Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services About Hostile and Selfish Players Game Theory in Distributed Computing Esfandiar Mohammadi Seminar on Advanced Topics in Distributed Computing Research Group on Distributed Computing and Operating Systems Max-Planck Institute for Software Systems Saarland University Advisor: Ph.D. Petr Kuznetsov 24th January 2008
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Multiadministrative Domains What about Predictable Selfish Domains?
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Outline • The Secret Sharing Game • Basic Game Theoretic Notions • Rational Secret Sharing • Multiparty Computation • The Terminating Reliable Broadcast Game • Cooperative Services • Proofs of Misbehavior
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services k out of n Secret Sharing
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Basic Game Theoretic Notions • Protocols viewed as games • Local state L : message history and state • Actions A in Secret Sharing: “Send” and “Don’t-Send” • Strategy of player i σ i : L i → A i , S := S 1 × · · · × S n • Utility u i : S → R
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Basic Game Theoretic Notions (cont’d) (s 1 ,s 1 ) = = 1 2 2 sends 1 and 2 send (a kp, sd) = α = 1 2 Noone sends (a sd, sd) = α = 1 sends 1 2 (a kp, kp) = α = 1 2 (a sd, kp) = α = 1 2 ( out 1 , out 1 ) = = 1 2 (s 3 ,s 3 ) (s 4 ,s 4 ) (s 5 ,s 5 ) = = = = = = 1 2 1 2 1 2 (s 2 ,s 2 ) = = 1 2 5 4 (u ,u ) = = ( out 0 , out 1 ) 1 2 = = ( out 1 , out 0 ) 1 2 = = 1 2 (u 0 , u 7 ) = = (u 5 , u 0 ) 1 2 = = 1 2 (s 6 ,s 6 ) (s 7 ,s 7 ) (s 8 ,s 8 ) (s 9 ,s 9 ) = = = = = = = = 1 2 1 2 1 2 1 2 … Game tree of a secret sharing game with two players s i : local state, u i = u i ( σ ) : utility, a i : actions
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Game Theoretic Solution Concepts • Nash Equilibrium σ = ( σ 1 , . . . , σ n ) ∈ S : ∀ i ∈ { 1 , . . . , n } ∀ τ i ∈ S i : u i ( σ i , σ − i ) ≥ u i ( τ i , σ − i ) • σ i ∈ S i weakly dominates τ ∈ S i w.r.t. S − i : ∀ ρ − i ∈ S − i : u i ( σ i , ρ − i ) ≥ u i ( τ i , ρ − i ) and ∃ ρ ′ − i ∈ S − i : u i ( σ i , ρ ′ − i ) > u i ( τ i , ρ ′ − i ) • Iterated Deletion of weakly dominated strategies: S 0 i := S i , S j + 1 := { τ i ∈ S j i | no strategy weakly dominates τ i w.r.t. S j − i } i S ∞ := � j ∈ N S j 1 × · · · × S j n
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Game Theoretic Solution Concepts • Nash Equilibrium σ = ( σ 1 , . . . , σ n ) ∈ S : ∀ i ∈ { 1 , . . . , n } ∀ τ i ∈ S i : u i ( σ i , σ − i ) ≥ u i ( τ i , σ − i ) • σ i ∈ S i weakly dominates τ ∈ S i w.r.t. S − i : ∀ ρ − i ∈ S − i : u i ( σ i , ρ − i ) ≥ u i ( τ i , ρ − i ) and ∃ ρ ′ − i ∈ S − i : u i ( σ i , ρ ′ − i ) > u i ( τ i , ρ ′ − i ) • Iterated Deletion of weakly dominated strategies: S 0 i := S i , S j + 1 := { τ i ∈ S j i | no strategy weakly dominates τ i w.r.t. S j − i } i S ∞ := � j ∈ N S j 1 × · · · × S j n
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Game Theoretic Solution Concepts • Nash Equilibrium σ = ( σ 1 , . . . , σ n ) ∈ S : ∀ i ∈ { 1 , . . . , n } ∀ τ i ∈ S i : u i ( σ i , σ − i ) ≥ u i ( τ i , σ − i ) • σ i ∈ S i weakly dominates τ ∈ S i w.r.t. S − i : ∀ ρ − i ∈ S − i : u i ( σ i , ρ − i ) ≥ u i ( τ i , ρ − i ) and ∃ ρ ′ − i ∈ S − i : u i ( σ i , ρ ′ − i ) > u i ( τ i , ρ ′ − i ) • Iterated Deletion of weakly dominated strategies: S 0 i := S i , S j + 1 := { τ i ∈ S j i | no strategy weakly dominates τ i w.r.t. S j − i } i S ∞ := � j ∈ N S j 1 × · · · × S j n
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Game Theoretic Solution Concepts (cont’d) • Practical Mechanism σ ∈ S ∞ and σ is a Nash Equilibrium • k -resilient Practical Mechanism σ ∈ S ∞ and σ is a k -resilient Nash Equilibrium • Coalition of k selfish, but rational players
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Deterministic Practical Mechanisms Are Impossible • Assumptions (U1) Rational player want to learn the secret (U2) Utility only depends on learning the secret ⇒ There is no Practical Mechanism for secret sharing, if the runtime is known to the players. • Not sending the own share weakly dominates the sending the secret. • But what about randomized protocols?
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Deterministic Practical Mechanisms Are Impossible • Assumptions (U1) Rational player want to learn the secret (U2) Utility only depends on learning the secret ⇒ There is no Practical Mechanism for secret sharing, if the runtime is known to the players. • Not sending the own share weakly dominates the sending the secret. • But what about randomized protocols?
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Rational Secret Sharing A Randomized Protocol • Assume secure private channels between each participant • Mediator controls sent shares and punishes misbehavior • Expected Runtime 1 /α ( α depends the players utility)
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Rational Secret Sharing A Randomized Protocol • Initially: The issuer send signed shares to the players • At each round t ( c t ← { 0 , 1 } , Pr [ c t = 1 ] = α ): • Phase 1: Player i sends ack i (and share in round 0) to the mediator • Phase 2: Mediator sends shares of h t = g t + c t · f ( g t ( 0 ) = 0 ) to the players, ckecks the initial shares, if one ack i misses aborts • Phase 3: Players send share of h t to every other player, check if h t ( 0 ) � = 0
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Why Should a Rational Player Follow the Protocol? • What if a player sends the wrong initial share?
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Rational Secret Sharing A Randomized Protocol • Initially: The issuer send signed shares to the players • At each round t ( c t ← { 0 , 1 } , Pr [ c t = 1 ] = α ): • Phase 1: Player i sends ack i (and share in round 0) to the mediator • Phase 2: Mediator sends shares of h t = g t + c t · f ( g t ( 0 ) = 0 ) to the players, ckecks the initial shares, if one ack i misses aborts • Phase 3: Players send share of h t to every other player, check if h t ( 0 ) � = 0
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Why Should a Rational Player Follow the Protocol? • What if a player sends the wrong initial share? • What if a player sends a wrong share of h t in phase 3?
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Rational Secret Sharing A Randomized Protocol • Initially: The issuer send signed shares to the players • At each round t ( c t ← { 0 , 1 } , Pr [ c t = 1 ] = α ): • Phase 1: Player i sends ack i (and share in round 0) to the mediator • Phase 2: Mediator sends shares of h t = g t + c t · f ( g t ( 0 ) = 0 ) to the players, ckecks the initial shares, if one ack i misses aborts • Phase 3: Players send share of h t to every other player, check if h t ( 0 ) � = 0
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Why Should a Rational Player Follow the Protocol? • What if a player sends the wrong initial share? • What if a player sends a wrong share of h t in phase 3? • What if a player doesn’t send his share of h t in phase 3?
Introduction Secret Sharing and Multiparty Computation Terminating Reliable Broadcast Cooperative Services Rational Secret Sharing A Randomized Protocol • Initially: The issuer send signed shares to the players • At each round t ( c t ← { 0 , 1 } , Pr [ c t = 1 ] = α ): • Phase 1: Player i sends ack i (and share in round 0) to the mediator • Phase 2: Mediator sends shares of h t = g t + c t · f ( g t ( 0 ) = 0 ) to the players, ckecks the initial shares, if one ack i misses aborts • Phase 3: Players send share of h t to every other player, check if h t ( 0 ) � = 0
Recommend
More recommend