Breaking and repairing optimistic fair exchange from PODC 2003

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Breaking and repairing optimistic fair exchange from PODC 2003

Full text

Pdf (151 KB)

Source

ACM Workshop On Digital Rights Management archive
Proceedings of the 3rd ACM workshop on Digital rights management table of contents

Washington, DC, USA

SESSION: Supporting cryptographic technology table of contents

Pages: 47 - 54

Year of Publication: 2003

ISBN:1-58113-786-9

Authors

Yevgeniy Dodis	New York University, New York, NY
Leonid Reyzin	Boston University, Boston, MA

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 3, Downloads (12 Months): 39, Citation Count: 7

Additional Information:

abstract references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/947380.947387 What is a DOI?

ABSTRACT

In PODC 2003, Park, Chong, Siegel and Ray [22] proposed an optimistic protocol for fair exchange, based on RSA signatures. We show that their protocol is totally breakable already in the registration phase: the honest-but-curious arbitrator can easily determine the signer's secret key.On a positive note, the authors of [22] informally introduced a connection between fair exchange and "sequential two-party multisignature schemes" (which we call two-signatures), but used an insecure two-signature scheme in their actual construction. Nonetheless, we show that this connection can be properly formalized to imply provably secure fair exchange protocols. By utilizing the state-of-the-art non-interactive two-signature of Boldyreva [6], we obtain an efficient and provably secure (in the random oracle model) fair exchange protocol, which is based on GDH signatures [9].Of independent interest, we introduce a unified model for non-interactive fair exchange protocols, which results in a new primitive we call verifiably committed signatures. Verifiably committed signatures generalize (non-interactive) verifiably encrypted signatures [8] and two-signatures, both of which are sufficient for fair exchange.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. In K. Nyberg, editor, Advances in Cryptology---EUROCRYPT~98, volume 1403 of Lecture Notes in Computer Science, pages 591--606. Springer-Verlag, May~31--June~4 1998.
	2	N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communication, 18(4):593--610, 2000.
	3	Giuseppe Ateniese, Efficient verifiable encryption (and fair exchange) of digital signatures, Proceedings of the 6th ACM conference on Computer and communications security, p.138-146, November 01-04, 1999, Kent Ridge Digital Labs, Singapore [doi>10.1145/319709.319728]
	4	F. Bao, R. Deng, and W. Mao. Efficient and practical fair exchange protocols with off-line TTP. In Proceedings of the IEEE Symposium on Security and Privacy, pages 77--85, 1998.
	5	Mihir Bellare , Phillip Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, Proceedings of the 1st ACM conference on Computer and communications security, p.62-73, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168596]
	6	Alexandra Boldyreva, Threshold Signatures, Multisignatures and Blind Signatures Based on the Gap-Diffie-Hellman-Group Signature Scheme, Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography, p.31-46, January 06-08, 2003
	7	Dan Boneh , Matthew K. Franklin, Identity-Based Encryption from the Weil Pairing, Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.213-229, August 19-23, 2001
	8	D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In E. Biham, editor, Advances in Cryptology---EUROCRYPT 2003, Lecture Notes in Computer Science, pages 416--432. Springer-Verlag, 4 May--8 May 2003.
	9	Dan Boneh , Ben Lynn , Hovav Shacham, Short Signatures from the Weil Pairing, Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.514-532, December 09-13, 2001
	10	Jan Camenisch , Ivan Damgård, Verifiable Encryption, Group Encryption, and Their Applications to Separable Group Signatures and Signature Sharing Schemes, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.331-345, December 03-07, 2000
	11	J. Camenisch and A. Lysyanskaya. Signature schemes with efficient protocols. In Conference on Security in Communication Networks (SCN), 2002.
	12	D. Chaum. Designated confirmer signatures. In A. De Santis, editor, Advances in Cryptology---EUROCRYPT~94, volume 950 of Lecture Notes in Computer Science, pages 86--91. Springer-Verlag, 1995, 9--12 May 1994.
	13	J.-S. Coron and D. Naccache. Boneh et al's k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption. In C. Laih, editor, Advances in Cryptology---ASIACRYPT-2003, Taipei, Taiwan, Nov 30--Dec 4, 2003. Springer-Verlag.
	14	Y. Desmedt, editor. 6th International Workshop on Practice and Theory in Public Key Cryptosystems --- PKC 2003, volume 2567 of Lecture Notes in Computer Science. Springer-Verlag, Jan. 2003.
	15	Yevgeniy Dodis, Efficient Construction of (Distributed) Verifiable Random Functions, Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography, p.1-17, January 06-08, 2003
	16	Craig Gentry , Alice Silverberg, Hierarchical ID-Based Cryptography, Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.548-566, December 01-05, 2002
	17	Antoine Joux, A One Round Protocol for Tripartite Diffie-Hellman, Proceedings of the 4th International Symposium on Algorithmic Number Theory, p.385-394, July 02-07, 2000
	18	A. Joux and K. Nguyen. Separating decision Diffie-Hellman from Diffie-Hellman in cryptographic groups. IACR E-print Archive. Available from http://eprint.iacr.org/2001/003/, 2001.
	19	Neal Koblitz, A course in number theory and cryptography, Springer-Verlag New York, Inc., New York, NY, 1987
	20	Anna Lysyanskaya, Unique Signatures and Verifiable Random Functions from the DH-DDH Separation, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.597-612, August 18-22, 2002
	21	Silvio Micali , Kazuo Ohta , Leonid Reyzin, Accountable-subgroup multisignatures: extended abstract, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502017]
	22	Jung Min Park , Edwin K. P. Chong , Howard Jay Siegel, Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.172-181, July 13-16, 2003, Boston, Massachusetts [doi>10.1145/872035.872060]

CITED BY 7

	Guilin Wang , Feng Bao , Jianying Zhou , Robert H. Deng, Comments on "A Practical (t,n) Threshold Proxy Signature Scheme Based on the RSA Cryptosystem', IEEE Transactions on Knowledge and Data Engineering, v.16 n.10, p.1309-1311, October 2004
	Zuhua Shao, Certificate-based verifiably encrypted signatures from pairings, Information Sciences: an International Journal, v.178 n.10, p.2360-2373, May, 2008
	Yusuke Okada , Yoshifumi Manabe , Tatsuaki Okamoto, An optimistic fair exchange protocol and its security in the universal composability framework, International Journal of Applied Cryptography, v.1 n.1, p.70-77, February 2008
	Giuseppe Ateniese , Susan Hohenberger, Proxy re-signatures: new definitions, algorithms, and applications, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
	Benoît Libert , Jean-Jacques Quisquater , Moti Yung, Forward-secure signatures in untrusted update environments: efficient and generic constructions, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Guilin Wang, An abuse-free fair contract signing protocol based on the RSA signature, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan
	Guilin Wang, Generic non-repudiation protocols supporting transparent off-line TTP, Journal of Computer Security, v.14 n.5, p.441-467, September 2006