Affiliation:
1. University of Connecticut
2. Algorand Foundation
3. Columbia University
4. University of Pennsylvania , Algorand Foundation
5. Columbia University , Tel-Aviv University
Abstract
Abstract
Existing models for non-interactive MPC cannot provide full privacy for inputs, because they inherently leak the residual function (i.e., the output of the function on the honest parties’ input together with all possible values of the adversarial inputs). For example, in any non-interactive sealed-bid auction, the last bidder can figure out what was the highest previous bid. We present a new MPC model which avoids this privacy leak. To achieve this, we utilize a blockchain in a novel way, incorporating smart contracts and arbitrary parties that can be incentivized to perform computation (“bounty hunters,” akin to miners). Security is maintained under a monetary assumption about the parties: an honest party can temporarily supply a recoverable collateral of value higher than the computational cost an adversary can expend. We thus construct non-interactive MPC protocols with strong security guarantees (full security, no residual leakage) in the short term. Over time, as the adversary can invest more and more computational resources, the security guarantee decays. Thus, our model, which we call Gage MPC, is suitable for secure computation with limited-time secrecy, such as auctions. A key ingredient in our protocols is a primitive we call “Gage Time Capsules” (GaTC): a time capsule that allows a party to commit to a value that others are able to reveal but only at a designated computational cost. A GaTC allows a party to commit to a value together with a monetary collateral. If the original party properly opens the GaTC, it can recover the collateral. Otherwise, the collateral is used to incentivize bounty hunters to open the GaTC. This primitive is used to ensure completion of Gage MPC protocols on the desired inputs. As a requisite tool (of independent interest), we present a generalization of garbled circuit that are more robust: they can tolerate exposure of extra input labels. This is in contrast to Yao’s garbled circuits, whose secrecy breaks down if even a single extra label is exposed. Finally, we present a proof-of-concept implementation of a special case of our construction, yielding an auction functionality over an Ethereum-like blockchain.
Reference48 articles.
1. [1] Altcoin.io decentralized exchange. https://altcoin.io/
2. [2] Etherdelta decentralized exchange. https://etherdelta.com/
3. [3] Etheropt decentralized exchange (mirror of original software). https://github.com/destenson/etheropt--etheropt.github.io
4. [4] Intrinsically tradable tokens. https://github.com/o0ragman0o/ITT
5. [5] Ren: A privacy preserving virtual machine powering zero-knowledge financial applications. https://renproject.io/litepaper.pdf
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Ratel: MPC-extensions for Smart Contracts;Proceedings of the 19th ACM Asia Conference on Computer and Communications Security;2024-07
2. Beyond Security: Achieving Fairness in Mailmen-Assisted Timed Data Delivery;IEEE Transactions on Information Forensics and Security;2024
3. Cryptographic Primitives;Advances in Information Security;2023-08-10
4. Statement-Oblivious Threshold Witness Encryption;2023 IEEE 36th Computer Security Foundations Symposium (CSF);2023-07
5. Redactable Blockchain Using Lattice-based Chameleon Hash Function;2022 International Conference on Blockchain Technology and Information Security (ICBCTIS);2022-07