Byzantine Agreement with a Rational Adversary

Groce, Adam; Katz, Jonathan; Thiruvengadam, Aishwarya; Zikas, Vassilis

doi:10.1007/978-3-642-31585-5_50

Cited by 48 publications

(43 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Applications of cryptography to game theory include the works of [39,1,2,62]. More directly related to secure computation are the works of [75,57,58,55,60,88,71]. Protocols for multiparty lottery are also designed in [70,4,11].…”

Section: Related Workmentioning

confidence: 99%

How to Use Bitcoin to Design Fair Protocols

Bentov

Kumaresan

2014

Lecture Notes in Computer Science

272

252

View full text Add to dashboard Cite

We study a model of fairness in secure computation in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty. We then show how the Bitcoin network can be used to achieve the above notion of fairness in the two-party as well as the multiparty setting (with a dishonest majority). In particular, we propose new ideal functionalities and protocols for fair secure computation and fair lottery in this model.One of our main contributions is the definition of an ideal primitive, which we call F CR (CR stands for "claim-or-refund"), that formalizes and abstracts the exact properties we require from the Bitcoin network to achieve our goals. Naturally, this abstraction allows us to design fair protocols in a hybrid model in which parties have access to the F CR functionality, and is otherwise independent of the Bitcoin ecosystem. We also show an efficient realization of F CR that requires only two Bitcoin transactions to be made on the network.Our constructions also enjoy high efficiency. In a multiparty setting, our protocols only require a constant number of calls to F CR per party on top of a standard multiparty secure computation protocol. Our fair multiparty lottery protocol improves over previous solutions which required a quadratic number of Bitcoin transactions.

show abstract

Section: Related Workmentioning

confidence: 99%

How to Use Bitcoin to Design Fair Protocols

Bentov

Kumaresan

2014

Lecture Notes in Computer Science

272

252

View full text Add to dashboard Cite

show abstract

“…Much study has been devoted to rational secret sharing [20,1,14,24,25,27,28,3]. There are studies on other cryptographic primitives such as fair two-party computation [2,16], leader election [15], byzantine agreement [17], oblivious transfer [21], and commitment schemes [22]. Our work also can be seen as a study of rational cryptography.…”

Section: Related Workmentioning

confidence: 99%

Public-Key Encryption with Lazy Parties

Yasunaga

2016

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

In a public-key encryption scheme, if a sender is not concerned about the security of a message and is unwilling to generate costly randomness, the security of the encrypted message can be compromised. In this work, we characterize such lazy parties, who are regraded as honest parties, but are unwilling to perform a costly task when they are not concerned about the security. Specifically, we consider a rather simple setting in which the costly task is to generate randomness used in algorithms, and parties can choose either perfect randomness or a fixed string. We model lazy parties as rational players who behave rationally to maximize their utilities, and define a security game between the parties and an adversary. Since a standard secure encryption scheme does not work in the setting, we provide constructions of secure encryption schemes in various settings.

show abstract

“…Their model can be readily captured in our framework by assigning a negative payoff to the event of (identifiable) abort. In work closer in spirit to ours, Groce et al [GKTZ12] investigated the feasibility of Byzantine agreement (BA) in a setting where the parties are rational but are split into two categories: the "selfish corrupt" parties that have some known utility function representing potential attacks to BA, and the "honest" parties who wish to follow the protocol. Our model can be tuned (by appropriately instantiating the utility function) to formalize the results of [GKTZ12] in a simulation-based manner.…”

Section: Comparison To Prior Work On Rational Cryptographymentioning

confidence: 99%

“…In a recent work closer in spirit to our own, Groce at al. [GKTZ12] investigated feasibility of Byzantine Agreement (BA) in a setting where the parties are rational but are split in two categories: the "selfish corrupt" parties that have some known utility function representing potential attacks to BA, and the "honest" parties who are guaranteed to follow the protocol. Their results show how to circumvent well-established cryptographic impossibility results by making plausible assumptions on the knowledge of the corrupt parties' preferences, thus confirming the advantages of incorporating incentives in the model when building practical protocols.…”

Section: A Related Literaturementioning

confidence: 99%

Rational Protocol Design: Cryptography against Incentive-Driven Adversaries

Garay

Katz

Maurer

et al. 2013

2013 IEEE 54th Annual Symposium on Foundations of Computer Science

Self Cite

View full text Add to dashboard Cite

Existing work on "rational cryptographic protocols" treats each party (or coalition of parties) running the protocol as a selfish agent trying to maximize its utility. In this work we propose a fundamentally different approach that is better suited to modeling a protocol under attack from an external entity. Specifically, we consider a two-party game between an protocol designer and an external attacker. The goal of the attacker is to break security properties such as correctness or privacy, possibly by corrupting protocol participants; the goal of the protocol designer is to prevent the attacker from succeeding.We lay the theoretical groundwork for a study of cryptographic protocol design in this setting by providing a methodology for defining the problem within the traditional simulation paradigm. Our framework provides ways of reasoning about important cryptographic concepts (e.g., adaptive corruptions or attacks on communication resources) not handled by previous game-theoretic treatments of cryptography. We also prove composition theorems that-for the first time-provide a sound way to design rational protocols assuming "ideal communication resources" (e.g., broadcast or authenticated channels) and then instantiate these resources using standard cryptographic tools.Finally, we investigate the problem of secure function evaluation in our framework, where the attacker has to pay for each party it corrupts. Our results demonstrate how knowledge of the attacker's incentives can be used to circumvent known impossibility results in this setting.

show abstract

Byzantine Agreement with a Rational Adversary

Cited by 48 publications

References 19 publications

How to Use Bitcoin to Design Fair Protocols

How to Use Bitcoin to Design Fair Protocols

Public-Key Encryption with Lazy Parties

Rational Protocol Design: Cryptography against Incentive-Driven Adversaries

Contact Info

Product

Resources

About