Gracefully Degrading Fair Exchange with Security Modules
The fair exchange problem is key to trading electronic items in systems of mutually untrusted parties. In modern variants of such systems, each party is equipped with a tamper proof security module. The security modules trust each other but can only communicate by exchanging messages through their host parties. These hosts are untrusted and could intercept and drop those messages. We describe a synchronous algorithm that ensures deterministic fair exchange if a majority of parties are honest, which is optimal in terms of resilience. If there is no honest majority, our algorithm degrades gracefully: it ensures that the probability of violating fairness can be made arbitrarily low. We prove that this probability is inversely proportional to the average complexity of the algorithm in terms of its number of communication rounds, and we supply the corresponding optimal probability distribution. Our algorithm uses, as an underlying building block, an early stopping subprotocol that solves, in a model with general omission failures, a specific variant of consensus we call biased consensus. Our modular approach contributes in bridging the gap between modern security (i.e., based on security modules) and traditional distributed computing (i.e., agreement with omission failures).