Lower Bounds on Implementing Robust and Resilient Mediators

Abraham, Ittai; Dolev, Danny; Halpern, Joseph Y.

doi:10.1007/978-3-540-78524-8_17

Cited by 43 publications

(93 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We conclude by showing that the prescribed strategy ⃗ σ is not a computational Nash equilibrium by showing that one of the ⃗ σ stop strategies has a better expected utility than ⃗ σ. That is, we show that either u 2 …”

Section: Intuitionmentioning

confidence: 62%

“…The basic question that we ask regarding utility independence was proposed in [7]. The first partial answer to this question was given by [1] (with extension in [2]) who showed that utility independence is possible for t-out-of-n secret sharing as long as t < n/3. This question was also considered by [16] who showed that utility independence can be achieved if the number of parties participating in the reconstruction procedure is strictly greater than the threshold t. The works of [15,13] can be used to obtain fair secret sharing, but assume stronger physical assumptions than a simultaneous channel.…”

Section: Related Workmentioning

confidence: 99%

“…When P 1 plays according to strategy σ i 1 , the only way that it can be the only one to learn the secret is if it learns the secret in round i + 1 and P 2 has not yet learned the secret. Note that P 1 plays honestly up until round i + 1 and so if the protocol terminates before round i + 1 it must be that both parties learned the secret.…”

Section: Notationmentioning

confidence: 99%

See 2 more Smart Citations

Utility Dependence in Correct and Fair Rational Secret Sharing

Asharov

Lindell

2010

J Cryptol

View full text Add to dashboard Cite

The problem of carrying out cryptographic computations when the participating parties are rational in a game-theoretic sense has recently gained much attention. One problem that has been studied considerably is that of rational secret sharing. In this setting, the aim is to construct a mechanism (protocol) so that parties behaving rationally have incentive to cooperate and provide their shares in the reconstruction phase, even if each party prefers to be the only one to learn the secret.Although this question was only recently asked by Halpern and Teague (STOC 2004), a number of works with beautiful ideas have been presented to solve this problem. However, they all have the property that the protocols constructed need to know the actual utility values of the parties (or at least a bound on them). This assumption is very problematic because the utilities of parties are not public knowledge. We ask whether this dependence on the actual utility values is really necessary and prove that in the case of two parties, rational secret sharing cannot be achieved without it. On the positive side, we show that in the multiparty case it is possible to construct a single mechanism that works for all (polynomial) utility functions. Our protocol has an expected number of rounds that is constant, and is optimally resilient to coalitions.In addition to the above, we observe that the known protocols for rational secret sharing that do not assume simultaneous channels all suffer from the problem that one of the parties can cause the others to output an incorrect value. (This problem arises when a party gains higher utility by having another output an incorrect value than by learning the secret itself; we argue that such a scenario needs to be considered.) We show that this problem is inherent in the non-simultaneous channels model, unless the actual values of the parties' utilities from this attack is known, in which case it is possible to prevent this from happening.

show abstract

Section: Intuitionmentioning

confidence: 62%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Utility Dependence in Correct and Fair Rational Secret Sharing

Asharov

Lindell

2010

J Cryptol

View full text Add to dashboard Cite

show abstract

“…(See for instance [6], [7], and [8].) It is interesting to explore how these extensions of Nash equilibrium can impact our theory of Perturbation-Freedom outlined in this paper.…”

Section: Discussionmentioning

confidence: 99%

Nash Equilibria in Stabilizing Systems

Gouda

Acharya

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The objective of this paper is three-fold. First, we specify what it means for a fixed point of a stabilizing distributed system to be a Nash equilibrium. Second, we present methods that can be used to verify whether or not a given fixed point of a given stabilizing distributed system is a Nash equilibrium. Third, we argue that in a stabilizing distributed system, whose fixed points are all Nash equilibria, no process has an incentive to perturb its local state, after the system reaches one fixed point, in order to force the system to reach another fixed point where the perturbing process achieves a better gain. If the fixed points of a stabilizing distributed system are all Nash equilibria, then we refer to the system as perturbation-proof. Otherwise, we refer to the system as perturbation-prone. We identify four natural classes of perturbation-(proof/prone) systems. We present system examples for three of these classes of systems, and show that the fourth class is empty.

show abstract

“…(2) If no player deviates during the multiparty computation, then at the end of the monitoring subphase, all non-deviating players commonly agree: (i) that no deviation occurred, and (ii) on the values of the inputs and outputs of all the players.…”

Section: Secure Multiparty Computationsmentioning

confidence: 99%