Fair exchange protocol of signatures based on aggregate signatures

In Eurocrypt 2003, Boneh et al. proposed verifiably encrypted signatures from the concept of aggregate signatures that support aggregation. Such signatures enable verifiers to test that a given ciphertext is the encryption of a signature on a given message. Verifiably encrypted signatures are used in fair exchange protocols of signatures. In this paper, we first show that Boneh et al.'s verifiably encrypted signature is not secure against rogue-key attacks. Moreover, the fairness of fair exchange protocols of signatures with the adjudicator relies on the neutrality of the adjudicator, which has become a major practical hindrance to fair exchange protocols of signatures getting widely deployed. Then we propose a fair exchange protocol of signatures from pairings by using aggregate signatures. We not only enhance the fair exchange protocol of signatures against three types of inside attackers but also relax the need of the trust in the adjudicator so that it only needs to be trusted by the signer.

[1]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[2]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[3]  Rafail Ostrovsky,et al.  Sequential Aggregate Signatures and Multisignatures Without Random Oracles , 2006, EUROCRYPT.

[4]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[5]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[6]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[7]  Jim Schaad,et al.  Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) , 2005, RFC.

[8]  Oded Goldreich,et al.  A Simple Protocol for Signing Contracts , 1983, CRYPTO.

[9]  Giuseppe Ateniese,et al.  Efficient verifiable encryption (and fair exchange) of digital signatures , 1999, CCS '99.

[10]  Colin Boyd,et al.  Off-Line Fair Payment Protocols Using Convertible Signatures , 1998, ASIACRYPT.

[11]  Edwin K. P. Chong,et al.  Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures , 2003, PODC '03.

[12]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[13]  Silvio Micali,et al.  Simple and fast optimistic protocols for fair electronic exchange , 2003, PODC '03.

[14]  Yevgeniy Dodis,et al.  Breaking and repairing optimistic fair exchange from PODC 2003 , 2003, DRM '03.

[15]  Chih-Hung Wang,et al.  An efficient contract signing protocol using the aggregate signature scheme to protect signers' privacy and promote reliability , 2005, OPSR.

[16]  Jianying Zhou,et al.  An intensive survey of fair non-repudiation protocols , 2002, Comput. Commun..

[17]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[18]  Reihaneh Safavi-Naini,et al.  Efficient Verifiably Encrypted Signature and Partially Blind Signature from Bilinear Pairings , 2003, INDOCRYPT.