Achieving correctness in fair rational secret sharing

Abstract

In rational secret sharing, parties may prefer to mislead others in believing a wrong secret as the correct one over everybody obtaining the secret (i.e. a fair outcome). Prior rational secret reconstruction protocols for non-simultaneous channel only address the case where a fair outcome is preferred over misleading and hence are fair but not correct. Asharov and Lindell (2010) proposed the first and the only protocol that takes care of both the preferences. In this paper, we propose a new rational secret sharing protocol that addresses both the preferences and is fair and correct in the non-simultaneous channel model. Additionally, it is independent of the utility of misleading. Each rational party is given a list of sub-shares of shares of the actual secret and fake shares. In each round of the protocol each party sends the current element in its list to the other party and then reconstructs a share from the sub-shares obtained. The main idea is to use a checking share which is a share of the original secret as a protocol-induced membership auxiliary information to check whether the shares obtained till a certain round can be used to reconstruct the correct secret. We overcome the disadvantages of the presence of auxiliary information by using the time-delayed encryption scheme used by the protocol of Lysyanskaya and Segal (2010) that tolerates players with arbitrary side information. In our case, the side information used is not arbitrary but introduced by the mechanism/protocol designer to put all players on equal footing. We show that our protocol is in computational strict Nash equilibrium in the presence of protocol-induced auxiliary information. © Springer International Publishing 2013.