STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Completeness theorems for non-cryptographic fault-tolerant distributed computation
STOC '88 Proceedings of the twentieth annual ACM symposium on Theory of computing
Fast asynchronous Byzantine agreement with optimal resilience
STOC '93 Proceedings of the twenty-fifth annual ACM symposium on Theory of computing
Asynchronous secure computation
STOC '93 Proceedings of the twenty-fifth annual ACM symposium on Theory of computing
Optimistic protocols for fair exchange
Proceedings of the 4th ACM conference on Computer and communications security
Efficient verifiable encryption (and fair exchange) of digital signatures
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Simple and fast optimistic protocols for fair electronic exchange
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Making p2p accountable without losing privacy
Proceedings of the 2007 ACM workshop on Privacy in electronic society
Optimistic fair exchange of digital signatures
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
Fair exchange is one of the most fundamental problems in secure distributed computation. Alice has something that Bob wants, and Bob has something that Alice wants. A fair exchange protocol would guarantee that, even if one of them maliciously deviates from the protocol, either both of them get the desired content, or neither of them do. It is known that no two-party protocol can guarantee fairness in general; therefore the presence of a trusted arbiter is necessary. In optimistic fair exchange, the arbiter only gets involved in case of faults, but needs to be trusted. To reduce the trust put in the arbiter, it is natural to consider employing multiple arbiters. Expensive techniques like byzantine agreement or secure multi-party computation with Ω(n2) communication can be applied to distribute arbiters in a non-autonomous way. Efficient protocols can be achieved by keeping the arbiters autonomous (non-communicating). Avoine and Vaudenay [5] employ multiple autonomous arbiters in their optimistic fair exchange protocol which uses global timeout mechanisms; all arbiters have access to loosely synchronized clocks. They left two open questions regarding the use of distributed autonomous arbiters: (1) Can an optimistic fair exchange protocol without timeouts provide fairness when employing multiple autonomous arbiters? (2) Can any other optimistic fair exchange protocol with timeouts achieve better bounds on the number of honest arbiters required? In this paper, we answer both questions negatively. To answer these questions, we define a general class of optimistic fair exchange protocols with multiple arbiters, called "distributed arbiter fair exchange" (DAFE) protocols. Informally, in a DAFE protocol, if a participant fails to send a correctly formed message, the other party must contact some subset of the arbiters and get correctly formed responses from them. The arbiters do not communicate with each other, but only to Alice and Bob. We prove that no DAFE protocol can meaningfully exist.