Secure Guaranteed Computation

We introduce secure guaranteed two-party computation, where parties commit in advance to compute a function over their private inputs, by providing some (validated) compensation, such that if a party fails to provide an appropriate input during protocol execution, then the peer receives the compensation. Enforcement of the guarantees requires a trusted enforcement authority (TEA); however, the protocol protects con dentiality even from the TEA. Our secure guaranteed computation protocol is optimistic, i.e., the TEA is involved only if a party fails to participate (correctly). Secure guaranteed computation has direct practical applications, such as sensitive trading of nancial products, and could also be used as a building block to motivate parties to complete protocols, e.g., ensuring unbiased coin tossing. The guarantee process can be either symmetric (both parties provide guarantees) or asymmetric (e.g., only server provides guarantee to client). Symmetric guarantees should also be fair, i.e., one party cannot obtain guarantee of the other party without supplying a guarantee as well. The protocol guaranteeing output, which we present uses in a modular manner a new protocol, that we construct, for optimistic fair secure computation, which may be of independent interest, as it is simpler and more e cient than previously known protocols.