IACR News item: 23 February 2014
Iddo Bentov, Ranjit Kumaresan
ePrint ReportOne of our main contributions is the definition of an ideal primitive, which we call $\\mathcal{F}_{\\mathrm{CR}}^\\star$ ($\\mathrm{CR}$ stands for ``claim-or-refund\'\'), that formalizes and abstracts the exact properties we require from the Bitcoin network to achieve our goals. Naturally, this abstraction allows us to design fair protocols in a hybrid model in which parties have access to the $\\mathcal{F}_{\\mathrm{CR}}^\\star$ functionality, and is otherwise independent of the Bitcoin ecosystem.
We also show an efficient realization of $\\mathcal{F}_{\\mathrm{CR}}^\\star$ that requires only two Bitcoin transactions to be made on the network.
Our constructions also enjoy high efficiency. In a multiparty setting, our protocols only require a constant number of calls to $\\mathcal{F}_{\\mathrm{CR}}^\\star$ per party on top of a standard multiparty secure computation protocol. Our fair multiparty lottery protocol improves over previous solutions which required a quadratic number of Bitcoin transactions.
Additional news items may be found on the IACR news page.