Secure Computation Excluding Embedded XOR with Rational Players: a Unified Approach in Classical and Quantum Paradigms

A seminal result of Cleve (STOC 1986) showed that fairness, in general, is impossible to achieve in case of two-party computation if one of them is malicious. Ben-Or et al. and Chaum et al. (STOC 1988) showed that absolute correctness can be achieved in case of multiparty computation when one third players are faulty. However, they analyzed the problem in broadcasting channel model. In non-simultaneous channel model, Gordon et al. (STOC 2008) observed that there exist some functions for which fairness can be achieved even though one of the two parties is malicious. One of the functions considered by Gordon et al. is exactly the millionaires' problem (Yao, FOCS 1982) or, equivalently, the `greater than' function. The problem deals with two millionaires, Alice and Bob, who are interested in finding who amongst them is richer, without revealing their actual wealth to each other. We, for the first time, study this problem in presence of rational players. In particular, we show that Gordon's protocol no longer remains fair when the players are rational. Next, we design a protocol with rational players, that not only achieves fairness, but also achieves correctness and strict Nash equilibrium for natural utilities. Gordon et al. (JACM, 2011) showed that any function over polynomial-size domains which does not contain an "embedded XOR" can be converted into the greater than function. Thus, the proposed protocol is applicable for any function except embedded XOR. We, also for the first time, provide a solution to the quantum version of millionaires' problem with rational players, that achieves fairness, correctness and strict Nash equilibrium. Both our classical and quantum protocols follow a unified approach; both use a rational third party and get rid of the requirement of the online dealer of Groce et al. (EUROCRYPT 2012).