{"title":"Collusion-free协议","authors":"Abhi Shelat","doi":"10.1145/1807406.1807497","DOIUrl":null,"url":null,"abstract":"Consider the clever cheating that occurred during an FCC spectrum auction in 1995 (see Cramton and J. Schwartz '02 for a history). Auction rules forbade companies from openly colluding to divide the spectrum cheaply; nonetheless, the major players circumvented the rules by using the least significant digits of their public messages to coordinate their overall bidding strategies. In other words, these parties used the auction protocol itself to cheat.\n Standard notions of security for cryptographic protocols do not prevent this type of cheating. In this talk, we propose the idea of collusion-free protocols. Such protocols do not create any new opportunities---such as using the protocol messages and headers themselves---for malicious participants to coordinate their cheating during the execution of the protocol. We discuss both positive and negative results regarding this notion by showing that it is possible to construct such protocols but special communication assumptions are provably necessary. The conceptual barrier to achieving this novel security property is captured in the following paradox: it is widely acknowledged that players must use randomness to pick their messages in any secure protocol, but the presence of randomized messages also enables perfect steganography and thus perfect collusion.\n We give an overview of two conceptually different approaches to overcome this paradox. The first method is based on the concept of verifiable determinism. This is a way to organize communication so that a player's next message is unpredictable, but once the message has been sent, everyone can verify that it was the one-and-only such message that an honest player could have sent. As a result, steganography becomes impossible. The second method takes an opposite approach: players generate arbitrary messages but send them to each other via a mediator who \"re-randomizes\"' the messages to eliminate steganographic channels. The goal is to design protocols where collusion-freeness is guaranteed as long as the mediator is honest, while standard security guarantees hold if the mediator is dishonest. This new approach enables us to use a less exotic communication channel to construct protocols that achieve a strong collusion-free property.\n This talk is based on 4 papers with the following set of coauthors: Matt Lepinski and Silvio Micali, Joel Alwen and Ivan Visconti, and Alwen, Jonathan Katz, Yehuda Lindell, Giuseppe Persiano, and Visconti.","PeriodicalId":142982,"journal":{"name":"Behavioral and Quantitative Game Theory","volume":"112 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Collusion-free protocols\",\"authors\":\"Abhi Shelat\",\"doi\":\"10.1145/1807406.1807497\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Consider the clever cheating that occurred during an FCC spectrum auction in 1995 (see Cramton and J. Schwartz '02 for a history). Auction rules forbade companies from openly colluding to divide the spectrum cheaply; nonetheless, the major players circumvented the rules by using the least significant digits of their public messages to coordinate their overall bidding strategies. In other words, these parties used the auction protocol itself to cheat.\\n Standard notions of security for cryptographic protocols do not prevent this type of cheating. In this talk, we propose the idea of collusion-free protocols. Such protocols do not create any new opportunities---such as using the protocol messages and headers themselves---for malicious participants to coordinate their cheating during the execution of the protocol. We discuss both positive and negative results regarding this notion by showing that it is possible to construct such protocols but special communication assumptions are provably necessary. The conceptual barrier to achieving this novel security property is captured in the following paradox: it is widely acknowledged that players must use randomness to pick their messages in any secure protocol, but the presence of randomized messages also enables perfect steganography and thus perfect collusion.\\n We give an overview of two conceptually different approaches to overcome this paradox. The first method is based on the concept of verifiable determinism. This is a way to organize communication so that a player's next message is unpredictable, but once the message has been sent, everyone can verify that it was the one-and-only such message that an honest player could have sent. As a result, steganography becomes impossible. The second method takes an opposite approach: players generate arbitrary messages but send them to each other via a mediator who \\\"re-randomizes\\\"' the messages to eliminate steganographic channels. The goal is to design protocols where collusion-freeness is guaranteed as long as the mediator is honest, while standard security guarantees hold if the mediator is dishonest. This new approach enables us to use a less exotic communication channel to construct protocols that achieve a strong collusion-free property.\\n This talk is based on 4 papers with the following set of coauthors: Matt Lepinski and Silvio Micali, Joel Alwen and Ivan Visconti, and Alwen, Jonathan Katz, Yehuda Lindell, Giuseppe Persiano, and Visconti.\",\"PeriodicalId\":142982,\"journal\":{\"name\":\"Behavioral and Quantitative Game Theory\",\"volume\":\"112 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-05-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Behavioral and Quantitative Game Theory\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1807406.1807497\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Behavioral and Quantitative Game Theory","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1807406.1807497","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 10
摘要
想想1995年美国联邦通信委员会频谱拍卖期间发生的聪明的作弊行为(参见克拉姆顿和J.施瓦茨2002年的历史)。拍卖规则禁止公司公开串通低价分割频谱;然而,主要参与者通过使用公开信息中的最低有效数字来协调他们的整体竞标策略,从而规避了规则。换句话说,这些各方利用拍卖协议本身来作弊。加密协议的标准安全概念并不能防止这种类型的欺骗。在这次演讲中,我们提出了无合谋协议的想法。这样的协议不会创造任何新的机会——比如使用协议消息和报头本身——让恶意的参与者在协议执行期间协调他们的作弊行为。我们讨论了关于这一概念的积极和消极结果,表明有可能构建这样的协议,但可以证明特殊的通信假设是必要的。实现这种新型安全属性的概念障碍体现在以下悖论中:人们普遍认为,在任何安全协议中,玩家必须使用随机性来选择他们的消息,但随机消息的存在也会实现完美的隐写,从而实现完美的共谋。我们概述了克服这一悖论的两种概念上不同的方法。第一种方法是基于可验证决定论的概念。这是一种组织交流的方式,这样玩家的下一条信息是不可预测的,但一旦消息被发送,每个人都可以验证这是一个诚实的玩家可以发送的唯一的信息。因此,隐写术变得不可能。第二种方法则采取相反的方法:玩家生成任意信息,但通过中介将其发送给彼此,中介将“重新随机化”信息以消除隐写通道。我们的目标是设计这样的协议:只要中介者是诚实的,就可以保证无合谋,而如果中介者是不诚实的,就可以保证标准的安全保证。这种新方法使我们能够使用较少的外部通信通道来构建实现强无合谋特性的协议。本次演讲基于以下四篇论文:Matt Lepinski和Silvio Micali, Joel Alwen和Ivan Visconti, Alwen, Jonathan Katz, Yehuda Lindell, Giuseppe Persiano和Visconti。
Consider the clever cheating that occurred during an FCC spectrum auction in 1995 (see Cramton and J. Schwartz '02 for a history). Auction rules forbade companies from openly colluding to divide the spectrum cheaply; nonetheless, the major players circumvented the rules by using the least significant digits of their public messages to coordinate their overall bidding strategies. In other words, these parties used the auction protocol itself to cheat.
Standard notions of security for cryptographic protocols do not prevent this type of cheating. In this talk, we propose the idea of collusion-free protocols. Such protocols do not create any new opportunities---such as using the protocol messages and headers themselves---for malicious participants to coordinate their cheating during the execution of the protocol. We discuss both positive and negative results regarding this notion by showing that it is possible to construct such protocols but special communication assumptions are provably necessary. The conceptual barrier to achieving this novel security property is captured in the following paradox: it is widely acknowledged that players must use randomness to pick their messages in any secure protocol, but the presence of randomized messages also enables perfect steganography and thus perfect collusion.
We give an overview of two conceptually different approaches to overcome this paradox. The first method is based on the concept of verifiable determinism. This is a way to organize communication so that a player's next message is unpredictable, but once the message has been sent, everyone can verify that it was the one-and-only such message that an honest player could have sent. As a result, steganography becomes impossible. The second method takes an opposite approach: players generate arbitrary messages but send them to each other via a mediator who "re-randomizes"' the messages to eliminate steganographic channels. The goal is to design protocols where collusion-freeness is guaranteed as long as the mediator is honest, while standard security guarantees hold if the mediator is dishonest. This new approach enables us to use a less exotic communication channel to construct protocols that achieve a strong collusion-free property.
This talk is based on 4 papers with the following set of coauthors: Matt Lepinski and Silvio Micali, Joel Alwen and Ivan Visconti, and Alwen, Jonathan Katz, Yehuda Lindell, Giuseppe Persiano, and Visconti.