Ambiguous Optimistic Fair Exchange

Optimistic fair exchange (OFE) is a protocol for solving the problem of exchanging items or services in a fair manner between two parties, a signer and a verifier, with the help of an arbitrator which is called in only when a dispute happens between the two parties. In almost all the previous work on OFE, after obtaining a partial signature from the signer, the verifier can present it to others and show that the signer has indeed committed itself to something corresponding to the partial signature even prior to the completion of the transaction. In some scenarios, this capability given to the verifier may be harmful to the signer. In this paper, we propose the notion of ambiguous optimistic fair exchange (A-OFE), which is an OFE but also requires that the verifier cannot convince anybody about the authorship of a partial signature generated by the signer. We present a formal security model for A-OFE in the multi-user setting and chosen-key model. We also propose an efficient construction with security proven without relying on the random oracle assumption.

[1]  Edwin K. P. Chong,et al.  Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures , 2003, PODC '03.

[2]  Yevgeniy Dodis,et al.  Breaking and repairing optimistic fair exchange from PODC 2003 , 2003, DRM '03.

[3]  Silvio Micali,et al.  Online-Untransferable Signatures , 2008, Public Key Cryptography.

[4]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[5]  Jens Groth,et al.  Fully Anonymous Group Signatures without Random Oracles , 2007, IACR Cryptol. ePrint Arch..

[6]  Jonathan Katz,et al.  Ring Signatures: Stronger Definitions, and Constructions without Random Oracles , 2005, IACR Cryptol. ePrint Arch..

[7]  Jin Li,et al.  Generic Transformation from Weakly to Strongly Unforgeable Signatures , 2008, Journal of Computer Science and Technology.

[8]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[9]  Steve Kremer,et al.  Formal analysis of optimistic fair exchange protocols , 2004 .

[10]  Yi Mu,et al.  Multi-party Stand-Alone and Setup-Free Verifiably Committed Signatures , 2007, Public Key Cryptography.

[11]  Guomin Yang,et al.  Efficient Optimistic Fair Exchange Secure in the Multi-user Setting and Chosen-Key Model without Random Oracles , 2008, CT-RSA.

[12]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[13]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[14]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[15]  Kenneth G. Paterson,et al.  Concurrent Signatures , 2004, EUROCRYPT.

[16]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[17]  Markus Jakobsson,et al.  Abuse-Free Optimistic Contract Signing , 1999, CRYPTO.

[18]  Feng Bao,et al.  Stand-Alone and Setup-Free Verifiably Committed Signatures , 2006, CT-RSA.

[19]  Huafei Zhu Constructing Optimistic Fair Exchange Protocols from Committed Signatures , 2003, IACR Cryptol. ePrint Arch..

[20]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[21]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.

[22]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[23]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[24]  Guilin Wang,et al.  An Abuse-Free Fair Contract-Signing Protocol Based on the RSA Signature , 2005, IEEE Transactions on Information Forensics and Security.

[25]  Silvio Micali,et al.  Simple and fast optimistic protocols for fair electronic exchange , 2003, PODC '03.

[26]  Masayuki Abe,et al.  1-out-of-n Signatures from a Variety of Keys , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[27]  Yevgeniy Dodis,et al.  Optimistic Fair Exchange in a Multi-user Setting , 2007, J. Univers. Comput. Sci..

[28]  Colin Boyd,et al.  Off-Line Fair Payment Protocols Using Convertible Signatures , 1998, ASIACRYPT.

[29]  Eike Kiltz,et al.  Chosen-Ciphertext Security from Tag-Based Encryption , 2006, TCC.

[30]  Jianying Zhou,et al.  Analysis and Improvement of Micali's Fair Contract Signing Protocol , 2004, ACISP.

[31]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[32]  Qiong Huang,et al.  Generic Transformation to Strongly Unforgeable Signatures , 2007, ACNS.