TY - JOUR
T1 - COMPLETE CHARACTERIZATION OF FAIRNESS IN SECURE TWO-PARTY COMPUTATION OF BOOLEAN FUNCTIONS∗
AU - Asharov, Gilad
AU - Beimel, Amos
AU - Makriyannis, Nikolaos
AU - Omri, Eran
N1 - Publisher Copyright:
© 2024 Society for Industrial and Applied Mathematics Publications. All rights reserved.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - Fairness is a desirable property in secure computation; informally it means that if one party gets the output of the function, then all parties get the output. Alas, an implication of Cleve's result [18th ACM Symposium on the Theory of Computing, 1986] is that when there is no honest majority, in particular in the important case of the two-party setting, there exist functions that cannot be computed with fairness. In a surprising result, Gordon et al. [18th ACM Symposium on the Theory of Computing, 2008; J. ACM, 58 (2011), 24] showed that some interesting functions can be computed with fairness in the two-party setting and reopened the question of understanding which Boolean functions can be computed with fairness, and which cannot. Our main result in this work is a complete characterization of the (symmetric) Boolean functions that can be computed with fairness in the two-party setting; this settles an open problem of Gordon et al. The statement of the characterization is quite simple: A function can be computed with fairness if and only if the all-one vector or the all-zero vector are in the affine span of either the rows or the columns of the matrix describing the function. This is true for both deterministic and randomized functions. To prove the possibility result, we modify the protocol of Gordon et al.; the resulting protocol computes with full security (and in particular with fairness) all functions that are computable with fairness. Complementing this result, we also show that any function that does not satisfy the aforementioned condition can be reduced to a fair sampling protocol, which, by Agrawal and Prabhakaran [Advances in Cryptology - CRYPTO 2013, 2013], cannot be computed with fairness.
AB - Fairness is a desirable property in secure computation; informally it means that if one party gets the output of the function, then all parties get the output. Alas, an implication of Cleve's result [18th ACM Symposium on the Theory of Computing, 1986] is that when there is no honest majority, in particular in the important case of the two-party setting, there exist functions that cannot be computed with fairness. In a surprising result, Gordon et al. [18th ACM Symposium on the Theory of Computing, 2008; J. ACM, 58 (2011), 24] showed that some interesting functions can be computed with fairness in the two-party setting and reopened the question of understanding which Boolean functions can be computed with fairness, and which cannot. Our main result in this work is a complete characterization of the (symmetric) Boolean functions that can be computed with fairness in the two-party setting; this settles an open problem of Gordon et al. The statement of the characterization is quite simple: A function can be computed with fairness if and only if the all-one vector or the all-zero vector are in the affine span of either the rows or the columns of the matrix describing the function. This is true for both deterministic and randomized functions. To prove the possibility result, we modify the protocol of Gordon et al.; the resulting protocol computes with full security (and in particular with fairness) all functions that are computable with fairness. Complementing this result, we also show that any function that does not satisfy the aforementioned condition can be reduced to a fair sampling protocol, which, by Agrawal and Prabhakaran [Advances in Cryptology - CRYPTO 2013, 2013], cannot be computed with fairness.
KW - fairness
KW - foundations
KW - malicious adversaries
KW - secure two-party computation
UR - http://www.scopus.com/inward/record.url?scp=85206527668&partnerID=8YFLogxK
U2 - 10.1137/18M1232656
DO - 10.1137/18M1232656
M3 - Article
AN - SCOPUS:85206527668
SN - 0097-5397
VL - 53
SP - 1381
EP - 1408
JO - SIAM Journal on Computing
JF - SIAM Journal on Computing
IS - 5
ER -