Fair Two-Party Computations via Bitcoin Deposits

@article{Andrychowicz2014FairTC,
  title={Fair Two-Party Computations via Bitcoin Deposits},
  author={Marcin Andrychowicz and Stefan Dziembowski and Daniel Malinowski and Lukasz Mazurek},
  journal={IACR Cryptol. ePrint Arch.},
  year={2014},
  volume={2013},
  pages={837}
}
We show how the Bitcoin currency system (with a small modification) can be used to obtain fairness in any two-party secure computation protocol in the following sense: if one party aborts the protocol after learning the output then the other party gets a financial compensation (in bitcoins). One possible application of such protocols is the fair contract signing: each party is forced to complete the protocol, or to pay to the other one a fine. 
View via Publisher
eprint.iacr.org
143 Citations
Highly Influential Citations
7
Background Citations
55
Methods Citations
22
Results Citations
2

143 Citations

Citation Type

Citation Type

How to Use Bitcoin to Design Fair Protocols
TLDR
It is shown how the Bitcoin network can be used to achieve the above notion of fairness in the two-party as well as the multiparty setting (with a dishonest majority) in this model of fairness.
How to deal with malleability of BitCoin transactions
TLDR
This short note shows a general technique for creating malleability-resilient "refund" transactions, which does not require any modification of the BitCoin protocol.
Constant-Deposit Multiparty Lotteries on Bitcoin
TLDR
This work proposes a fair lottery on Bitcoin which only requires a constant deposit which grows quadratically with the number of players.
A Denial of Service attack against fair computations using Bitcoin deposits
  • J. Beekman
  • Computer Science, Mathematics
    Inf. Process. Lett.
  • 2016
Zero-Collateral Lotteries in Bitcoin and Ethereum
  • Andrew K. Miller, Iddo Bentov
  • Computer Science, Mathematics
    2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
  • 2017
TLDR
These protocols are based on a tournament bracket construction, and require only O(logN) rounds, and represent a significant improvement, both because they allow players with little money to participate, and because of the time value of money.
Secure Multiparty Computations on Bitcoin
TLDR
The Bit coin system can be used to go beyond the standard "emulation-based" definition of the MPCs, by constructing protocols that link their inputs and the outputs with the real Bit coin transactions.
Escrow Protocols for Cryptocurrencies: How to Buy Physical Goods Using Bitcoin
TLDR
This work formalizes the escrow problem and presents a suite of schemes with improved security and privacy properties that are compatible with Bitcoin and similar blockchain-based cryptocurrencies.
How to Use Bitcoin to Incentivize Correct Computations
TLDR
An efficient secure computation protocol is shown that monetarily penalizes an adversary that attempts to learn one bit of information but gets detected in the process and captures the amount of computational effort required to validate Bitcoin transactions required to implement it in Bitcoin.
Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts
TLDR
Although smart contracts are believed to have a huge potential, for the moment they are not widely used in practice, because most of Bitcoin miners allow only to post standard transactions on the blockchain, it is currently very hard to create non-trivial smart contracts in Bitcoin.
Instantaneous Decentralized Poker
TLDR
Efficient protocols for amortized secure multiparty computation with penalties and secure cash distribution for poker, of which poker is a prime example, are presented.
...
...

References

SHOWING 1-10 OF 43 REFERENCES
Note on fair coin toss via Bitcoin
In this short note we show that the Bitcoin network can allow remote parties to gamble with their bitcoins by tossing a fair or biased coin, with no need for a trusted party, and without the
How to deal with malleability of BitCoin transactions
TLDR
This short note shows a general technique for creating malleability-resilient "refund" transactions, which does not require any modification of the BitCoin protocol.
Fair Secure Two-Party Computation
We demonstrate a transformation of Yao's protocol for secure two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely.
Zerocoin: Anonymous Distributed E-Cash from Bitcoin
TLDR
Zerocoin is proposed, a cryptographic extension to Bitcoin that augments the protocol to allow for fully anonymous currency transactions and uses standard cryptographic assumptions and does not introduce new trusted parties or otherwise change the security model of Bitcoin.
A fair protocol for signing contracts
TLDR
A new protocol is proposed that is fair in the sense that, at any stage in its execution, the conditional probability that one party cannot commit both parties to the contract given that the other party can, is close to zero.
Timed Commitments
We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the
A fair non-repudiation protocol
TLDR
This work presents a fair non-repudiation protocol that requires a trusted third party but attempts to minimize its involvement in the execution of the protocol.
Bitter to Better - How to Make Bitcoin a Better Currency
TLDR
An in-depth investigation is performed to understand what made Bitcoin so successful, while decades of research on cryptographic e-cash has not lead to a large-scale deployment.
Complete Fairness in Secure Two-Party Computation
TLDR
This paper shows feasibility of obtaining complete fairness when computing any function over polynomial-size domains that does not contain an “embedded XOR” and proves a lower bound showing that any completely fair protocol for such functions must have round complexity super-logarithmic in the security parameter.
CommitCoin: Carbon Dating Commitments with Bitcoin
In the standard definition of a commitment scheme, the sender commits to a message and immediately sends the commitment to the recipient interested in it. However the sender may not always know at
...
...