Abstract
It is known that Bitcoin enables achieving fairness in secure computation by imposing monetary penalties on adversarial parties. This functionality is called secure computation with penalties. Bentov and Kumaresan (2014) [9] introduced the claim-or-refund functionality that can be implemented via Bitcoin. They achieved secure computation with penalties with O(n) rounds and O(n) broadcasts for any function, where n is the number of parties. After that, Kumaresan and Bentov (2014) [8] showed a constant-round protocol. Unfortunately, this protocol requires O(n2) broadcasts. As far as we know, no protocol achieves O(1) rounds and O(n) broadcasts based on Bitcoin. This work accomplishes such efficiency in secure computation with penalties. We first show a protocol in a slightly relaxed setting called secure computation with non-equivalent penalties. This setting is the same as secure computation with penalties except that every honest party receives more than a predetermined amount of compensation, while the previous one requires that every honest party receives the same amount of compensation. Namely, our setting allows the compensations for honest parties to be non-equivalent. Moreover, we present a technique to remove the non-equivalence of our protocol without sacrificing efficiency. We then propose a new ideal functionality called claim-refund-or-give that can be implemented via Bitcoin.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
