On the Classification of Finite Boolean Functions up to Fairness

Makriyannis, Nikolaos

doi:10.1007/978-3-319-10879-7_9

Cited by 24 publications

(24 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This requirement of guaranteed output delivery is significantly stringent, and Cleve [14] demonstrated a computationally efficient attack strategy that alters the output-distribution by O(1/n), i.e., any protocol is O(1/n) unfair. Defining fairness and constructing fair protocols for general functionalities has been a field of highly influential research [21,22,9,5,3,28,4]. This interest stems primarily from the fact that fairness is a desirable attribute for secure-computation protocols in real-world applications.…”

Section: Application 2: Fail-stop Attacks On Coin-tossing/dice-rollinmentioning

confidence: 99%

Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions and Hardness

Khorasgani

Maji

Mukherjee

2019

Theory of Cryptography

View full text Add to dashboard Cite

Consider the representative task of designing a distributed coin-tossing protocol for n processors such that the probability of heads is X0 ∈ [0, 1], and an adversary can reset one processor to change the distribution of the final outcome. For X0 = 1/2, in the non-cryptographic setting, no adversary can deviate the probability of the outcome of the well-known Blum's "majority protocol" by more than 1 √ 2πn , i.e., it is 1 √ 2πn insecure. For computationally bounded adversaries and any X0 ∈ [0, 1], the protocol of Moran, Naor, and Segev (2009) is only O 1 n insecure. In this paper, we study discrete-time martingales (X0, X1, . . . , Xn) such that Xi ∈ [0, 1], for all i ∈ {0, . . . , n}, and Xn ∈ {0, 1}. These martingales are commonplace in modeling stochastic processes like coin-tossing protocols in the non-cryptographic setting mentioned above. In particular, for any X0 ∈ [0, 1], we construct martingales that yield 1 2 X 0 (1−X 0 ) n insecure coin-tossing protocols with n-bit communication; irrespective of the number of bits required to represent the output distribution. Note that for sufficiently small X0, we achieve higher security than Moran et al.'s protocol even against computationally unbounded adversaries. For X0 = 1/2, our protocol requires only 40% of the processors to achieve the same security as the majority protocol.The technical heart of our paper is a new inductive technique that uses geometric transformations to precisely account for the large gaps in these martingales. For any X0 ∈ [0, 1], we show that there exists a stopping time τ such thatThe inductive technique simultaneously constructs martingales that demonstrate the optimality of our bound, i.e., a martingale where the gap corresponding to any stopping time is small. In particular, we construct optimal martingales such that any stopping time τ hasOur lower-bound holds for all X0 ∈ [0, 1]; while the previous bound of Cleve and Impagliazzo (1993) exists only for positive constant X0. Conceptually, our approach only employs elementary techniques to analyze these martingales and entirely circumvents the complex probabilistic tools inherent to the approaches of Cleve and Impagliazzo (1993) and Beimel, Haitner, Makriyannis, and Omri (2018). By appropriately restricting the set of possible stopping-times, we present representative applications to constructing distributed coin-tossing/dice-rolling protocols, discrete control processes, fail-stop attacking coin-tossing/dice-rolling protocols, and black-box separations. ACM Subject ClassificationMathematics of computing → Markov processes; Security and privacy → Information-theoretic techniques; Security and privacy → Mathematical foundations of cryptography 2 Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions & Hardness

show abstract

Section: Application 2: Fail-stop Attacks On Coin-tossing/dice-rollinmentioning

confidence: 99%

Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions and Hardness

Khorasgani

Maji

Mukherjee

2019

Theory of Cryptography

View full text Add to dashboard Cite

show abstract

“…Gordon et al [11] re-opened the question of characterizing fairness in secure two-party and multiparty computation. This question was studied in a sequence of works [2,4,14]. Asharov, Lindell, and Rabin [4] focused on the work of Cleve [8] and fully identified the functions that imply fair coin tossing, and are thus ruled out by Cleve's impossibility.…”

Section: Previous Workmentioning

confidence: 99%

“…Makriyannis [14] has recently shown that the class of functions that by [2] cannot be compute fairly using the GHKL protocol is inherently unfair. He showed a beautiful reduction from sampling functionalities, for which fair computation had already been ruled out in [1], to any function in this class.…”

Section: Previous Workmentioning

confidence: 99%

“…Indeed, in this class of functions, the influence that each party exerts over the output in the ideal world is somewhat the same. However, the works of [2,14] left the aforementioned third class of functions unresolved. Specifically, this class of functions is significantly different than the class of functions that was shown to be fair, and it contains functions where the parties exert the same amount of influence over the output in the ideal model and yet do not imply sampling, at least not by the construction of [14].…”

Section: Previous Workmentioning

confidence: 99%

See 1 more Smart Citation

Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions

Asharov

Beimel

Makriyannis

et al. 2015

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Fairness is a desirable property in secure computation; informally it means that if one party gets the output of the function, then all parties get the output. Alas, an implication of Cleve's result (STOC 86) is that when there is no honest majority, in particular in the important case of the two-party setting, there exist Boolean functions that cannot be computed with fairness. In a surprising result, Gordon et al. (JACM 2011) showed that some interesting functions can be computed with fairness in the twoparty setting, and reopened the question of understanding which Boolean functions can be computed with fairness, and which cannot. Our main result in this work is a complete characterization of the (symmetric) Boolean functions that can be computed with fairness in the two-party setting; this settles an open problem of Gordon et al. The characterization is quite simple: A function can be computed with fairness if and only if the all one-vector or the all-zero vector are in the affine span of either the rows or the columns of the matrix describing the function. This is true for both deterministic and randomized functions. To prove the possibility result, we modify the protocol of Gordon et al.; the resulting protocol computes with full security (and in particular with fairness) all functions that are computable with fairness. We extend the above result in two directions. First, we completely characterize the Boolean functions that can be computed with fairness in the multiparty case, when the number of parties is constant and at most half of the parties can be malicious. Second, we consider the two-party setting with asymmetric Boolean functionalities, that is, when the output of each party is one bit; however, the outputs are not necessarily the same. We provide both a sufficient condition and a necessary condition for fairness; however, a gap is left between these two conditions. We then consider a specific asymmetric function in this gap area, and by designing a new protocol, we show that it is computable with fairness. However, we do not give a complete characterization for all functions that lie in this gap, and their classification remains open.

show abstract

“…There has recently been a significant amount of work on fairness in the cryptographic setting, showing functions that can be computed with complete fairness [16,17,2,34,3] and exploring various notions of partial fairness (see [18,7] and references therein). The class of functions that are known to be computable with complete fairness is fairly limited; partial fairness and rational fairness are incomparable notions.…”

Section: Other Related Workmentioning

confidence: 99%

Fair Computation with Rational Players

Groce

Katz

2012

Advances in Cryptology – EUROCRYPT 2012

View full text Add to dashboard Cite

We consider the problem of fair multiparty computation, where fairness means (informally) that all parties should learn the correct output. A seminal result of Cleve (STOC 1986) shows that fairness is, in general, impossible to achieve if a majority of the parties is malicious. Here, we treat all parties as rational and seek to understand what can be done.Asharov et al. (Eurocrypt 2011) showed impossibility of rational fair computation in the two-party setting, for a particular function and a particular choice of utilities. We observe, however, that in their setting the parties have no strict incentive to compute the function even in an ideal world where fairness is guaranteed. Revisiting the problem, we show that rational fair computation is possible, for arbitrary functions, as long as the parties have a strict incentive to compute the function in an ideal world where fairness is guaranteed. Our results extend to more general utility functions that do not directly correspond to fairness, as well as to the multi-party setting. Our work thus shows a new setting in which game-theoretic considerations can be used to circumvent a cryptographic impossibility result.

show abstract

On the Classification of Finite Boolean Functions up to Fairness

Cited by 24 publications

References 12 publications

Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions and Hardness

Estimating Gaps in Martingales and Applications to Coin-Tossing: Constructions and Hardness

Complete Characterization of Fairness in Secure Two-Party Computation of Boolean Functions

Fair Computation with Rational Players

Contact Info

Product

Resources

About