Optimistic fair exchange of digital signatures

Asokan, N.; Shoup, Victor; Waidner, Michael

doi:10.1109/49.839935

Cited by 406 publications

(410 citation statements)

References 21 publications

Supporting

Mentioning

403

Contrasting

Unclassified

Order By: Relevance

“…We have identified two applications of our scheme: fair exchange protocols and verifiable group encryption. Using our TPM-based protocols, we construct a verifiable group encryption scheme and solve an open problem in Asokan et al's paper [1]: making their protocol non-interactive and bringing down the cost of the verifiable escrow operation. Other applications may also benefit from our techniques, including applications such as group signatures and identity escrow schemes.…”

Section: Our Contributionmentioning

confidence: 99%

“…The protocol is such that V is convinced that the received ciphertext will decrypt to a value s which satisfies the necessary property, but other than this fact V is not able to discover any additional information about the value s. In a typical application, a honest prover will later reveal the secret, and the trusted party is only involved if the protocol does not complete and V needs to recover the secret without the assistance of P . Verifiable encryption has been used to construct solutions for fair exchange [1,2], escrow schemes [29], and signature sharing schemes [17]. In this paper we solve a generalized, more powerful version known as verifiable group encryption, in which there are multiple semi-trusted parties ("recovery agents" or "proxies") and authorized subsets of agents.…”

Section: Introductionmentioning

confidence: 99%

“…For example, I might be an encrypted value and the property Q(I) refers to a simple property of the corresponding plaintext. Zero-knowledge proofs are used in higher-level protocols such as fair exchange [1], identification protocols [16], and group signatures [4]. Interactive zero-knowledge proof systems often employ a paradigm called "cut-and-choose" in which the prover answers a series of random challenges given by the verifier.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology

Tate

Vishwanathan

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

Abstract. Cut-and-choose is used in interactive zero-knowledge protocols in which a prover answers a series of random challenges that establish with high probability that the prover is honestly following the defined protocol. In this paper, we examine one such protocol and explore the consequences of replacing the statistical trust gained from cut-and-choose with a level of trust that depends on the use of secure, trusted hardware. As a result, previous interactive protocols with multiple rounds can be improved to non-interactive protocols with computational requirements equivalent to a single round of the original protocol. Surprisingly, we accomplish this goal by using hardware that is not designed for our applications, but rather simply provides a generic operation that we call "certified randomness," which produces a one-way image of a random value along with an encrypted version that is signed by the hardware to indicate that these values are properly produced. It is important to stress that while we use this operation to improve cut-and-choose protocols, the trusted operation does not depend in any way on the particular protocol or even data used in the protocol: it operates only with random data that it generates. This functionality can be achieved with minor extensions to the standard Trusted Platform Modules (TPMs) that are being used in many current systems.We demonstrate our technique through application to cut-and-choose protocols for verifiable group encryption and optimistic fair exchange. In both cases we can remove or drastically reduce the amount of interaction required, as well as decrease the computational requirements significantly.

show abstract

Section: Our Contributionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology

Tate

Vishwanathan

2009

Data and Applications Security XXIII

View full text Add to dashboard Cite

show abstract

“…If it is a fake membership certificate that includes ciphertext c, it checks whether this certificate also includes the value Z :=Z/(ar 1 3 ). If it does not, then D knows that the verifier will reject anyway -so it forwards the message to V .…”

Section: Proof Of Security and Appointed Verifier Propertymentioning

confidence: 99%

“…Verifiable encryption [1,8], is a protocol between a prover and a verifier such that as a result of the protocol, on input public key E, and value v, the verifier obtains an encryption e of some value s under E such that (w, y) ∈ R. For instance, R could be the relation (w, g w ) ⊂ Z q × G. Generalizing the protocol of Asokan et al [1], Camenisch and Damgård [8] provide a verifiable encryption scheme for a class of relations that, in particular, includes all discrete-logarithm relations that are of relevance in this paper. We denote verifiable encryption similarly as the PK 's, e.g., e := VE(ElGamal, (u, v)){ξ : y = g ξ } denotes the verifiable encryption protocol for the ElGamal scheme, whereby log g y is encrypted in e under public key (u, v).…”

Section: Verifiable Encryptionmentioning

confidence: 99%

An Identity Escrow Scheme with Appointed Verifiers

Camenisch

Lysyanskaya²

2001

Advances in Cryptology — CRYPTO 2001

View full text Add to dashboard Cite

Abstract. An identity escrow scheme allows a member of a group to prove membership in this group without revealing any extra information. At the same time, in case of abuse, his identity can still be discovered. Such a scheme allows anonymous access control. In this paper, we put forward the notion of an identity escrow scheme with appointed verifiers. Such a scheme allows the user to only convince an appointed verifier (or several appointed verifiers) of his membership; but no unauthorized verifier can verify a user's group membership even if the user fully cooperates, unless the user is completely under his control. We provide a formal definition of this new notion and give an efficient construction of an identity escrow scheme with appointed verifiers provably secure under common number-theoretic assumptions in the public-key model.

show abstract

Blockchain‐based fair three‐party contract signing protocol for fog computing

Huang

Chen

2018

Concurrency and Computation

View full text Add to dashboard Cite

SummaryFog computing is a new computing paradigm that can provide flexible resources and services at the edge of network. It is an extension of cloud computing and usually cooperated with cloud computing. Therefore, end users, fog nodes, and cloud servers can form a three‐layer service model in practical application. In this model, they should have an agreement on a service contract, which contains every party's rights and obligations before the beginning of the service. However, due to lack of trust, it will suffer from some fairness problems during signing a service contract. Contract signing protocol allows two or more mutual distrust entities to sign a predefined digital contract in a fair and effective way. In this paper, we propose a fair three‐party contract signing protocol based on the primitive of blockchain, which can be applied to the scenario of fog computing. Our proposed construction allows the participants to sign a contract in a fair way without the involvement of an arbitrator. Moreover, the privacy of the contract content can be preserved on the public chain. Finally, we realize the proposed protocol through the private blockchain and provide the experimental simulation that analyzes the efficiency and effectiveness.

show abstract

Optimistic fair exchange of digital signatures

Cited by 406 publications

References 21 publications

Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology

Improving Cut-and-Choose in Verifiable Encryption and Fair Exchange Protocols Using Trusted Computing Technology

An Identity Escrow Scheme with Appointed Verifiers

Blockchain‐based fair three‐party contract signing protocol for fog computing

Contact Info

Product

Resources

About