Article

Efficient Fair Exchange with Verifiable Confirmation of Signatures

Author:

Liqun ChenAuthors Info & Claims

ASIACRYPT '98: Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology

Pages 286 - 299

Published: 18 October 1998 Publication History

Abstract

We propose a new efficient protocol, which allows a pair of potentially mistrusting parties to exchange digital signatures over the Internet in a fair way, such that after the protocol is running, either each party obtains the other's signature, or neither of them does. The protocol relies on an off-line Trusted Third Party (TTP), which does not take part in the exchange unless any of the parties behaves improperly or other faults occur. Efficiency of the protocol is achieved by using a cryptographic primitive, called confirmable signatures (or designated confirmer signatures in its original proposal [9]). We recommend using a new efficient confirmable signature scheme in the proposed fair exchange protocol. This scheme combines the family of discrete logarithm (DL) based signature algorithms and a zero-knowledge (ZK) proof on the equality of two DLs. The protocol has a practical level of performance: only a moderate number of communication rounds and ordinary signatures are required. The security of the protocol can be established from that of the underlying signature algorithms and that of the ZK proof used.

References

[1]

Asokan, A., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In Proceedings of 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, (1997) 6-17.

[2]

Asokan, A., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. In Advances in Cryptology - EUROCRYPT '98, LNCS 1403, Springer-Verlag, (1998) 591-606.

[3]

Bao, F.: An efficient verifiable encryption scheme for encryption of discrete logarithms. To appear in CARDIS '98.

[4]

Bao, F., Deng, R., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In Proceedings of 1998 IEEE Symposium on Security and Privacy, Oakland, California, IEEE Computer Press, (1998) 77-85.

[5]

Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.: A fair protocol for signing contracts. IEEE Transactions on Information Theory. 36(1) (1990) 40-46.

[6]

Boyd, C., Foo, E.: Off-line fair payment protocols using convertible signatures. ASIACRYPT '98 (these proceedings).

[7]

Boyar, J., Chaum, D., Damgård, I., Pedersen, T.: Convertible undeniable signatures. In Advances in Cryptology - CRYPTO '90, LNCS 537, Springer-Verlag, (1991) 189-205.

[8]

Chaum, D.: Zero-knowledge undeniable signatures. In Advances in Cryptology - EUROCRYPT '90, LNCS 473, Springer-Verlag, (1991) 458-464.

[9]

Chaum, D.: Designated con_rmer signatures. In Advances in Cryptology - EUROCRYPT '94, LNCS 950, Springer-Verlag, (1994) 86-91.

[10]

Cleve, R.: Controlled gradual disclosure schemes for random bits and their applications. In Advances in Cryptology - CRYPTO '89, LNCS 435, pages. Springer-Verlag, (1990) 572-588.

[11]

Cox, B., Tygar, J., Sirbu, M.: NetBill security and transaction protocol. In Proceedings of First USENIX Workshop on Electronic Commerce, (1995) 77-88.

[12]

Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. In Advances in Cryptology - EUROCRYPT '93, LNCS 765, Springer-Verlag, (1994) 201-207.

[13]

Deng, R., Gong, L., Lazar, A., Wang, W.: Practical protocol for certified electronic mail. Journal of Network and Systems Management. 4(3) (1996) 279-297.

[14]

ElGamal, T.: A public-key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory. 31(4) (1985) 469-472.

[15]

Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CACM. 28(6) (1985) 637-647.

[16]

U.S. Department of Commerce/National Institute of Standards and Technology, Digital Signature Standard. Federal Information Processing Standard Publication (FIPS PUB) 186, May 1994.

[17]

Franklin, M., Reiter, M.: Fair exchange with a semi-trusted third party. In Proceedings of 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, (1997) 1-5.

[18]

Guillou, L., Quisquater, J.: A paradoxical identity-based signature scheme resulting from zero-knowledge. In Advances in Cryptology -CRYPTO '88, LNCS 403, Springer-Verlag, (1990) 216-231.

[19]

Luby, M., Micali, S., Rackoff, C.: How to simultaneously exchange a secret bit by flipping symmetricall-based coin. In Proceedings of the 24th IEEE Symposium on the Foundations of Computer Science (FOCS), (1983) 11-22.

[20]

Mao, W.: Verifiable escrowed Signature. In Proceedings of Second Australasian Conference on Information Security and Privacy, LNCS 1270, Springer-Verlag, (1997) 240-248.

[21]

Michels, M., Stadler, M.: Efficient convertible undeniable signature schemes. In the Proceedings of the 4th Annual Workshop on Selected Areas in Cryptography (SAC '97), (1997).

[22]

Michels, M., Stadler, M.: Generic constructions for secure and efficient confirmer signatures. In Advances in Cryptology - EUROCRYPT '98, LNCS 1403, Springer-Verlag, Berlin, (1998) 406-421.

[23]

Okamoto, T.: Designated confirmer signatures and public-key encryption are equivalent. In Advances in Cryptology - CRYPTO '94, LNCS 839, Springer-Verlag, (1994) 61-74.

[24]

Okamoto, T., Ohta, K.: How to simultaneously exchange secrets by general assumption. In Proceedings of 2nd ACM Conference on Computer and Communications Security, (1994) 184-192.

[25]

Okamoto, T., Uchiyama, S.: A new public-key cryptosystem as secure as factoring. In Advances in Cryptology - EUROCRYPT '98, LNCS 1403, Springer-Verlag, Berlin, (1998) 308-318.

[26]

Rabin, M., Transaction protection by beacons. Aiken Computation Lab. Harverd University Cambridge, MA, Tech. Rep. (1981) 29-81.

[27]

Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM. 21 (1978) 294-299.

[28]

Schnorr, C.: Efficient identification and signatures for smart-cards. In Advances in Cryptology - EUROCRYPT '89, LNCS 435, Springer-Verlag, (1990) 239-252.

[29]

Stadler, M.: Publicly verifiable secret sharing. In Advances in Cryptology - EUROCRYPT '96, LNCS 1070, Springer-Verlag, (1996) 190-199.

[30]

Tedric, T.: Fair exchange of secrets. In Advances in Cryptology - CRYPTO '84, LNCS 196, Springer-Verlag, (1985) 434-438.

[31]

Zhou, J., Gollmann, D.: A fair non-repudiation protocol. In Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, California, IEEE Computer Press, (1996) 55-61.

[32]

Zhou, J., Gollmann, D.: An efficient non-repudiation protocol. In Proceedings of 10th IEEE Computer Security Foundations Workshop, Rockport, Massachusetts, (1997) 126-132.

Cited By

Shao JFeng MZhu BCao Z(2007)An efficient certified email protocolProceedings of the 10th international conference on Information Security10.5555/2396231.2396245(145-157)Online publication date: 9-Oct-2007
https://dl.acm.org/doi/10.5555/2396231.2396245
Wang GBaek JWong DBao F(2007)On the generic and efficient constructions of secure designated confirmer signaturesProceedings of the 10th international conference on Practice and theory in public-key cryptography10.5555/1760564.1760569(43-60)Online publication date: 16-Apr-2007
https://dl.acm.org/doi/10.5555/1760564.1760569
Wu CLee WTsaur WGuizani MChen HZhang X(2007)A secure protocol for misbehavior-penalization-based fair digital signature exchangeProceedings of the 2007 international conference on Wireless communications and mobile computing10.1145/1280940.1280969(138-139)Online publication date: 12-Aug-2007
https://dl.acm.org/doi/10.1145/1280940.1280969
Show More Cited By

Index Terms

Efficient Fair Exchange with Verifiable Confirmation of Signatures

Index terms have been assigned to the content through auto-classification.

Recommendations

Efficient verifiable encryption (and fair exchange) of digital signatures
CCS '99: Proceedings of the 6th ACM conference on Computer and communications security

A fair exchange protocol allows two users to exchange items so that either each user gets the other's item or neither user does. In [2], verifiable encryption is introduced as a primitive that can be used to build extremely efficient fair exchange ...
Group-oriented fair exchange of signatures

Optimistic Fair Exchange (OFE) of digital signatures allows two parties to exchange their signatures in a fair manner so that a third party, called the arbitrator, gets involved only when there is a dispute. Previous work on OFE considers the two ...
Fair exchange protocol of signatures based on aggregate signatures

In Eurocrypt 2003, Boneh et al. proposed verifiably encrypted signatures from the concept of aggregate signatures that support aggregation. Such signatures enable verifiers to test that a given ciphertext is the encryption of a signature on a given ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

ASIACRYPT '98: Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology

October 1998

432 pages

ISBN:3540651098

Editors:
Kazuo Ohta,
Dingyi Pei

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 October 1998

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Shao JFeng MZhu BCao Z(2007)An efficient certified email protocolProceedings of the 10th international conference on Information Security10.5555/2396231.2396245(145-157)Online publication date: 9-Oct-2007
https://dl.acm.org/doi/10.5555/2396231.2396245
Wang GBaek JWong DBao F(2007)On the generic and efficient constructions of secure designated confirmer signaturesProceedings of the 10th international conference on Practice and theory in public-key cryptography10.5555/1760564.1760569(43-60)Online publication date: 16-Apr-2007
https://dl.acm.org/doi/10.5555/1760564.1760569
Wu CLee WTsaur WGuizani MChen HZhang X(2007)A secure protocol for misbehavior-penalization-based fair digital signature exchangeProceedings of the 2007 international conference on Wireless communications and mobile computing10.1145/1280940.1280969(138-139)Online publication date: 12-Aug-2007
https://dl.acm.org/doi/10.1145/1280940.1280969
Oppliger R(2007)Providing Certified Mail Services on the InternetIEEE Security and Privacy10.1109/MSP.2007.155:1(16-22)Online publication date: 1-Jan-2007
https://dl.acm.org/doi/10.1109/MSP.2007.15
Wang CKuo Y(2005)An efficient contract signing protocol using the aggregate signature scheme to protect signers' privacy and promote reliabilityACM SIGOPS Operating Systems Review10.1145/1088446.108845239:4(66-79)Online publication date: 1-Oct-2005
https://dl.acm.org/doi/10.1145/1088446.1088452
Nenadic AZhang NShi QGoble C(2005)Certified E-Mail Delivery with DSA ReceiptsProceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 1810.1109/IPDPS.2005.135Online publication date: 4-Apr-2005
https://dl.acm.org/doi/10.1109/IPDPS.2005.135
Zhang ZXu JFeng D(2005)Efficient identity-based protocol for fair certified e-mail deliveryProceedings of the 4th international conference on Cryptology and Network Security10.1007/11599371_17(200-210)Online publication date: 14-Dec-2005
https://dl.acm.org/doi/10.1007/11599371_17
Zhang ZFeng D(2005)Efficient fair certified e-mail delivery based on RSAProceedings of the 2005 international conference on Parallel and Distributed Processing and Applications10.1007/11576259_41(368-377)Online publication date: 2-Nov-2005
https://dl.acm.org/doi/10.1007/11576259_41
Avoine GGärtner FGuerraoui RVukolić M(2005)Gracefully degrading fair exchange with security modulesProceedings of the 5th European conference on Dependable Computing10.1007/11408901_5(55-71)Online publication date: 20-Apr-2005
https://dl.acm.org/doi/10.1007/11408901_5
Zhang NShi QMerabti MAskwith R(2004)Autonomous mobile agent based fair exchangeComputer Networks: The International Journal of Computer and Telecommunications Networking10.5555/1648538.164880646:6(751-770)Online publication date: 1-Dec-2004
https://dl.acm.org/doi/10.5555/1648538.1648806
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents