Resource Fairness and Composability of Cryptographic Protocols
Identifieur interne : 000433 ( Istex/Corpus ); précédent : 000432; suivant : 000434Resource Fairness and Composability of Cryptographic Protocols
Auteurs : Juan A. Garay ; Philip Mackenzie ; Manoj Prabhakaran ; Ke YangSource :
- Journal of Cryptology [ 0933-2790 ] ; 2011-10-01.
English descriptors
- KwdEn :
Abstract
Abstract: We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.
Url:
DOI: 10.1007/s00145-010-9080-z
Links to Exploration step
ISTEX:930BABF39FBB2E3EAE04990275C702B3BC958C6DLe document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Resource Fairness and Composability of Cryptographic Protocols</title><author><name sortKey="Garay, Juan A" sort="Garay, Juan A" uniqKey="Garay J" first="Juan A." last="Garay">Juan A. Garay</name><affiliation><mods:affiliation>AT&T Labs—Research, Florham Park, NJ, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: garay@research.att.com</mods:affiliation></affiliation></author><author><name sortKey="Mackenzie, Philip" sort="Mackenzie, Philip" uniqKey="Mackenzie P" first="Philip" last="Mackenzie">Philip Mackenzie</name><affiliation><mods:affiliation>Google Inc., Mountain View, CA, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: philmac@google.com</mods:affiliation></affiliation></author><author><name sortKey="Prabhakaran, Manoj" sort="Prabhakaran, Manoj" uniqKey="Prabhakaran M" first="Manoj" last="Prabhakaran">Manoj Prabhakaran</name><affiliation><mods:affiliation>Computer Science Department, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: mmp@uiuc.edu</mods:affiliation></affiliation></author><author><name sortKey="Yang, Ke" sort="Yang, Ke" uniqKey="Yang K" first="Ke" last="Yang">Ke Yang</name><affiliation><mods:affiliation>Google Inc., Mountain View, CA, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: yangke@google.com</mods:affiliation></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:930BABF39FBB2E3EAE04990275C702B3BC958C6D</idno><date when="2010" year="2010">2010</date><idno type="doi">10.1007/s00145-010-9080-z</idno><idno type="url">https://api.istex.fr/document/930BABF39FBB2E3EAE04990275C702B3BC958C6D/fulltext/pdf</idno><idno type="wicri:Area/Istex/Corpus">000433</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">000433</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Resource Fairness and Composability of Cryptographic Protocols</title><author><name sortKey="Garay, Juan A" sort="Garay, Juan A" uniqKey="Garay J" first="Juan A." last="Garay">Juan A. Garay</name><affiliation><mods:affiliation>AT&T Labs—Research, Florham Park, NJ, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: garay@research.att.com</mods:affiliation></affiliation></author><author><name sortKey="Mackenzie, Philip" sort="Mackenzie, Philip" uniqKey="Mackenzie P" first="Philip" last="Mackenzie">Philip Mackenzie</name><affiliation><mods:affiliation>Google Inc., Mountain View, CA, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: philmac@google.com</mods:affiliation></affiliation></author><author><name sortKey="Prabhakaran, Manoj" sort="Prabhakaran, Manoj" uniqKey="Prabhakaran M" first="Manoj" last="Prabhakaran">Manoj Prabhakaran</name><affiliation><mods:affiliation>Computer Science Department, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: mmp@uiuc.edu</mods:affiliation></affiliation></author><author><name sortKey="Yang, Ke" sort="Yang, Ke" uniqKey="Yang K" first="Ke" last="Yang">Ke Yang</name><affiliation><mods:affiliation>Google Inc., Mountain View, CA, USA</mods:affiliation></affiliation><affiliation><mods:affiliation>E-mail: yangke@google.com</mods:affiliation></affiliation></author></analytic><monogr></monogr><series><title level="j">Journal of Cryptology</title><title level="j" type="abbrev">J Cryptol</title><idno type="ISSN">0933-2790</idno><idno type="eISSN">1432-1378</idno><imprint><publisher>Springer-Verlag</publisher><pubPlace>New York</pubPlace><date type="published" when="2011-10-01">2011-10-01</date><biblScope unit="volume">24</biblScope><biblScope unit="issue">4</biblScope><biblScope unit="page" from="615">615</biblScope><biblScope unit="page" to="658">658</biblScope></imprint><idno type="ISSN">0933-2790</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0933-2790</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Cryptographic protocols</term><term>Fairness</term><term>Secure multi-party computation</term><term>Security models and definitions</term><term>Universal composability</term></keywords></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.</div></front></TEI><istex><corpusName>springer-journals</corpusName><author><json:item><name>Juan A. Garay</name><affiliations><json:string>AT&T Labs—Research, Florham Park, NJ, USA</json:string><json:string>E-mail: garay@research.att.com</json:string></affiliations></json:item><json:item><name>Philip MacKenzie</name><affiliations><json:string>Google Inc., Mountain View, CA, USA</json:string><json:string>E-mail: philmac@google.com</json:string></affiliations></json:item><json:item><name>Manoj Prabhakaran</name><affiliations><json:string>Computer Science Department, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL, USA</json:string><json:string>E-mail: mmp@uiuc.edu</json:string></affiliations></json:item><json:item><name>Ke Yang</name><affiliations><json:string>Google Inc., Mountain View, CA, USA</json:string><json:string>E-mail: yangke@google.com</json:string></affiliations></json:item></author><subject><json:item><lang><json:string>eng</json:string></lang><value>Secure multi-party computation</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>Fairness</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>Security models and definitions</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>Universal composability</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>Cryptographic protocols</value></json:item></subject><articleId><json:string>9080</json:string><json:string>s00145-010-9080-z</json:string></articleId><arkIstex>ark:/67375/VQC-TC2S8PNN-F</arkIstex><language><json:string>eng</json:string></language><originalGenre><json:string>OriginalPaper</json:string></originalGenre><abstract>Abstract: We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.</abstract><qualityIndicators><refBibsNative>false</refBibsNative><abstractWordCount>260</abstractWordCount><abstractCharCount>1779</abstractCharCount><keywordCount>5</keywordCount><score>10</score><pdfWordCount>23436</pdfWordCount><pdfCharCount>118676</pdfCharCount><pdfVersion>1.4</pdfVersion><pdfPageCount>44</pdfPageCount><pdfPageSize>439.37 x 666.142 pts</pdfPageSize></qualityIndicators><title>Resource Fairness and Composability of Cryptographic Protocols</title><genre><json:string>research-article</json:string></genre><host><title>Journal of Cryptology</title><language><json:string>unknown</json:string></language><publicationDate>2011</publicationDate><copyrightDate>2011</copyrightDate><issn><json:string>0933-2790</json:string></issn><eissn><json:string>1432-1378</json:string></eissn><journalId><json:string>145</json:string></journalId><volume>24</volume><issue>4</issue><pages><first>615</first><last>658</last></pages><genre><json:string>journal</json:string></genre><subject><json:item><value>Communications Engineering, Networks</value></json:item><json:item><value>Combinatorics</value></json:item><json:item><value>Probability Theory and Stochastic Processes</value></json:item><json:item><value>Coding and Information Theory</value></json:item><json:item><value>Computational Mathematics and Numerical Analysis</value></json:item></subject></host><ark><json:string>ark:/67375/VQC-TC2S8PNN-F</json:string></ark><publicationDate>2011</publicationDate><copyrightDate>2010</copyrightDate><doi><json:string>10.1007/s00145-010-9080-z</json:string></doi><id>930BABF39FBB2E3EAE04990275C702B3BC958C6D</id><score>1</score><fulltext><json:item><extension>pdf</extension><original>true</original><mimetype>application/pdf</mimetype><uri>https://api.istex.fr/document/930BABF39FBB2E3EAE04990275C702B3BC958C6D/fulltext/pdf</uri></json:item><json:item><extension>zip</extension><original>false</original><mimetype>application/zip</mimetype><uri>https://api.istex.fr/document/930BABF39FBB2E3EAE04990275C702B3BC958C6D/fulltext/zip</uri></json:item><json:item><extension>txt</extension><original>false</original><mimetype>text/plain</mimetype><uri>https://api.istex.fr/document/930BABF39FBB2E3EAE04990275C702B3BC958C6D/fulltext/txt</uri></json:item><istex:fulltextTEI uri="https://api.istex.fr/document/930BABF39FBB2E3EAE04990275C702B3BC958C6D/fulltext/tei"><teiHeader><fileDesc><titleStmt><title level="a" type="main" xml:lang="en">Resource Fairness and Composability of Cryptographic Protocols</title></titleStmt><publicationStmt><authority>ISTEX</authority><publisher scheme="https://scientific-publisher.data.istex.fr">Springer-Verlag</publisher><pubPlace>New York</pubPlace><availability><licence><p>International Association for Cryptologic Research, 2010</p></licence><p scheme="https://loaded-corpus.data.istex.fr/ark:/67375/XBH-3XSW68JL-F">springer</p></availability><date>2008-02-08</date></publicationStmt><notesStmt><note type="research-article" scheme="https://content-type.data.istex.fr/ark:/67375/XTP-1JC4F85T-7">research-article</note><note type="journal" scheme="https://publication-type.data.istex.fr/ark:/67375/JMC-0GLKJH51-B">journal</note></notesStmt><sourceDesc><biblStruct type="inbook"><analytic><title level="a" type="main" xml:lang="en">Resource Fairness and Composability of Cryptographic Protocols</title><author xml:id="author-0000"><persName><forename type="first">Juan</forename><surname>Garay</surname></persName><email>garay@research.att.com</email><affiliation>AT&T Labs—Research, Florham Park, NJ, USA</affiliation></author><author xml:id="author-0001"><persName><forename type="first">Philip</forename><surname>MacKenzie</surname></persName><email>philmac@google.com</email><affiliation>Google Inc., Mountain View, CA, USA</affiliation></author><author xml:id="author-0002" corresp="yes"><persName><forename type="first">Manoj</forename><surname>Prabhakaran</surname></persName><email>mmp@uiuc.edu</email><affiliation>Computer Science Department, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL, USA</affiliation></author><author xml:id="author-0003"><persName><forename type="first">Ke</forename><surname>Yang</surname></persName><email>yangke@google.com</email><affiliation>Google Inc., Mountain View, CA, USA</affiliation></author><idno type="istex">930BABF39FBB2E3EAE04990275C702B3BC958C6D</idno><idno type="ark">ark:/67375/VQC-TC2S8PNN-F</idno><idno type="DOI">10.1007/s00145-010-9080-z</idno><idno type="article-id">9080</idno><idno type="article-id">s00145-010-9080-z</idno></analytic><monogr><title level="j">Journal of Cryptology</title><title level="j" type="abbrev">J Cryptol</title><idno type="pISSN">0933-2790</idno><idno type="eISSN">1432-1378</idno><idno type="journal-ID">true</idno><idno type="issue-article-count">5</idno><idno type="volume-issue-count">4</idno><imprint><publisher>Springer-Verlag</publisher><pubPlace>New York</pubPlace><date type="published" when="2011-10-01"></date><biblScope unit="volume">24</biblScope><biblScope unit="issue">4</biblScope><biblScope unit="page" from="615">615</biblScope><biblScope unit="page" to="658">658</biblScope></imprint></monogr></biblStruct></sourceDesc></fileDesc><profileDesc><creation><date>2008-02-08</date></creation><langUsage><language ident="en">en</language></langUsage><abstract xml:lang="en"><p>Abstract: We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.</p></abstract><textClass xml:lang="en"><keywords scheme="keyword"><list><head>Key words</head><item><term>Secure multi-party computation</term></item><item><term>Fairness</term></item><item><term>Security models and definitions</term></item><item><term>Universal composability</term></item><item><term>Cryptographic protocols</term></item></list></keywords></textClass><textClass><keywords scheme="Journal Subject"><list><head>Computer Science</head><item><term>Communications Engineering, Networks</term></item><item><term>Combinatorics</term></item><item><term>Probability Theory and Stochastic Processes</term></item><item><term>Coding and Information Theory</term></item><item><term>Computational Mathematics and Numerical Analysis</term></item></list></keywords></textClass></profileDesc><revisionDesc><change when="2008-02-08">Created</change><change when="2011-10-01">Published</change></revisionDesc></teiHeader></istex:fulltextTEI></fulltext><metadata><istex:metadataXml wicri:clean="corpus springer-journals not found" wicri:toSee="no header"><istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration><istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType><istex:document><Publisher><PublisherInfo><PublisherName>Springer-Verlag</PublisherName><PublisherLocation>New York</PublisherLocation></PublisherInfo><Journal OutputMedium="All"><JournalInfo JournalProductType="NonStandardArchiveJournal" NumberingStyle="ContentOnly"><JournalID>145</JournalID><JournalPrintISSN>0933-2790</JournalPrintISSN><JournalElectronicISSN>1432-1378</JournalElectronicISSN><JournalTitle>Journal of Cryptology</JournalTitle><JournalAbbreviatedTitle>J Cryptol</JournalAbbreviatedTitle><JournalSubjectGroup><JournalSubject Type="Primary">Computer Science</JournalSubject><JournalSubject Type="Secondary">Communications Engineering, Networks</JournalSubject><JournalSubject Type="Secondary">Combinatorics</JournalSubject><JournalSubject Type="Secondary">Probability Theory and Stochastic Processes</JournalSubject><JournalSubject Type="Secondary">Coding and Information Theory</JournalSubject><JournalSubject Type="Secondary">Computational Mathematics and Numerical Analysis</JournalSubject></JournalSubjectGroup></JournalInfo><Volume OutputMedium="All"><VolumeInfo TocLevels="0" VolumeType="Regular"><VolumeIDStart>24</VolumeIDStart><VolumeIDEnd>24</VolumeIDEnd><VolumeIssueCount>4</VolumeIssueCount></VolumeInfo><Issue IssueType="Regular" OutputMedium="All"><IssueInfo IssueType="Regular" TocLevels="0"><IssueIDStart>4</IssueIDStart><IssueIDEnd>4</IssueIDEnd><IssueArticleCount>5</IssueArticleCount><IssueHistory><OnlineDate><Year>2011</Year><Month>9</Month><Day>9</Day></OnlineDate><PrintDate><Year>2011</Year><Month>9</Month><Day>8</Day></PrintDate><CoverDate><Year>2011</Year><Month>10</Month></CoverDate><PricelistYear>2011</PricelistYear></IssueHistory><IssueCopyright><CopyrightHolderName>International Association for Cryptologic Research</CopyrightHolderName><CopyrightYear>2011</CopyrightYear></IssueCopyright></IssueInfo><Article ID="s00145-010-9080-z" OutputMedium="All"><ArticleInfo ArticleType="OriginalPaper" ContainsESM="No" Language="En" NumberingStyle="ContentOnly" TocLevels="0"><ArticleID>9080</ArticleID><ArticleDOI>10.1007/s00145-010-9080-z</ArticleDOI><ArticleSequenceNumber>1</ArticleSequenceNumber><ArticleTitle Language="En">Resource Fairness and Composability of Cryptographic Protocols</ArticleTitle><ArticleFirstPage>615</ArticleFirstPage><ArticleLastPage>658</ArticleLastPage><ArticleHistory><RegistrationDate><Year>2010</Year><Month>8</Month><Day>24</Day></RegistrationDate><Received><Year>2008</Year><Month>2</Month><Day>8</Day></Received><OnlineDate><Year>2010</Year><Month>9</Month><Day>21</Day></OnlineDate></ArticleHistory><ArticleEditorialResponsibility>Canetti</ArticleEditorialResponsibility><ArticleCopyright><CopyrightHolderName>International Association for Cryptologic Research</CopyrightHolderName><CopyrightYear>2010</CopyrightYear></ArticleCopyright><ArticleGrants Type="Regular"><MetadataGrant Grant="OpenAccess"></MetadataGrant><AbstractGrant Grant="OpenAccess"></AbstractGrant><BodyPDFGrant Grant="Restricted"></BodyPDFGrant><BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant><BibliographyGrant Grant="Restricted"></BibliographyGrant><ESMGrant Grant="Restricted"></ESMGrant></ArticleGrants></ArticleInfo><ArticleHeader><AuthorGroup><Author AffiliationIDS="Aff1"><AuthorName DisplayOrder="Western"><GivenName>Juan</GivenName><GivenName>A.</GivenName><FamilyName>Garay</FamilyName></AuthorName><Contact><Email>garay@research.att.com</Email></Contact></Author><Author AffiliationIDS="Aff2"><AuthorName DisplayOrder="Western"><GivenName>Philip</GivenName><FamilyName>MacKenzie</FamilyName></AuthorName><Contact><Email>philmac@google.com</Email></Contact></Author><Author AffiliationIDS="Aff3" CorrespondingAffiliationID="Aff3"><AuthorName DisplayOrder="Western"><GivenName>Manoj</GivenName><FamilyName>Prabhakaran</FamilyName></AuthorName><Contact><Email>mmp@uiuc.edu</Email></Contact></Author><Author AffiliationIDS="Aff4"><AuthorName DisplayOrder="Western"><GivenName>Ke</GivenName><FamilyName>Yang</FamilyName></AuthorName><Contact><Email>yangke@google.com</Email></Contact></Author><Affiliation ID="Aff1"><OrgName>AT&T Labs—Research</OrgName><OrgAddress><City>Florham Park</City><State>NJ</State><Country Code="US">USA</Country></OrgAddress></Affiliation><Affiliation ID="Aff2"><OrgName>Google Inc.</OrgName><OrgAddress><City>Mountain View</City><State>CA</State><Country Code="US">USA</Country></OrgAddress></Affiliation><Affiliation ID="Aff3"><OrgDivision>Computer Science Department</OrgDivision><OrgName>University of Illinois at Urbana-Champaign</OrgName><OrgAddress><City>Urbana-Champaign</City><State>IL</State><Country Code="US">USA</Country></OrgAddress></Affiliation><Affiliation ID="Aff4"><OrgName>Google Inc.</OrgName><OrgAddress><City>Mountain View</City><State>CA</State><Country Code="US">USA</Country></OrgAddress></Affiliation></AuthorGroup><Abstract ID="Abs1" Language="En" OutputMedium="All"><Heading>Abstract</Heading><Para>We introduce the notion of <Emphasis Type="Italic">resource-fair</Emphasis> protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort.</Para><Para>In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed.</Para><Para>Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.</Para></Abstract><KeywordGroup Language="En"><Heading>Key words</Heading><Keyword>Secure multi-party computation</Keyword><Keyword>Fairness</Keyword><Keyword>Security models and definitions</Keyword><Keyword>Universal composability</Keyword><Keyword>Cryptographic protocols</Keyword></KeywordGroup><ArticleNote Type="CommunicatedBy"><SimplePara>Communicated by Ran Canetti</SimplePara></ArticleNote><ArticleNote Type="Misc"><SimplePara>A preliminary version of this paper appeared in <Emphasis Type="Italic">Proc. 3th Theory of Cryptography Conference</Emphasis> (<Emphasis Type="Italic">TCC’06</Emphasis>).</SimplePara></ArticleNote></ArticleHeader><NoBody></NoBody></Article></Issue></Volume></Journal></Publisher></istex:document></istex:metadataXml><mods version="3.6"><titleInfo lang="en"><title>Resource Fairness and Composability of Cryptographic Protocols</title></titleInfo><titleInfo type="alternative" contentType="CDATA"><title>Resource Fairness and Composability of Cryptographic Protocols</title></titleInfo><name type="personal"><namePart type="given">Juan</namePart><namePart type="given">A.</namePart><namePart type="family">Garay</namePart><affiliation>AT&T Labs—Research, Florham Park, NJ, USA</affiliation><affiliation>E-mail: garay@research.att.com</affiliation><role><roleTerm type="text">author</roleTerm></role></name><name type="personal"><namePart type="given">Philip</namePart><namePart type="family">MacKenzie</namePart><affiliation>Google Inc., Mountain View, CA, USA</affiliation><affiliation>E-mail: philmac@google.com</affiliation><role><roleTerm type="text">author</roleTerm></role></name><name type="personal" displayLabel="corresp"><namePart type="given">Manoj</namePart><namePart type="family">Prabhakaran</namePart><affiliation>Computer Science Department, University of Illinois at Urbana-Champaign, Urbana-Champaign, IL, USA</affiliation><affiliation>E-mail: mmp@uiuc.edu</affiliation><role><roleTerm type="text">author</roleTerm></role></name><name type="personal"><namePart type="given">Ke</namePart><namePart type="family">Yang</namePart><affiliation>Google Inc., Mountain View, CA, USA</affiliation><affiliation>E-mail: yangke@google.com</affiliation><role><roleTerm type="text">author</roleTerm></role></name><typeOfResource>text</typeOfResource><genre type="research-article" displayLabel="OriginalPaper" authority="ISTEX" authorityURI="https://content-type.data.istex.fr" valueURI="https://content-type.data.istex.fr/ark:/67375/XTP-1JC4F85T-7">research-article</genre><originInfo><publisher>Springer-Verlag</publisher><place><placeTerm type="text">New York</placeTerm></place><dateCreated encoding="w3cdtf">2008-02-08</dateCreated><dateIssued encoding="w3cdtf">2011-10-01</dateIssued><copyrightDate encoding="w3cdtf">2010</copyrightDate></originInfo><language><languageTerm type="code" authority="rfc3066">en</languageTerm><languageTerm type="code" authority="iso639-2b">eng</languageTerm></language><abstract lang="en">Abstract: We introduce the notion of resource-fair protocols. Informally, this property states that if one party learns the output of the protocol, then so can all other parties, as long as they expend roughly the same amount of resources. As opposed to previously proposed definitions related to fairness, our definition follows the standard simulation paradigm and enjoys strong composability properties. In particular, our definition is similar to the security definition in the universal composability (UC) framework, but works in a model that allows any party to request additional resources from the environment to deal with dishonest parties that may prematurely abort. In this model we specify the ideally fair functionality as allowing parties to “invest resources” in return for outputs, but in such an event offering all other parties a fair deal. (The formulation of fair dealings is kept independent of any particular functionality, by defining it using a “wrapper.”) Thus, by relaxing the notion of fairness, we avoid a well-known impossibility result for fair multi-party computation with corrupted majority; in particular, our definition admits constructions that tolerate arbitrary number of corruptions. We also show that, as in the UC framework, protocols in our framework may be arbitrarily and concurrently composed. Turning to constructions, we define a “commit-prove-fair-open” functionality and design an efficient resource-fair protocol that securely realizes it, using a new variant of a cryptographic primitive known as “time-lines.” With (the fairly wrapped version of) this functionality we show that some of the existing secure multi-party computation protocols can be easily transformed into resource-fair protocols while preserving their security.</abstract><subject lang="en"><genre>Key words</genre><topic>Secure multi-party computation</topic><topic>Fairness</topic><topic>Security models and definitions</topic><topic>Universal composability</topic><topic>Cryptographic protocols</topic></subject><relatedItem type="host"><titleInfo><title>Journal of Cryptology</title></titleInfo><titleInfo type="abbreviated"><title>J Cryptol</title></titleInfo><genre type="journal" authority="ISTEX" authorityURI="https://publication-type.data.istex.fr" valueURI="https://publication-type.data.istex.fr/ark:/67375/JMC-0GLKJH51-B">journal</genre><originInfo><publisher>Springer</publisher><dateIssued encoding="w3cdtf">2011-09-09</dateIssued><copyrightDate encoding="w3cdtf">2011</copyrightDate></originInfo><subject><genre>Computer Science</genre><topic>Communications Engineering, Networks</topic><topic>Combinatorics</topic><topic>Probability Theory and Stochastic Processes</topic><topic>Coding and Information Theory</topic><topic>Computational Mathematics and Numerical Analysis</topic></subject><identifier type="ISSN">0933-2790</identifier><identifier type="eISSN">1432-1378</identifier><identifier type="JournalID">145</identifier><identifier type="IssueArticleCount">5</identifier><identifier type="VolumeIssueCount">4</identifier><part><date>2011</date><detail type="volume"><number>24</number><caption>vol.</caption></detail><detail type="issue"><number>4</number><caption>no.</caption></detail><extent unit="pages"><start>615</start><end>658</end></extent></part><recordInfo><recordOrigin>International Association for Cryptologic Research, 2011</recordOrigin></recordInfo></relatedItem><identifier type="istex">930BABF39FBB2E3EAE04990275C702B3BC958C6D</identifier><identifier type="ark">ark:/67375/VQC-TC2S8PNN-F</identifier><identifier type="DOI">10.1007/s00145-010-9080-z</identifier><identifier type="ArticleID">9080</identifier><identifier type="ArticleID">s00145-010-9080-z</identifier><accessCondition type="use and reproduction" contentType="copyright">International Association for Cryptologic Research, 2010</accessCondition><recordInfo><recordContentSource authority="ISTEX" authorityURI="https://loaded-corpus.data.istex.fr" valueURI="https://loaded-corpus.data.istex.fr/ark:/67375/XBH-3XSW68JL-F">springer</recordContentSource><recordOrigin>International Association for Cryptologic Research, 2010</recordOrigin></recordInfo></mods><json:item><extension>json</extension><original>false</original><mimetype>application/json</mimetype><uri>https://api.istex.fr/document/930BABF39FBB2E3EAE04990275C702B3BC958C6D/metadata/json</uri></json:item></metadata><serie></serie></istex></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Mathematiques/explor/SophieGermainV1/Data/Istex/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000433 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 000433 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Mathematiques
|area= SophieGermainV1
|flux= Istex
|étape= Corpus
|type= RBID
|clé= ISTEX:930BABF39FBB2E3EAE04990275C702B3BC958C6D
|texte= Resource Fairness and Composability of Cryptographic Protocols
}}
| This area was generated with Dilib version V0.6.33. |  |