Multi-party Stand-Alone and Setup-Free Verifiably Committed Signatures

Zhu, Huafei; Susilo, Willy; Mu, Yi

doi:10.1007/978-3-540-71677-8_10

Cited by 15 publications

(19 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They separated the security of optimistic fair exchange between single-user setting and multi-user setting by showing that an optimistic fair exchange instance provably secure in the single-user setting is not secure in the multi-user setting. Independently, this was also studied by Zhu, Susilo and Mu in 2007 [12].…”

Section: Previous Work and Related Notionsmentioning

confidence: 86%

Optimistic fair exchange in the enhanced chosen-key model

Wang

Susilo

2015

Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

Optimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full signatures generated by the signer, prior to launching the actual attack. That is to say, the adversary is not provided with the signing oracle, which will produce full signatures generated by the signer. It is commonly believed that the full signatures generated by the signer can be simulated by the full signatures generated by the arbitrator. Unfortunately, we show that this perception is false. Second, we propose an enhanced model of OFE that explicitly provides the adversary with the signing oracle, which outputs the full signatures generated by the signer. We demonstrate the difference between our enhanced model and the existing chosen-key model through two concrete OFE schemes that serve as counterexamples. Finally, we revisit two existing generic constructions of optimistic fair exchange schemes, one based on verifiably encrypted signatures, and the other based on conventional signatures and ring signatures. Our result shows that the two generic approaches can still offer schemes secure in our enhanced model, which captures the real scenario that dishonest users may have access to the full signatures generated by the signer. AbstractOptimistic fair exchange (OFE) is a kind of protocol to guarantee fairness for the parties involved in an exchange with the help of an arbitrator. A fundamental work of optimistic fair exchange is to define security models capturing realistic attacks and design schemes secure in practical models. The security models are very essential to ensure that they capture practical situation, which will ensure that the protocols can be adopted in practice. The contributions of this paper are three fold. First, we observe that the existing OFE models do not capture realistic situation, where the adversary can actually observe the full signatures generated by the signer, prior to launching the actual attack. That is to say, the adversary is not provided with the signing oracle, which will produce full signatures generated by the signer. It is commonly believed that the full signatures generated by the signer can be simulated by the full signatures generated by the arbitrator. Unfortunately, we show that this perception is false. Second, we propose an enhanced model of OFE that explicitly provides the adversary with the signing oracle, which outputs the full signatures generated by the signer. We demonstrate the difference between our enhanced model and the * ...

show abstract

Section: Previous Work and Related Notionsmentioning

confidence: 86%

Optimistic fair exchange in the enhanced chosen-key model

Wang

Susilo

2015

Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…It was later broken and repaired by Dodis and Reyzin [15]. The scheme is setup-driven [39,40], which requires all users to register their keys with the arbitrator prior to conducting any transaction. In [32], Micali proposed another scheme based on a CCA2 secure public key encryption with the property of recoverable randomness (i.e., both plaintext and randomness used for generating the ciphertext can be retrieved during decryption).…”

Section: Related Workmentioning

confidence: 99%

Ambiguous optimistic fair exchange: Definition and constructions

Huang

Yang

Wong

et al. 2015

Theoretical Computer Science

Self Cite

View full text Add to dashboard Cite

Optimistic fair exchange (OFE) is a protocol for solving the problem of exchanging items or services in a fair manner between two parties, a signer and a verifier, with the help of an arbitrator which is called in only when a dispute happens between the two parties. In almost all the previous work on OFE, after obtaining a partial signature from the signer, the verifier can present it to others and show that the signer has indeed committed itself to something corresponding to the partial signature evenprior to the completion of the transaction. In some scenarios, this capability given to the verifier may be harmful to the signer. In this paper, we propose the notion of ambiguous optimistic fair exchange(AOFE), which is a variant of OFE andrequires additionally that the verifier cannot convince anybody about the authorship of a partial signature generated by the signer. We present a formal security model for AOFE in the multi-user setting and chosen-key model, and propose a generic construction of AOFE that is provably secure under our model. Furthermore, we propose an efficient instantiation of the generic construction, security of which is based on Strong Diffie-Hellman assumption and Decision Linear assumption without random oracles. AbstractOptimistic fair exchange (OFE) is a protocol for solving the problem of exchanging items or services in a fair manner between two parties, a signer and a verifier, with the help of an arbitrator which is called in only when a dispute happens between the two parties. In almost all the previous work on OFE, after obtaining a partial signature from the signer, the verifier can present it to others and show that the signer has indeed committed itself to something corresponding to the partial signature even prior to the completion of the transaction. In some scenarios, this capability given to the verifier may be harmful to the signer. In this paper, we propose the notion of ambiguous optimistic fair exchange (AOFE), which is a variant of OFE, requires additionally that the verifier cannot convince anybody about the authorship of a partial signature generated by the signer. We present a formal security model for AOFE in the multi-user setting and chosen-key model, and propose a generic construction of AOFE that is provably secure under our model. Furthermore, we propose an efficient instantiation of the generic construction, security of which is based on Strong Diffie-Hellman assumption and Decision Linear assumption without random oracles.

show abstract

“…Some desirable properties in OFE, such as abuse-free [11], verifiability of the third party [12] (also known as accountability in [9]), resolution ambiguity [13], stand-alone [14], setup-free [14] and signer ambiguity [15], have also been proposed in the literature. Resolution ambiguity means that the full signatures generated by the signer should be computationally indistinguishable from those generated by the arbitrator, and it has been considered as a fundamental requirement for OFE schemes [4], [16], [17], [18], [15], [19]. As the intervention of an arbitrator could be caused by a network failure rather than by the cheating of a signer, an OFE scheme with resolution ambiguity can avoid bad publicity for the signer.…”

Section: A Related Workmentioning

confidence: 99%

“…Dodis et al [16] pointed out that the security of an OFE in the singleuser setting does not necessarily guarantee that in the multiuser setting. Independently, the multi-user security of OFE was also studied by Zhu, Susilo and Mu [17].…”

Section: A Related Workmentioning

confidence: 99%

Collusion-Resistance in Optimistic Fair Exchange

Wang

Susilo

et al. 2014

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Optimistic fair exchange (OFE) is a type of cryptographic protocols aimed at solving the fair exchange problem over open networks with the help of a third party to settle disputes between exchanging parties. It is well known that a third party is necessary in the realization of a fair exchange protocol. However, a fully trusted third party may not be available over open networks. In this paper, the security of most of the proposed OFE protocols depends on the assumption that the third party is semitrusted in the sense that it may misbehave on its own but does not conspire with either of the main parties. The existing security models of OFE have not taken into account the case where the potentially dishonest third party may collude with a signer in the sense of sharing its secret key with the signer. In this paper, to reduce the trust level of the arbitrator and increase the security of OFE, we propose an enhanced security model that, for the first time, captures this scenario. We also show a separation between the existing model and our enhanced model with a concrete counter example. Finally, we revisit two popular approaches in the construction of OFE protocols, which are based on verifiably encrypted signature and conventional signature plus ring signature, respectively. Our result shows that the conventional signature plus ring signature approach approach remains valid in our enhanced model. However, for schemes based on verifiably encrypted signature, slight modifications are needed to guarantee the security. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Abstract-Optimistic fair exchange (OFE) is a type of cryptographic protocols aimed at solving the fair exchange problem over open networks with the help of a third party to settle disputes between exchanging parties. It is well known that a third party is necessary in the realization of a fair exchange protocol. However, a fully trusted third party may not be available over open networks. In the literature, the security of most of the proposed OFE protocols depends on the assumption that the third party is semi-trusted in the sense that it may misbehave on its own but does not conspire with either of the main parties. The existing security models of OFE have not taken into account the case where the potentially dishonest third party may collude with a signer in the sense of sharing its secret key with the signer. In this work, to reduce the trust level of the arbitrator and increase the security of OFE, we propose an enhanced security model that, for the first time, captures this scenario. We also show a separation between the existing model and our enhanced model with a concrete counter example. Finally, we revisit two popular approaches in the construction of OFE protocols, which are based on verifiably encrypted signature and conventional signature plus ring signature, respectively. Our result shows that conventional signature plus rin...

show abstract

Multi-party Stand-Alone and Setup-Free Verifiably Committed Signatures

Cited by 15 publications

References 19 publications

Optimistic fair exchange in the enhanced chosen-key model

Optimistic fair exchange in the enhanced chosen-key model

Ambiguous optimistic fair exchange: Definition and constructions

Collusion-Resistance in Optimistic Fair Exchange

Contact Info

Product

Resources

About