Multi-party fair exchange (MFE) and fair secure multi-party computation (fair SMPC) are under-studied fields of research, with practical importance. In particular, we consider MFE scenarios where at the end of the protocol, either every participant receives every other participant’s item, or no participant receives anything. We analyze the case where a trusted third party (TTP) is optimistically available, although we emphasize that the trust put on the TTP is only regarding the
fairness
, and our protocols preserve the
privacy
of the exchanged items against the TTP. In the fair SMPC case, we prove that a malicious TTP can only harm fairness, but not
security
.
We construct an
asymptotically optimal
multi-party fair exchange protocol that requires a constant number of rounds (in comparison to linear) and
O(n
2
)
messages (in comparison to cubic), where
n
is the number of participating parties. In our protocol, we enable the parties to efficiently exchange any item that can be efficiently put into a verifiable encryption (e.g., signatures on a contract). We show how to apply this protocol on top of
any
SMPC protocol to achieve fairness with very little overhead (independent of the circuit size). We then generalize our protocol to efficiently handle any exchange topology (participants exchange items with arbitrary other participants). Our protocol guarantees fairness in its strongest sense: even if all
n-1
other participants are malicious and colluding with each other, the fairness is still guaranteed.
Verifiable Encryption and Applications to Group Signatures and Signature Sharing
