Amortizing Secure Computation with Penalties

Motivated by the impossibility of achieving fairness in secure computation [Cleve, STOC 1986], recent works study a model of fairness in which an adversarial party that aborts on receiving output is forced to pay a mutually predefined monetary penalty to every other party that did not receive the output. These works show how to design protocols for secure computation with penalties that guarantees that either fairness is guaranteed or that each honest party obtains a monetary penalty from the adversary. Protocols for this task are typically designed in an hybrid model where parties have access to a “claim-or-refund” transaction functionality denote F∗ CR. In this work, we obtain improvements on the efficiency of these constructions by amortizing the cost over multiple executions of secure computation with penalties. More precisely, for computational security parameter λ, we design a protocol that implements ` = poly(λ) instances of secure computation with penalties where the total number of calls to F∗ CR is independent of `.