Efficient Fair Certified E-Mail Delivery Based on RSA

Certified e-mail delivery (CEMD) has become one of the basic requirement in performing business transactions over the Internet securely. How to construct fair protocols for certified e-mail delivery based on the RSA cryptosystem is of great interest. Recently, Nenadic etc. proposed a novel RSA-based method for the verifiableand recoverable encrypted signature (VRES), and utilized it to construct a security protocol for certified e-mail delivery, which are claimed to provide strong fairness to ensure that the recipient receives the e-mail if and only if the sender receives the receipt. However, as a building block, their RSA-based VRES is totally breakable. This papers shows that an adversary can generate a valid VRES which cannot be recovered by the designated TTP, and hence the proposed certified e-mail delivery protocol cannot guarantee the required fairness. Based on probabilistic signatures, we proposed a novel fair CEMD protocol which works with the RSA cryptosystem and guarantees strong fairness. Moreover, there is no need for a registration phase between a party and TTP, and the proposed protocol is more computation and communication efficient.

[1]  Jan Camenisch,et al.  Separability and Efficiency for Generic Group Signature Schemes , 1999, CRYPTO.

[2]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[3]  Ning Zhang,et al.  FIDES – A Middleware E-Commerce Security Solution , 2004 .

[4]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[5]  Robert H. Deng,et al.  Practical protocols for certified electronic mail , 1996, Journal of Network and Systems Management.

[6]  Bruce Schneier,et al.  A certified e-mail protocol , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[7]  Colin Boyd,et al.  Off-Line Fair Payment Protocols Using Convertible Signatures , 1998, ASIACRYPT.

[8]  Liqun Chen,et al.  Efficient Fair Exchange with Verifiable Confirmation of Signatures , 1998, ASIACRYPT.

[9]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[10]  Michael K. Reiter,et al.  Fair Exchange with a Semi-Trusted Third Party (extended abstract) , 1997, CCS.

[11]  Ning Zhang,et al.  Fair certified e-mail delivery , 2004, SAC '04.

[12]  Indrajit Ray,et al.  An Optimistic Fair Exchange E-commerce Protocol with Automated Dispute Resolution , 2000, EC-Web.

[13]  Cristina Nita-Rotaru,et al.  Stateless-Recipient Certified E-Mail System Based on Verifiable Encryption , 2002, CT-RSA.

[14]  Markus Jakobsson,et al.  Abuse-Free Optimistic Contract Signing , 1999, CRYPTO.

[15]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[16]  Giuseppe Ateniese Verifiable encryption of digital signatures and applications , 2004, TSEC.

[17]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.