Secure Multiparty Computations on Bitcoin
Secure multiparty computation (MPC) protocols enable multiple parties to jointly compute a function over their inputs while keeping those inputs private. For example, two millionaires decide who is the richer and should pay for dinner, without revealing their actual wealth¹. Or a group of employees can calculate the average salary of the group without disclosing their individual salaries.
One fundamental limitation of MPC is that it cannot force parties to respect the outcome. In the millionaires example, one can refuse to pay after he finds out he is richer.
We use Bitcoin to solve this challenge², by linking the outcome of MPC to real transactions using Bitcoin’s smart contract capabilities. We demonstrate this by implementing decentralized lottery, without a trusted third party.
Decentralized Lottery
Each of N players chooses a random number and commits to it. They each lock up 1 bitcoin in the following contract. After they reveal their secret numbers, a winner will be chosen and takes all N bitcoins. Each player has the same probability of winning.
Practical Considerations
In practices, measures can be taken to prevent players from not revealing their secret numbers. One way would be using timed commitment², where a player loses his deposit if he does not reveal by a deadline.
Conclusion
We have showed how to enforce MPC rules using decentralized lottery as an example. The same technique can be generalized to other MPC protocols, such as coin toss or mental poker.
