HiddenΔ-Fairness: A Novel Notion for Fair Secure Two-Party Computation

Secure two-party computation allows two mutually distrusting parties to compute a joint function over their inputs, guaranteeing properties such as \emph{input privacy} or \emph{correctness}.
For many tasks, such as joint computation of statistics, it is important that when one party receives the result of the computation, the other party also receives the result.
Unfortunately, this property, which is called \emph{fairness}, is unattainable in the two-party setting for arbitrary functions. So weaker variants have been proposed.
One such notion, proposed by Pass \etal (EUROCRYPT 2017) is called \emph{$\Delta$-fairness}.
Informally, it guarantees that if a corrupt party receives the output in round $r$ and stops participating in the protocol, then the honest party receives the output by round $\Delta(r)$.
This notion is achieved by using so-called \emph{secure enclaves}.
In many settings, $\Delta$-fairness is not sufficient, because a corrupt party is \emph{guaranteed} to receive its output before the honest party, giving the corrupt party an advantage in further interaction.
Worse, as $\Delta$ is known to the corrupt party, it can abort the protocol when it is most advantageous.
... mehr
We extend the concept of $\Delta$-fairness by introducing a new fairness notion, which we call \emph{hidden $\Delta$-fairness}, which addresses these problems.
First of all, under our new notion, a corrupt party may not benefit from aborting, because it may not, with probability $\nicefrac{1}{2}$, learn the result first.
Moreover, $\Delta$ and other parameters are sampled according to a given distribution and remain unknown to the participants in the computation.
We propose a 2PC protocol that achieves hidden $\Delta$-fairness, also using secure enclaves, and prove its security in the Generalized Universal Composability (GUC) framework.