Preserving Transparency and Accountability in Optimistic Fair Exchange of Digital Signatures

Optimistic fair exchange (OFE) protocols are useful tools for two participants to fairly exchange items with the aid of a third party who is only involved if needed. A widely accepted requirement is that the third party's involvement in the exchange must be transparent, to protect privacy and avoid bad publicity. At the same time, a dishonest third party would compromise the fairness of the exchange and the third party thus must be responsible for its behaviors. This is achieved in OFE protocols with another property called accountability. It is unfortunate that the accountability has never been formally studied in OFE since its introduction ten years ago. In this paper, we fill these gaps by giving the first complete definition of accountability in OFE where one of the exchanged items is a digital signature and a generic (also the first) design of OFE where transparency and accountability coexist.

[1]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[2]  Fabien Laguillaumie,et al.  Short Undeniable Signatures Without Random Oracles: The Missing Link , 2005, INDOCRYPT.

[3]  Yi Mu,et al.  Provably Secure Pairing-Based Convertible Undeniable Signature with Short Signature Length , 2007, Pairing.

[4]  Yevgeniy Dodis,et al.  Optimistic Fair Exchange in a Multi-user Setting , 2007, J. Univers. Comput. Sci..

[5]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[6]  Jan Camenisch,et al.  Group signature schemes and payment systems based on the discrete logarithm problem , 1998 .

[7]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[8]  Markus Jakobsson,et al.  Abuse-Free Optimistic Contract Signing , 1999, CRYPTO.

[9]  Adi Shamir,et al.  Zero Knowledge Proofs of Knowledge in Two Rounds , 1989, CRYPTO.

[10]  Ivan Damgård,et al.  Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes , 2000, ASIACRYPT.

[11]  Yi Mu,et al.  Multi-party Stand-Alone and Setup-Free Verifiably Committed Signatures , 2007, Public Key Cryptography.

[12]  Guomin Yang,et al.  Efficient Optimistic Fair Exchange Secure in the Multi-user Setting and Chosen-Key Model without Random Oracles , 2008, CT-RSA.

[13]  Javier López,et al.  Multiparty nonrepudiation: A survey , 2009, CSUR.

[14]  Dieter Gollmann,et al.  A fair non-repudiation protocol , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[15]  N. Asokan,et al.  Optimistic fair exchange of digital signatures , 1998, IEEE Journal on Selected Areas in Communications.

[16]  Guilin Wang An abuse-free fair contract-signing protocol based on the RSA signature , 2010, IEEE Trans. Inf. Forensics Secur..

[17]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[18]  Jean-Jacques Quisquater,et al.  A "Paradoxical" Indentity-Based Signature Scheme Resulting from Zero-Knowledge , 1988, CRYPTO.

[19]  Sushil Jajodia,et al.  Avoiding loss of fairness owing to failures in fair data exchange systems , 2001, Decis. Support Syst..

[20]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[21]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[22]  Ivan Damgård,et al.  Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols , 1994, CRYPTO.

[23]  Yevgeniy Dodis,et al.  Breaking and repairing optimistic fair exchange from PODC 2003 , 2003, DRM '03.

[24]  Steven D. Galbraith,et al.  Invisibility and Anonymity of Undeniable and Confirmer Signatures , 2003, CT-RSA.

[25]  Mihir Bellare,et al.  On Defining Proofs of Knowledge , 1992, CRYPTO.

[26]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[27]  Jose A. Onieva,et al.  Multi-Party Non-Repudiation : A Survey , 2008 .

[28]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[29]  Feng Bao,et al.  Stand-Alone and Setup-Free Verifiably Committed Signatures , 2006, CT-RSA.

[30]  Yi Mu,et al.  Further Observations on Optimistic Fair Exchange Protocols in the Multi-user Setting , 2010, Public Key Cryptography.

[31]  Markus Jakobsson,et al.  Designated Verifier Proofs and Their Applications , 1996, EUROCRYPT.

[32]  Robert H. Deng,et al.  Some Remarks on a Fair Exchange Protocol , 2000, Public Key Cryptography.

[33]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[34]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[35]  Edwin K. P. Chong,et al.  Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures , 2003, PODC '03.

[36]  Robert H. Deng,et al.  Efficient and practical fair exchange protocols with off-line TTP , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[37]  Isamu Teranishi,et al.  General Conversion for Obtaining Strongly Existentially Unforgeable Signatures , 2006, INDOCRYPT.

[38]  Feng Bao,et al.  More on Stand-Alone and Setup-Free Verifiably Committed Signatures , 2006, ACISP.

[39]  N. Asokan,et al.  Asynchronous protocols for optimistic fair exchange , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[40]  Olivier Markowitch,et al.  An Optimistic Non-repudiation Protocol with Transparent Trusted Third Party , 2001, ISC.

[41]  Qiong Huang,et al.  Generic Transformation to Strongly Unforgeable Signatures , 2007, ACNS.

[42]  Ron Steinfeld,et al.  How to Strengthen Any Weakly Unforgeable Signature into a Strongly Unforgeable Signature , 2007, CT-RSA.

[43]  Sushil Jajodia,et al.  Avoiding loss of fairness owing to process crashes in fair data exchange protocols , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[44]  Kaoru Kurosawa,et al.  The security of the FDH variant of Chaum's undeniable signature scheme , 2005, IEEE Transactions on Information Theory.

[45]  Brent Waters,et al.  Strongly Unforgeable Signatures Based on Computational Diffie-Hellman , 2006, Public Key Cryptography.

[46]  Cristina Nita-Rotaru,et al.  Stateless-Recipient Certified E-Mail System Based on Verifiable Encryption , 2002, CT-RSA.

[47]  Guomin Yang,et al.  Ambiguous Optimistic Fair Exchange , 2008, ASIACRYPT.

[48]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[49]  N. Asokan,et al.  Optimistic protocols for fair exchange , 1997, CCS '97.

[50]  David Chaum,et al.  Undeniable Signatures , 1989, CRYPTO.

[51]  Ralf Küsters,et al.  Accountability: definition and relationship to verifiability , 2010, CCS '10.

[52]  Giuseppe Ateniese,et al.  Efficient verifiable encryption (and fair exchange) of digital signatures , 1999, CCS '99.