Results 1  10
of
108
Distributed Computing Meets Game Theory: Robust Mechanisms for Rational Secret Sharing and Multiparty Computation
 In Proc. 25th PODC
, 2006
"... We study kresilient Nash equilibria, joint strategies where no member of a coalition C of size up to k can do better, even if the whole coalition defects. We show that such kresilient Nash equilibria exist for secret sharing and multiparty computation, provided that players prefer to get the infor ..."
Abstract

Cited by 124 (14 self)
 Add to MetaCart
(Show Context)
We study kresilient Nash equilibria, joint strategies where no member of a coalition C of size up to k can do better, even if the whole coalition defects. We show that such kresilient Nash equilibria exist for secret sharing and multiparty computation, provided that players prefer to get the information than not to get it. Our results hold even if there are only 2 players, so we can do multiparty computation with only two rational agents. We extend our results so that they hold even in the presence of up to t players with “unexpected” utilities. Finally, we show that our techniques can be used to simulate games with mediators by games without mediators. Categories and Subject Descriptors: F.0 [Theory of Computation]: General.
Rational secure computation and ideal mechanism design
 In Proc. 46th IEEE Symp. Foundations of Computer Science
, 2005
"... Secure Computation essentially guarantees that whatever computation n players can do with the help of a trusted party, they can also do by themselves. Fundamentally, however, this notion depends on the honesty of at least some players. We put forward and implement a stronger notion, Rational Secure ..."
Abstract

Cited by 58 (4 self)
 Add to MetaCart
(Show Context)
Secure Computation essentially guarantees that whatever computation n players can do with the help of a trusted party, they can also do by themselves. Fundamentally, however, this notion depends on the honesty of at least some players. We put forward and implement a stronger notion, Rational Secure Computation, that does not depend on player honesty, but solely on player rationality. The key to our implementation is showing that the ballotbox—the venerable device used throughout the world to tally secret votes securely—can actually be used to securely compute any function. Our work bridges the fields of Game Theory and Cryptography, and has broad implications for Mechanism Design. 1 The Case for Rational Security Secure Computation. The general notion of Secure Computation was put forward and first exemplified by Goldreich, Micali and Wigderson [8], building on earlier twoparty results of Yao [17]. Given a joint computation among n players and a trusted party, Secure Computation aims at removing the trusted party without suffering any correctness or privacy loss. A bit more precisely, all prior securecomputation work— by now quite extensive — adopts the original ideal/real paradigm, illustrated below in the crucial, special case of a secure function evaluation (SFE for short). An ideal evaluation of a (possibly probabilistic) ninput, noutput function f consists of the following process. Each player i has a private input, xi, and is assumed to be honest or malicious. An honest i simply confides his original xi to a trusted party. Malicious players may instead perfectly coordinate their actions, so as to compute and report to the trusted party alternative inputs x ′ j for every malicious player j. The trusted party then evaluates f on all reported inputs,
PDA: privacypreserving data aggregation in wireless sensor networks
 IN: PROCEEDINGS OF THE IEEE INFOCOM2007
, 2007
"... Providing efficient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present two privacypreserving data aggregation schemes for additive aggregation functions. The first scheme – Clusterbased Private Data Aggregation ( ..."
Abstract

Cited by 54 (2 self)
 Add to MetaCart
(Show Context)
Providing efficient data aggregation while preserving data privacy is a challenging problem in wireless sensor networks research. In this paper, we present two privacypreserving data aggregation schemes for additive aggregation functions. The first scheme – Clusterbased Private Data Aggregation (CPDA)– leverages clustering protocol and algebraic properties of polynomials. It has the advantage of incurring less communication overhead. The second scheme – SliceMixAggRegaTe (SMART)– builds on slicing techniques and the associative property of addition. It has the advantage of incurring less computation overhead. The goal of our work is to bridge the gap between collaborative data collection by wireless sensor networks and data privacy. We assess the two schemes by privacypreservation efficacy, communication overhead, and data aggregation accuracy. We present simulation results of our schemes and compare their performance to a typical data aggregation scheme – TAG, where no data privacy protection is provided. Results show the efficacy and efficiency of our schemes. To the best of our knowledge, this paper is among the first on privacypreserving data aggregation in wireless sensor networks.
Rational Secret Sharing, Revisited
 IN SCN (SECURITY IN COMMUNICATION NETWORKS)
, 2006
"... We consider the problem of secret sharing among n rational players. This problem was introduced by Halpern and Teague (STOC 2004), who claim that a solution is impossible for n = 2 but show a solution for the case n >= 3. Contrary to their claim, we show a protocol for rational secret sharing ..."
Abstract

Cited by 49 (4 self)
 Add to MetaCart
We consider the problem of secret sharing among n rational players. This problem was introduced by Halpern and Teague (STOC 2004), who claim that a solution is impossible for n = 2 but show a solution for the case n >= 3. Contrary to their claim, we show a protocol for rational secret sharing among n = 2 players; our protocol extends to the case n 3, where it is simpler than the HalpernTeague solution and also o#ers a number of other advantages. We also show how to avoid the continual involvement of the dealer, in either our own protocol or that of Halpern and Teague. Our
Bridging Game Theory and Cryptography: Recent Results and Future Directions
"... Abstract. Motivated by the desire to develop more realistic models of, and protocols for, interactions between mutually distrusting parties, there has recently been significant interest in combining the approaches and techniques of game theory with those of cryptographic protocol design. Broadly spe ..."
Abstract

Cited by 40 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Motivated by the desire to develop more realistic models of, and protocols for, interactions between mutually distrusting parties, there has recently been significant interest in combining the approaches and techniques of game theory with those of cryptographic protocol design. Broadly speaking, two directions are currently being pursued: Applying cryptography to game theory: Certain gametheoretic equilibria are achievable if a trusted mediator is available. The question here is: to what extent can this mediator be replaced by a distributed cryptographic protocol run by the parties themselves? Applying gametheory to cryptography: Traditional cryptographic models assume some honest parties who faithfully follow the protocol, and some arbitrarily malicious players against whom the honest players must be protected. Gametheoretic models propose instead that all players are simply selfinterested (i.e., rational), and the question then is: how can we model and design meaningful protocols for such a setting? In addition to surveying known results in each of the above areas, I suggest some new definitions along with avenues for future research. 1
Cryptography and game theory: Designing protocols for exchanging information
 In Theory of Cryptography Conference
, 2008
"... The goal of this paper is nding fair protocols for the secret sharing and secure multiparty computation (SMPC) problems, when players are assumed to be rational. It was observed by Halpern and Teague (STOC 2004) that protocols with bounded number of iterations are susceptible to backward induction a ..."
Abstract

Cited by 40 (1 self)
 Add to MetaCart
(Show Context)
The goal of this paper is nding fair protocols for the secret sharing and secure multiparty computation (SMPC) problems, when players are assumed to be rational. It was observed by Halpern and Teague (STOC 2004) that protocols with bounded number of iterations are susceptible to backward induction and cannot be considered rational. Previously suggested cryptographic solutions all share the property of having an essential exponential upper bound on their running time, and hence they are also susceptible to backward induction. Although it seems that this bound is an inherent property of every cryptography based solution, we show that this is not the case. We suggest coalitionresilient secret sharing and SMPC protocols with the property that after any sequence of iterations it is still a computational best response to follow them. Therefore, the protocols can be run any number of iterations, and are immune to backward induction. The mean of communication assumed is a broadcast channel, and we consider both the simultaneous and nonsimultaneous cases.
On noncooperative location privacy: A gametheoretic analysis,”
 in Proceedings of the 16th ACM conference on Computer and communications security (CCS’09),
, 2009
"... ABSTRACT In mobile networks, authentication is a required primitive for the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile ..."
Abstract

Cited by 40 (11 self)
 Add to MetaCart
(Show Context)
ABSTRACT In mobile networks, authentication is a required primitive for the majority of security protocols. However, an adversary can track the location of mobile nodes by monitoring pseudonyms used for authentication. A frequently proposed solution to protect location privacy suggests that mobile nodes collectively change their pseudonyms in regions called mix zones. Because this approach is costly, selfinterested mobile nodes might decide not to cooperate and could thus jeopardize the achievable location privacy. In this paper, we analyze the noncooperative behavior of mobile nodes by using a gametheoretic model, where each player aims at maximizing its location privacy at a minimum cost. We first analyze the Nash equilibria in nplayer complete information games. Because mobile nodes in a privacysensitive system do not know their opponents' payoffs, we then consider incomplete information games. We establish that symmetric BayesianNash equilibria exist with simple threshold strategies in nplayer games and derive the equilibrium strategies. By means of numerical results, we show that mobile nodes become selfish when the cost of changing pseudonyms is small, whereas they cooperate more when the cost of changing pseudonyms increases. Finally, we design a protocol the PseudoGame protocol based on the results of our analysis.
Rationality and adversarial behavior in multiparty computation
 Advances in Cryptology — Crypto 2006
, 2006
"... Abstract. We study multiparty computation in the model where none of n participating parties are honest: they are either rational, acting in their selfish interest to maximize their utility, or adversarial, acting arbitrarily. In this new model, which we call the mixedbehavior model, we define a c ..."
Abstract

Cited by 39 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We study multiparty computation in the model where none of n participating parties are honest: they are either rational, acting in their selfish interest to maximize their utility, or adversarial, acting arbitrarily. In this new model, which we call the mixedbehavior model, we define a class of functions that can be computed in the presence of an adversary using a trusted mediator. We then give a protocol that allows the rational parties to emulate the mediator and jointly compute the function such that (1) assuming that each rational party prefers that it learns the output while others do not, no rational party has an incentive to deviate from the protocol; and (2) the rational parties are protected from a malicious adversary controlling ⌈ n ⌉ − 2 of the participants: the 2 adversary can only either cause all rational participants to abort (so no one learns the function they are trying to compute), or can only learn whatever information is implied by the output of the function. 1
Game Theory Meets Network Security and Privacy
"... This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by gametheoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address dif ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
This survey provides a structured and comprehensive overview of the research contributions that analyze and solve security and privacy problems in computer networks by gametheoretic approaches. A selected set of works are presented to highlight the application of game theory in order to address different forms of security and privacy problems in computer networks and mobile applications. The presented works are classified into six main categories based on their topics: security of the physical and MAC layers, application layer security in mobile networks, intrusion detection systems, anonymity and privacy, economics of network security, and cryptography. In each category, security problems, players, and game models are identified and the main results of selected works, such as equilibrium analysis and security mechanism designs are summarized. In addition, a discussion on advantages, drawbacks, and the future direction of using game theory in this field is provided. In this survey, we aim to provide a better understanding of the different research approaches for applying game theory to network security. This survey can also help researchers from various fields develop gametheoretic solutions to current and emerging security problems in computer networking. Categories and Subject Descriptors: C.2.0 [ComputerCommunication Networks]: General—
Lower bounds on implementing robust and resilient mediators
, 2007
"... We consider games that have (k, t)robust equilibria when played with a mediator, where an equilibrium is (k, t)robust if it tolerates deviations by coalitions of size up to k and deviations by up to t players with unknown utilities. We prove lower bounds that match upper bounds on the ability to i ..."
Abstract

Cited by 28 (7 self)
 Add to MetaCart
(Show Context)
We consider games that have (k, t)robust equilibria when played with a mediator, where an equilibrium is (k, t)robust if it tolerates deviations by coalitions of size up to k and deviations by up to t players with unknown utilities. We prove lower bounds that match upper bounds on the ability to implement such mediators using cheap talk (that is, just allowing communication among the players). The bounds depend on (a) the relationship between k, t and n, the total number of players in the system; (b) whether players know the exact utilities of other players; (c) whether there are broadcast channels or just pointtopoint channels; (d) whether cryptography is available; and (e) whether the game has a (k + t)punishment strategy; that is, a strategy that, if used by all but at most k + t players, guarantees that every player gets a worse outcome than they do with the equilibrium strategy.