Abstract
It is known that Bitcoin enables achieving fairness in secure computation by imposing monetary penalties on adversarial parties. This functionality is called secure computation with penalties. Bentov and Kumaresan (2014) [9] introduced the claim-or-refund functionality that can be implemented via Bitcoin. They achieved secure computation with penalties with O(n) rounds and O(n) broadcasts for any function, where n is the number of parties. After that, Kumaresan and Bentov (2014) [8] showed a constant-round protocol. Unfortunately, this protocol requires O(n2) broadcasts. As far as we know, no protocol achieves O(1) rounds and O(n) broadcasts based on Bitcoin. This work accomplishes such efficiency in secure computation with penalties. We first show a protocol in a slightly relaxed setting called secure computation with non-equivalent penalties. This setting is the same as secure computation with penalties except that every honest party receives more than a predetermined amount of compensation, while the previous one requires that every honest party receives the same amount of compensation. Namely, our setting allows the compensations for honest parties to be non-equivalent. Moreover, we present a technique to remove the non-equivalence of our protocol without sacrificing efficiency. We then propose a new ideal functionality called claim-refund-or-give that can be implemented via Bitcoin.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call