Guilin Wang
ABSTRACT
A fair contract signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or neither party does. Based on the RSA signature scheme, a new digital contract signing protocol is proposed in this paper. Like the existing RSA-based solutions for the same problem, our protocol is not only fair, but also optimistic, since the third trusted party is involved only in the situations where one party is cheating or the communication channel is interrupted. Furthermore, the proposed protocol satisfies a new property, i.e., it is abuse-free. That is, if the protocol is executed unsuccessfully, none of the two parties can show the validity of intermediate results to others. Technical details are provided to analyze the security and performance of the proposed protocol. In summary, we present the first abuse-free fair contract signing protocol based on the RSA signature, and show that it is both secure and efficient.
- AGHP02 M. Abadi, N. Glew, B. Horne, and B. Pinkas. Certified email with a light on-line trusted third party: Design and implementation. In: Proc. of 2002 International World Wide Web Conference (WWW'02), pp. 387--395. ACM press, 2002.]] Google Scholar
Digital Library
- N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. In: EUROCRYPT'98, LNCS 1403, pp. 591-606. Springer-Verlag, 1998.]]Google Scholar
- N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications, 18(4): 591-606, 2000.]] Google ScholarDigital Library
- G. Ateniese. Efficient verifiable encryption (and fair exchange) of digital signature. In: Proc. of AMC Conference on Computer and Communications Security (CCS'99), pp. 138--146. ACM Press, 1999.]] Google ScholarDigital Library
- G. Ateniese and C. Nita-Rotaru. Stateless-receipient certified E-mail system based on verifiable encryption. In: CT-RSA'02, LNCS 2271, pp. 182--199. Springer- Verlag, 2002.]] Google ScholarDigital Library
- F. Bao, R.H. Deng, and W. Mao. Efficient and practical fair exchange protocols with off-line TTP. In: Proc. of IEEE Symposium on Security and Privacy, pp. 77--85, 1998.]]Google Scholar
- F. Bao, G. Wang, J. Zhou, and H. Zhu. Analysis and improvement of Micali's fair contract signing protocol. In: Information Security and Privacy (ACISP'04), LNCS 3108, pp. 176--187. Springer-Verlag, 2004.]]Google Scholar
- F. Bao. Colluding attacks to a payment protocol and two signature exchange schemes. In: ASIACRYPT 2004, LNCS 3329, pp. 417-429. Springer-Verlag, 2004.]]Google ScholarCross Ref
- P.S.L.M. Barreto, H.Y. Kim, B. Lynn, and M. Scott. Efficient algorithms for pairing-based cryptosystems. In: CRYPTO 2002, LNCS 2442, pp.354-368. Springer-Verlag, 2002.]] Google ScholarDigital Library
- M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In: Proc. of the 1st ACM conference on Computer and communications Security (CCS'93), pp. 62--73. ACM press, 1993.]] Google ScholarDigital Library
- M. Bellare and R. Sandhu. The security of practical two-party RSA signature schemes. Manuscript, 2001. http://www-cse.ucsd.edu/users/mihir/papers/.]]Google Scholar
- M. Ben-Or, O. Goldreich, S. Micali, and R. L. Rivest. A fair protocol for signing contracts. IEEE Transac- tions on Information Theory, 36(1): 40--46, 1990.]]Google ScholarDigital Library
- A. Boldyreva. Threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman- group signature scheme. In: Public Key Cryptography - PKC'03, LNCS 2567, pp. 31--46. Springer-Verlag, 2003.]] Google ScholarDigital Library
- D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In: ASIACRYPT 2001, LNCS 2248, pp. 514-532. Springer-Verlag, 2001.]] Google ScholarCross Ref
- C. Boyd and E. Foo. Off-line fair payment protocols using convertible signatures. In: ASIACRYPT 1998, LNCS 1514, pp. 271-285. Springer-Verlag, 1998.]] Google ScholarDigital Library
- I.B. Damgard. Practical and provably secure release of a secret and exchange of signatures. Journal of Cryptology, 8(4): 201-222, 1995.]]Google ScholarDigital Library
- R. Deng, L. Gong, A. Lazar, and W. Wang. Practical protocol for certified electronic mail. Journal of Network and Systems Management, 1996, 4(3): 279--297.]]Google ScholarCross Ref
- Y. Dodis and L. Reyzin. Breaking and repairing optimistic fair exchange from PODC 2003. In: Proc. of ACM Workshop on Digital Rights Management (DRM'03), pp. 47--54. ACM press, 2003.]] Google ScholarDigital Library
- S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Communications of the ACM, 28(6): 637--647, 1985.]] Google ScholarDigital Library
- S. Even and Y. Yacobi. Relations among public key signature schemes. Technical Report 175, Computer Science Dept., Technion, Israel, 1980.]]Google Scholar
- A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In: CRYPTO'86, LNCS 263, pp. 186--194. Springer-Verlag, 1987.]] Google ScholarDigital Library
- S. D. Galbraith, K. Harrison, and D. Soldera. Implementing the Tate pairing. In: Algorithmic Number Theory (ANTS'02), LNCS 2369, pp.324--337. Springer-Verlag, 2002.]] Google ScholarDigital Library
- J. Garay, M. Jakobsson, and P. MacKenzie. Abuse-free optimistic contract signing. In: CRYPTO'99, LNCS 1666, pp. 449-466. Springer-Verlag, 1999.]] Google ScholarDigital Library
- R. Gennaro, T. Rabin, and H. Krawczyk. RSA-based undeniable signature. Journal of Cryptology, 13(4): 397--416, 2000. A preliminary version of this paper appeared in the proceedings of CRYPTO'97.]] Google ScholarDigital Library
- O. Goldreich. A simple protocol for signing contracts. In: CRYPTO'83, pp. 133-136. Plenum Press, 1984.]]Google ScholarCross Ref
- S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen- message attacks. SIAM Journal of Computing, April 1988, 17(2): 281--308.]] Google ScholarDigital Library
- S. Gürgens, C. Rudolph, and H. Vogt. On the security of fair non-repudiation protocols. In: Information Security Conference (ISC 2003), LNCS 2851, pp. 193--207. Springer-Verlag, 2003.]]Google ScholarCross Ref
- K. Imamoto and K. Sakurai. A cerified e-mail system with receiver's selective usage of delivery authortiy. In: Indocrypt 2002, LNCS 2551, pp. 326--338. Springer-Verlag, 2002.]] Google ScholarDigital Library
- P. Liu, P. Ning, and S. Jajodia. Avoiding loss of fairness owing to process crashes in fair data exchange protocols. In: International Conference on Dependable Systems and Networks (DSN'00), pp. 631--640. IEEE Computer Society, 2000.]] Google ScholarDigital Library
- S. Kremer and O. Markowitch. Selective receipt in cerified e-mail. In: Indocrypt 2001, LNCS 2247, pp. 136--148. Springer-Verlag, 2001.]] Google ScholarDigital Library
- S. Kremer, O. Markowitch, and J. Zhou. An intensive survey of fair non-repudiation protocols. Computer Communications, 25(17): 1606--1621. Elsevier, Nov. 2002.]] Google ScholarDigital Library
- A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996.]] Google ScholarDigital Library
- S. Micali. Simple and fast optimistic protocols for fair electronic exchange. In: Proc. of 22th Annual ACM Symp. on Principles of Distributed Computing (PODC'03), pp. 12--19. ACM Press, 2003.]] Google ScholarDigital Library
- J. M. Park, E. Chong, H. J. Siegel, and I. Ray. Constructing fair exchange protocols for e-commerce via distributed computation of RSA signatures. In: Proc. of 22th Annual ACM Symp. on Principles of Distributed Computing (PODC'03), pp. 172--181. ACM Press, 2003.]] Google ScholarDigital Library
- T. P. Pedersen. Non-interactive and information- theoretic secure verifiable secret sharing. In: CRYPTO 1991, LNCS 576, pp. 129--140. Springer-Verlag, 1991.]] Google ScholarDigital Library
- R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, Feb. 1978, 21(2): 120--126.]] Google ScholarDigital Library
- V. Shoup. Practical threshold signatures. In: EUROCRYPT 2000, LNCS 1807, pp. 207--220. Springer-Verlag, 2000.]] Google ScholarDigital Library
- J. Zhou and D. Gollmann. A fair non-repudiation protocol. In: Proc. of the IEEE Symposium on Security and Privacy, pp. 55--61. IEEE Computer Press, 1996.]] Google ScholarDigital Library
- J. Zhou and D. Gollmann. Certified electronic mail. In: Computer Security - ESORICS'96, LNCS 1146, pp. 160-171. Springer-Verlag, 1996.]] Google ScholarDigital Library
Index Terms
- An abuse-free fair contract signing protocol based on the RSA signature
Recommendations
A new fair non-repudiation protocol for secure negotiation and contract signing
PST '06: Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business ServicesIn some scenarios, such as B2B or IPR contracting, or by legal requirement, the participation of an e-notary in the contract signing is required in many cases, that is, an on-line TTP. This e-notary gives validity to the contract or performs some tasks ...
An abuse-free fair contract-signing protocol based on the RSA signature
A fair contract-signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or ...
An optimistic fair exchange protocol and its security in the universal composability framework
Fair exchange protocols allow both or neither of two parties to obtain the other's items, and this property is essential in e-commerce. In this paper, we construct an optimistic fair exchange protocol that is applicable to any digital signature by ...
Comments