Optimistic fair exchange of digital signatures

Asokan, N.; Shoup, Victor; Waidner, Michael

doi:10.1007/bfb0054156

Cited by 261 publications

(174 citation statements)

References 20 publications

(20 reference statements)

Supporting

Mentioning

173

Contrasting

Order By: Relevance

“…The idea for such a solution is to enable TTP to generate a modified signature EOR. This can be achieved with cryptographic primitives like verifiable encryption (e.g., [5,6]) or convertible signatures (e.g., [8,20]). …”

Section: Transparent Ttpmentioning

confidence: 99%

On the security of fair non-repudiation protocols

2005

View full text Add to dashboard Cite

We analyzed two non-repudiation protocols and found some new attacks on the fairness and termination property of these protocols. Our attacks are enabled by several inherent design weaknesses, which also apply to other non-repudiation protocols. To prevent these attacks, we propose generic countermeasures that considerably strengthen the design and implementation of non-repudiation protocols. The application of these countermeasures is finally shown by our construction of a new fair non-repudiation protocol

show abstract

Section: Transparent Ttpmentioning

confidence: 99%

On the security of fair non-repudiation protocols

2005

View full text Add to dashboard Cite

show abstract

“…To remedy these two drawbacks, one could use the generic verifiable encryption scheme that appears in [2]. However, the resulting interactive proof in C3 would only have the property of computational zero-knowledge.…”

Section: Introductionmentioning

confidence: 99%

“…However, the resulting interactive proof in C3 would only have the property of computational zero-knowledge. Also, no formal guarantee for combined security, as defined above, is given in [2].…”

Section: Introductionmentioning

confidence: 99%

Certificates of Recoverability with Scalable Recovery Agent Security

Verheul

2000

Public Key Cryptography

View full text Add to dashboard Cite

Abstract. We propose new schemes for Certificates of Recoverability (CRs). These consist of a user's public key and attributes, its private key encrypted in such a way that it is recoverable by one or more Key Recovery Agents (KRAs), plus a publicly verifiable proof of this (the actual CR). In the original schemes, the level of cryptographic security employed by the KRA and the users is necessarily the same. In our schemes the level of cryptographic security employed by the KRA can be set higher, in a scalable fashion, than that being employed by the users. Among the other improvements of our schemes are its applicability to create CRs for cryptosystems based on the Discrete Log problem in small subgroups, most notably the Digital Signature Standard and Elliptic Curve Crypto systems. Also, the size of the constructed proofs of knowledge can be taken smaller than in the original schemes. We additionally show several ways to support secret sharing in our scheme. Finally we present several new constructions and results on the hardness of "small parts", in the setting of Diffie-Hellman keys in extension fields.

show abstract

“…We denote C(a, r a ) = g a 1 g ra 2 modn a commitment to a in bases (g 1 , g 2 ), where r a is randomly selected over {0, 2 s n}, where s is a security parameter. This commitment scheme first appeared in [12] and reconsidered by Damgård and Fujisaki [10] is statistically hiding and computationally binding, i.e., -a committer is unable to commit itself to two values a 1 , a 2 such that a 1 = a 2 in Z by the same commitment unless the committed can factor n or solves the discrete logarithm of g 1 in base g 2 or the the discrete logarithm of g 2 in base g 1 ; -C(a, r a ) statistically reveals no information to the receiver, i.e., there is a simulator which outputs simulated commitments to a which are statistically indistinguishable from true ones. -this commitment is homomorphic, i.e., C(a+b, r a +r b ) = C(a, r a ) × C(b, r b ).…”

Section: Fujisaki-okamoto Commitment Schemementioning

confidence: 99%

“…Optimistic fair-exchange protocols was first introduced by Asokan et al, in [1] and formally studied in [2], [3] and [14] in the context of verifiably encrypted signatures. Very recently, Dodis and Reyzin [11] have formalized a unified model for fair-exchange protocols as a new cryptographic primitive called verifiably committed signatures in the two-party setting.…”

Section: Introductionmentioning

confidence: 99%

Multi-party Stand-Alone and Setup-Free Verifiably Committed Signatures

Zhu

Susilo

Public Key Cryptography – PKC 2007

View full text Add to dashboard Cite

Abstract. In this paper, we first demonstrate a gap between the security of verifiably committed signatures in the two-party setting and the security of verifiably committed signatures in the multi-party setting. We then extend the state-of-the-art security model of verifiably committed signatures in the two-party setting to that of multi-party setting. Since there exists trivial setup-driven solutions to multi-party verifiably committed signatures (e.g., two-signature based solutions, we propose solutions to the multi-party stand-alone verifiably committed signatures in the setup-free model, and show that our implementation is provably secure under the joint assumption that the underlying Zhu's signature scheme is secure against adaptive chosen-message attack, FujisakiOkamoto's commitment scheme is statistically hiding and computationally binding and Paillier's encryption is semantically secure and one-way as well as the existence of collision-free one-way hash functions.

show abstract

Optimistic fair exchange of digital signatures

Cited by 261 publications

References 20 publications

On the security of fair non-repudiation protocols

On the security of fair non-repudiation protocols

Certificates of Recoverability with Scalable Recovery Agent Security

Multi-party Stand-Alone and Setup-Free Verifiably Committed Signatures

Contact Info

Product

Resources

About