilibrium. We also present a prototype implementation of the CDE protocol and demonstrate its efficiency towards use in practice. We find this work to be an important step towards weakening the strong non-collusion assumptions across multi-party computation applications.