A Survey on Optimistic Fair Digital Signature Exchange Protocols

2013

Abstract—Security services become crucial to many applications such as e-commerce payment protocols, electronic contract signing, and certified e-mail delivery, with the phenomenal growth of the Internet and open networks. For these applications fair exchange must be assured. A fair protocol allows two parties to exchange digital signatures over the Internet in a fair way, so that either each party gets the other’s signature, or neither party does. This paper, gives a survey on the most important fair and optimistic digital signature exchange protocols. Optimistic, means the third trusted party (TTP) is involved only in the situations where one party is cheating or the communication channel is interrupted, i.e., TTP is offline. As more business is conducted over the Internet, the fair-exchange problem is gaining greater importance. This paper also provides an analysis of basic features, security, and efficiency of digital signature exchange protocols. Keywords-Fair-exchange protocol...

IEE Proceedings - Communications, 2005

A protocol is presented for the fair digital-signature exchange commonly seen in e-commerce systems. The protocol incorporates a novel approach for the recovery of a signature with the assistance of an offline trusted third party that can impose a penalty on a misbehaving party. This new approach enables the protocol to achieve fairness in a simpler and more efficient manner than other relevant fair exchange protocols, while being able to deter a dishonest party from misbehaving.

IEEE Transactions on Information Forensics and Security, 2000

Optimistic fair exchange (OFE) protocols are useful tools for two participants to fairly exchange items with the aid of a third party who is only involved if needed. A widely accepted requirement is that the third party's involvement in the exchange must be transparent, to protect privacy and avoid bad publicity. At the same time, a dishonest third party would compromise the fairness of the exchange and the third party thus must be responsible for its behaviors. This is achieved in OFE protocols with another property called accountability. It is unfortunate that the accountability has never been formally studied in OFE since its introduction ten years ago. In this paper, we fill these gaps by giving the first complete definition of accountability in OFE where one of the exchanged items is a digital signature and a generic (also the first) design of OFE where transparency and accountability coexist.

2004

In PODC 2003, Micali presented a fair electronic exchange protocol for contract signing with an invisible trusted party [17]. The protocol was filed as a US patent No 5666420 in 1997 [16]. In the protocol, two mutually distrusted parties exchange their commitments to a contract in a fair way such that either each of them can obtain the other’s commitment, or neither of them does. The protocol is optimistic in the sense that the trusted party need not be involved in the protocol unless a dispute occurs. In this paper, we show that Micali’s protocol cannot achieve the claimed fairness. In resolving a dispute, the trusted party may face a dilemma situation that no matter what it does, one of the exchanging parties can succeed in cheating. In other words, there is always a party who can get the other’s commitment without the other party obtaining his. We further propose a revised version of contract signing protocol that preserves fairness while remaining optimistic.

2006

For e-commerce payments, fair exchange is one of the essential problems. The optimistic fair exchange protocol allows two parties to efficiently exchange items so that either each party gets the other's item or neither does. We propose a new optimistic fair exchange protocol that is efficient and applicable to any digital signature scheme such as RSA or DSA. In our protocol, we introduce pre-signature, post-signature and notarized signature by prescribing the form of the digital signatures. Furthermore, we introduce a parameter that represents the expiration date of the pre-signature to realize the timely termination of the protocol.

Contract signing plays a very important role in any business transaction, in particular in situations where the involved parties do not trust each other to some extent already. As electronic commerce is becoming more and more important and popular in the world, it is desirable to have a mechanism that allows two parties to sign a digital contract via the Internet. This requirement is essentially captured by the concept of fairness: At the end of the protocol, either both parties have valid signatures for a contract or neither does, even if one of them tries to cheat or the communication channel is out of order. Existing contract protocols without the property of abuse-freeness is a risk for a honest party, as a possible dishonest party maybe does not really want to sign the contract with her, but only use her willingness to sign to get leverage for another contract. And so the existing contract-signing protocols are not abuse-free. This project proposes a new contractsigning protocol for two mutually distrusted parties. This protocol is based on an RSA multi signature, which is formally proved to be secure. This protocol is fair and optimistic. However, different from all previous RSA-based contractsigning protocol, the proposed protocol is further abuse-free. That is, if the contract-signing protocol is executed unsuccessfully, each of the two parties cannot show the validity of intermediate results generated by the other party to outsiders, during or after the procedure where those intermediate results are output.

22nd International Conference on Advanced Information Networking and Applications - Workshops (aina workshops 2008), 2008

In this paper we propose a new class of Fair Exchange Signature Scheme(FESS) that allows two players to exchange digital signatures in a fair way. Our signature scheme is a general idea and has various implementations on most of the existing signature schemes, thus it may also be considered as an interesting extension of concurrent signature presented in EUROCRYPT 2004 that is constructed from ring signatures. In our scheme, two unwakened signatures signed separately by two participants can be verified easily by the other player, but it would not go into effect until an extra piece of commitment keystone is released by one of the players. Once the keystone revealed, two signatures are both aroused and become effective. A key feature of the proposed scheme is that two players can exchange digital signatures simultaneously through a secret commitment keystone without involvement of any Trusted Third Party. Moreover, the efficiency of our signature scheme is higher than that of concurrent signature.

2002

We propose a new protocol allowing the exchange of an item against a signature while assuring fairness. The proposed protocol, based on the Girault-Poupard-Stern signature scheme (a variation of the Schnorr scheme), assumes the existence of a trusted third party that, except in the setup phase, is involved in the protocol only when one of the parties does not follow the designated protocol or some technical problem occurs during the execution of the protocol. The interesting feature of the protocol is the low communication and computational charges required by the parties. Moreover, in case of problems during the main protocol, the trusted third party can derive the same digital signature as the one transmitted in a faultless case, rather than an affidavit or an official certificate.

International Journal of Applied Cryptography, 2008

Fair exchange protocols allow both or neither of two parties to obtain the other's items, and this property is essential in e-commerce. In this paper, we construct an optimistic fair exchange protocol that is applicable to any digital signature by prescribing three forms of signatures, namely presignature, post-signature and notarised signature. We set an expiration date for presignature, and thus realise the timely termination of the protocol. Next, we define an ideal functionality of fair exchange protocols in the universal composability framework. Then, we construct an optimistic fair exchange protocol based on the above protocol, and prove its security in the universal composability framework.

2009

One of the essential security services needed to safeguard online transactions is fair exchange. In fair exchange protocols two parties can exchange their signatures in a fair manner, so that either each party gain the other's signature or no one obtain anything useful. This paper examines security solutions for achieving fair exchange. It proposes new security protocols based on the "Certified Encrypted Message Being Signature" (CEMBS) by using RSA signature scheme. This protocol relies on the help of an "off-line Semi-Trusted Third Party" (STTP) to achieve fairness. They provide with confidential protection from the STTP for the exchanged items by limiting the role and power of the STTP. Three different protocols have been proposed. In the first protocol, the two main parties exchange their signatures on a common message. In the second protocol, the signatures are exchanged on two different messages. While in the third one, the exchange is between confidential data and signature.