Collusion-resistance in optimistic fair exchange

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2012

An optimistic fair exchange (OFE) protocol is an effective tool helping two parties exchange their digital items in an equitable way with assistance of a trusted third party, called arbitrator, who is only required if needed. In previous studies, fair exchange is usually carried out between individual parties. When fair exchange is carried our between two members from distinct groups, anonymity of the signer in a group could be necessary for achieving better privacy. In this paper, we consider optimistic fair exchange of ring signatures (OFERS), i.e. two members from two different groups can exchange their ring signatures in a fair way with ambiguous signers. Each user in these groups has its own public-private key pair and is able to sign a message on behalf of its own group anonymously. We first define the security model of OFFERS in the multiuser setting under adaptive chosen message, chosen-key and chosen public-key attacks. Then, based on verifiable encrypted ring signatures (VERS) we construct a concrete scheme by combining the technologies of ring signatures, public-key encryption and proof of knowledge. Finally, we show that our OFERS solution is provably secure in our security model, and preserving signer-ambiguity of ring signatures. To the best of our knowledge, this is the first (formal) work on this topic.

Lecture Notes in Computer Science, 2014

How to sign an electronic contract online between two parties (say Alice and Bob) in a fair manner is an interesting problem, and has been studied for a long time. Optimistic Fair Exchange (OFE) is an efficient solution to this problem, in which a semi-trusted third party named arbitrator is called in to resolve a dispute if there is one during an exchange between Alice and Bob. Recently, several extensions of OFE, such as Ambiguous OFE (AOFE) and Perfect AOFE (PAOFE), have been proposed to protect the privacy of the exchanging parties. These variants prevent any outsider including the arbitrator from telling which parties are involved in the exchange of signatures before the exchange completes.

Lecture Notes in Computer Science, 2010

Recent research has shown that the single-user security of optimistic fair exchange cannot guarantee the multi-user security. This paper investigates the conditions under which the security of optimistic fair exchange in the single-user setting is preserved in the multi-user setting. We first introduce and define a property called "Strong Resolution-Ambiguity". Then we prove that in the certified-key model, an optimistic fair exchange protocol is secure in the multi-user setting if it is secure in the single-user setting and has the property of strong resolution-ambiguity. Finally we provide a new construction of optimistic fair exchange with strong resolution-ambiguity. The new protocol is setup-free, stand-alone and multi-user secure without random oracles.

Lecture Notes in Computer Science, 2002

a multi-party fair exchange protocol of electronic items with an offline trusted third party. In this protocol, a coalition including the initiator of the exchange can succeed in excluding a group of parties without the consent of the remaining entities. We show that every participant must trust the initiator of the protocol for not becoming a passive conspirator. We propose a new protocol in which the participants only need to trust the trusted third party. Moreover, under certain circumstances, if there are participants excluded from the exchange, they can prove that a problem occurred to an external adjudicator.

2011

Security services become crucial to many applications such as e-commerce payment protocols, electronic contract signing, and certified e-mail delivery, with the phenomenal growth of the Internet and open networks. For these applications fair exchange must be assured. A fair protocol allows two parties to exchange digital signatures over the Internet in a fair way, so that either each party gets the other’s signature, or neither party does. This paper, gives a survey on the most important fair and optimistic digital signature exchange protocols. Optimistic, means the third trusted party (TTP) is involved only in the situations where one party is cheating or the communication channel is interrupted, i.e., TTP is offline. As more business is conducted over the Internet, the fair-exchange problem is gaining greater importance. This paper also provides an analysis of basic features, security, and efficiency of digital signature exchange protocols. Keywords-Fair-exchange protocols; e-comm...

International Journal of Applied Cryptography, 2008

Fair exchange protocols allow both or neither of two parties to obtain the other's items, and this property is essential in e-commerce. In this paper, we construct an optimistic fair exchange protocol that is applicable to any digital signature by prescribing three forms of signatures, namely presignature, post-signature and notarised signature. We set an expiration date for presignature, and thus realise the timely termination of the protocol. Next, we define an ideal functionality of fair exchange protocols in the universal composability framework. Then, we construct an optimistic fair exchange protocol based on the above protocol, and prove its security in the universal composability framework.

22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008), 2008

In this paper we propose a new class of Fair Exchange Signature Scheme(FESS) that allows two players to exchange digital signatures in a fair way. Our signature scheme is a general idea and has various implementations on most of the existing signature schemes, thus it may also be considered as an interesting extension of concurrent signature presented in EUROCRYPT 2004 that is constructed from ring signatures. In our scheme, two unwakened signatures signed separately by two participants can be verified easily by the other player, but it would not go into effect until an extra piece of commitment keystone is released by one of the players. Once the keystone revealed, two signatures are both aroused and become effective. A key feature of the proposed scheme is that two players can exchange digital signatures simultaneously through a secret commitment keystone without involvement of any Trusted Third Party. Moreover, the efficiency of our signature scheme is higher than that of concurrent signature.

2013

Abstract—Security services become crucial to many applications such as e-commerce payment protocols, electronic contract signing, and certified e-mail delivery, with the phenomenal growth of the Internet and open networks. For these applications fair exchange must be assured. A fair protocol allows two parties to exchange digital signatures over the Internet in a fair way, so that either each party gets the other’s signature, or neither party does. This paper, gives a survey on the most important fair and optimistic digital signature exchange protocols. Optimistic, means the third trusted party (TTP) is involved only in the situations where one party is cheating or the communication channel is interrupted, i.e., TTP is offline. As more business is conducted over the Internet, the fair-exchange problem is gaining greater importance. This paper also provides an analysis of basic features, security, and efficiency of digital signature exchange protocols. Keywords-Fair-exchange protocol...

2002

We propose a new protocol allowing the exchange of an item against a signature while assuring fairness. The proposed protocol, based on the Girault-Poupard-Stern signature scheme (a variation of the Schnorr scheme), assumes the existence of a trusted third party that, except in the setup phase, is involved in the protocol only when one of the parties does not follow the designated protocol or some technical problem occurs during the execution of the protocol. The interesting feature of the protocol is the low communication and computational charges required by the parties. Moreover, in case of problems during the main protocol, the trusted third party can derive the same digital signature as the one transmitted in a faultless case, rather than an affidavit or an official certificate.

Information Sciences, 2011

In an Optimistic Fair Exchange (OFE) for digital signatures, two parties exchange their signatures fairly without requiring any online trusted third party. The third party is only involved when a dispute occurs. In all the previous work, OFE has been considered only in a setting where both of the communicating parties are individuals. There is little work discussing about the fair exchange between two groups of users, though we can see that this is actually a common scenario in actual OFE applications. In this paper, we introduce a new variant of OFE, called Group-Oriented Optimistic Fair Exchange (GOFE). A GOFE allows two users from two different groups to exchange signatures on behalf of their groups in a fair and anonymous manner. Although GOFE may be considered as a fair exchange for group signatures, it might be inefficient if it is constructed generically from a group signature scheme. Instead, we show that GOFE is backward compatible to the Ambiguous OFE (AOFE). Also, we propose an efficient and concrete construction of GOFE, and prove its security under the security models we propose in this model. The security of the scheme relies on the decision linear assumption and strong Diffie-Hellman assumption under the random oracle model.