The Bit coin system can be used to go beyond the standard "emulation-based" definition of the MPCs, by constructing protocols that link their inputs and the outputs with the real Bit coin transactions.
Abstract:
Bit coin is a decentralized digital currency, introduced in 2008, that has recently gained noticeable popularity. Its main features are: (a) it lacks a central authority that controls the transactions, (b) the list of transactions is publicly available, and (c) its syntax allows more advanced transactions than simply transferring the money. The goal of this paper is to show how these properties of Bit coin can be used in the area of secure multiparty computation protocols (MPCs). Firstly, we show that the Bit coin system provides an attractive way to construct a version of "timed commitments", where the committer has to reveal his secret within a certain time frame, or to pay a fine. This, in turn, can be used to obtain fairness in some multiparty protocols. Secondly, we introduce a concept of multiparty protocols that work "directly on Bit coin". Recall that the standard definition of the MPCs guarantees only that the protocol "emulates the trusted third party". Hence ensuring that the inputs are correct, and the outcome is respected is beyond the scope of the definition. Our observation is that the Bit coin system can be used to go beyond the standard "emulation-based" definition, by constructing protocols that link their inputs and the outputs with the real Bit coin transactions. As an instantiation of this idea we construct protocols for secure multiparty lotteries using the Bit coin currency, without relying on a trusted authority (one of these protocols uses the Bit coin-based timed commitments mentioned above). Our protocols guarantee fairness for the honest parties no matter how the loser behaves. For example: if one party interrupts the protocol then her money is transferred to the honest participants. Our protocols are practical (to demonstrate it we performed their transactions in the actual Bit coin system), and can be used in real life as a replacement for the online gambling sites. We think that this paradigm can have also other applications. We discuss some of them.
TL;DR: In this article, the authors present Hawk, a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public's view.
TL;DR: This survey unroll and structure the manyfold results and research directions of Bitcoin, and deduce the fundamental structures and insights at the core of the Bitcoin protocol and its applications.
TL;DR: In this paper, the authors extract and analyze the core of the Bitcoin protocol and prove two fundamental properties which they call common prefix and chain quality in the static setting where the number of players remains fixed.
TL;DR: This work analyses the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities, and shows a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.
TL;DR: The Bitcoin protocol as mentioned in this paper is an online communication protocol that facilitates the use of virtual currency, including electronic payments, and allows for irreversible transactions, a prescribed path of money creation over time, and a public transaction history.
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
TL;DR: A new tool for controlling the knowledge transfer process in cryptographic protocol design is introduced and it is applied to solve a general class of problems which include most of the two-party cryptographic problems in the literature.
TL;DR: Systems T he Internet offers vast new opportunities to interact with total strangers, but these interactions can be fun, informative, even profitable, but they also involve risk.
TL;DR: Permission to copy without fee all or part of this material is granted provided that the copies are not made or Idistributed for direct commercial advantage, the ACM copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Association for Computing Machimery.
TL;DR: A computational technique for combatting junk mail in particular and controlling access to a shared resource in general is presented, which requires a user to compute a moderately hard, but not intractable, function in order to gain access to the resource, thus preventing frivolous use.
Q1. What are the contributions mentioned in the paper "Secure multiparty computations on bitcoin" ?
The goal of this paper is to show how these properties of Bitcoin can be used in the area of secure multiparty computation protocols ( MPCs ). Firstly, the authors show that the Bitcoin system provides an attractive way to construct a version of “ timed commitments ”, where the committer has to reveal his secret within a certain time frame, or to pay a fine. Secondly, the authors introduce a concept of multiparty protocols that work “ directly on Bitcoin ”. As an instantiation of this idea the authors construct protocols for secure multiparty lotteries using the Bitcoin currency, without relying on a trusted authority ( one of these protocols uses the Bitcoin-based timed commitments mentioned above ). Their protocols are practical ( to demonstrate it the authors performed their transactions in the actual Bitcoin system ), and can be used in real life as a replacement for the online gambling sites. The authors discuss some of them. The authors think that this paradigm can have also other applications.
Q2. What are the future works mentioned in the paper "Secure multiparty computations on bitcoin" ?
Other possible future research directions are: constructing protocols secure against “ malleability attacks ” and “ eavesdropping attacks ” ( see Sec. V for more details ) that do not require the deposits, providing a more formal framework to analyze the deposit-based technique ( this can probably be done using the tools from the “ rational cryptography ” literature [ 31 ], [ 1 ], [ 28 ] ).
Q3. What are the only cryptographic primitives that the authors use?
The only cryptographic primitives that the authors use are the commitment schemes, implemented using the hash functions (which are standard Bitcoin primitives).
Q4. Why do the parties commit themselves to strings of length k?
Due to the technical limitations of Bitcoin scripting language in its current form16, instead of random numbers bi, the parties commit themselves to strings si sampled with uniformly random length from SNk := {0, 1}8k ∪ . . . ∪ {0, 1}8(k+N−1), i.e. the set of strings of length k, . . . , (k+N − 1) bytes17, where k is the security parameter.
Q5. What is the first thing P will do if the other party is cheating?
If at any point later a party P ∈ {A,B} realizes that the other party is cheating, then the first thing P will do is to “take the money and run”, i.e. to post a transaction that redeems PutMoneyP1 .
Q6. How do the authors create and open the commitments?
In particular, in their solution creating and opening the commitments are done by the transactions’ scripts using double SHA-256 hashing15.
Q7. what is the generalization to the multiple-input transactions with time-locks?
The generalization to the multiple-input transactions with time-locks is straightforward: a transaction has a form:Tx = (y1, . . . , y`, πx, v, t, σ1, . . . , σ`),8Technically an address is a hash of pk .
Q8. What is the only transaction that could be redeemed using Alice’s signature?
It is easy to see that the only transaction other than Compute , that could be potentially redeemed using Alice’s signature is PutMoneyA.
Q9. How does the committer set a limit on the waiting time of the recipient?
to set a limit on the waiting time of the recipient, the authors also require the committer to send to Pi a transaction PayDeposit i that can redeem Commit i if time t passes.
Q10. What is the main reason why the authors think this protocol can have practical applications?
Besides of being conceptually interesting, the authors think that their protocols can have direct practical applications in the online gambling, which is a significant market: it is estimated that there are currently 1,700 gambling sites worldwide handling bets worth over $4 billion per year [25].