Document Type : Research Article

Authors

Abstract

An Optimistic Fair Exchange (OFE) protocol is a good way for two parties to exchange their digital items in a fair way such that at the end of the protocol execution, both of them receive their items or none of them receive anything. In an OFE protocol there is a semi-trusted third party, named arbitrator, which involves in the protocol if it is necessary. But there is a security problem when arbitrator acts dishonestly and colludes with the verifier, that is, the arbitrator can complete the transaction without getting signer's agreement. Huang et al. in 2011 addressed this issue by formalizing the accountability property. However, Huang et al.'s scheme is secure in the random oracle model which is not available in the real world. We present the first generic accountable OFE protocol that is secure in the standard model by using traceable ring signatures (TRSs) as our primitive. We prove the security of our protocol under the chosen-key model and multi-user setting.

Keywords

[1] R. Ganjavi, M. Rajabzadeh Asaar and M. Salmasizadeh. A traceable optimistic fair exchange protocol. In 11th International ISC Conference on. Information Security and Cryptology (ISCISC), pages 161-166, 2014. IEEE.
[2] D. Boneh, C. Gentry, B. Lynn, and H. Shacham. Aggregate and verifiably encrypted signatures from bilinear maps. In E. Biham, editor, Advances in Cryptology EUROCRYPT 2003, Lecture Notes in Computer Science 2656, pages 416-432, 2003. Springer-Verlag.
[3] C. Boyd, Digital multi-signatures, Cryptography and coding (1986).
[4] M. Park, E. Chong, H. Siegel, and I. Ray. Constructing fair exchange protocols for E-commerce via distributed computation of RSA signatures. In 22th Annual ACM Symp. on Principles of Distributed Computing, pages 172-181, 2003.
[5] Q. Huang, G. Yang, Duncan S. Wong, and W. Susilo. Efficient optimistic fair exchange secure in the multi-user setting and chosen-key model without random oracles. In Proc. of The Cryptographers' Track at the RSA Conference-CT-RSA 2008, Lecture Notes in Computer Science 4964, pages 106-120, Berlin, 2008. Springer.
[6] X. Huang, Y. Mu, Y. Susilo, W. Wu, J. Zhou, and R. H. Deng. Preserving Transparency and Accountability in Optimistic Fair Exchange of Digital Signatures. IEEE Transaction on Information Forensics and Security 6(2), pages 498-512, 2011.
[7] N. Asokan, M. Schunter, and M. Waidner. Optimistic protocols for fair exchange. In Proc. of the 4th ACM conference on Computer and Communications Security, pages 7-17, New York, 1997. ACM.
[8] N. Asokan, V. Shoup, and M. Waidner. Optimistic fair exchange of digital signatures (Extended abstract). In Proc. of International Conference on the Theory and Application of Cryptographic Techniques-EUROCRYPT'98, Lecture Notes in Computer Science 1403, pages 591-606, Berlin, 1998. Springer.
[9] Y. Dodis and L. Reyzin. Breaking and repairing optimistic fair exchange from PODC 2003. In Proc. of the 3rd ACM Workshop on Digital Rights Management, pages 47-54, New York, 2003. ACM.
[10] Y. Dodis, P. J. Lee, and D. H. Yum. Optimistic fair exchange in a multi-user setting. In Proc. Of the 10th International Conference on Practice and Theory in Public-Key Cryptography-PKC 2007, Lecture Notes in Computer Science 4450, pages 118-133, Berlin, 2007. Springer.
[11] X. Huang, Y. Mu, W. Susilo, W. Wu, Y. Xiang. Optimistic Fair Exchange with Strong Resolution Ambiguity. IEEE Journal on Selected Areas in Communications 29(7), 2011.
[12] S. Lu, R. Ostrovsky, A. Sahai, H. Shacham, and B. Waters. Sequential aggregate signatures and multi-signatures without random oracles. In Proc. of the Annual International Conference on the Theory and Applications of Cryptographic Techniques-EUROCRYPT 2006, Lecture Notes in Computer Science 4004, pages 465-485, Berlin, 2006. Springer.
[13] Q. Huang, G. Yang, D. S. Wong, and W. Susilo. Ambiguous optimistic fair exchange. In Proc. Of the 14th International Conference on the Theory and Application of Cryptology and Information Security-ASIACRYPT 2008, Lecture Notes in Computer Science 5350, pages 74-89, Berlin, 2008. Springer.
[14] Q. Lie, G. Wang, and Y. Mu. Optimistic fair exchange of ring signatures. In Security and Privacy in Communication Networks 2012, Lecture Notes in Computer Science 96, pages 227-242, Berlin, 2012. Springer.
[15] Y. Wang, M. H. Au, J. K. Liu, T. H. Yuen, and W. Susilo. Threshold-Oriented Optimistic Fair Exchange. In Network and System Security 2013, Lecture Notes in Computer Science 7873, pages 424-438, 2013. Springer.
[16] Q. Huang, D. S. Wong, and W. Susilo. P2OFE: Privacy-Preserving Optimistic Fair Exchange of Digital Signatures. In Topics in Cryptology CTRSA 2014, Lecture Notes in Computer Science 8366, pages 367-384, 2014. Springer.
[17] Y. Wang, M. H. Au, and W. Susilo. Attribute-based optimistic fair exchange: How to restrict brokers with policies. Theoretical Computer Science 527, pages 83-96, 2014.
[18] R. Rivest, A. Shamir, and Y. Tauman. How to leak a secret. In Proc. Asia crypt 2001, Lecture Notes in Computer Science 2248, pages 552-565, 2001. Springer.
[19] H. Shacham and B. Waters. Efficient ring signatures without random oracles. In Proc. Public-Key Cryptography-PKC 2007, Lecture Notes in Computer Science 4450, pages 166-180, 2007. Springer.
[20] E. Fujisaki, K. Suzuki. Traceable ring signature. In Proc. Public-Key Cryptography-PKC 2007, Lecture Notes in Computer Science 4450, pages 181-200, 2007. Springer.
[21] E. Fujisaki. Sub-linear Size Traceable Ring Signatures without Random Oracles. In Cryptographers' Track at the RSA Conference-CT-RSA 2011, Lecture Notes in Computer Science 6558, pages 393-415, 2011. Springer.
[22] A. Fiat and A. Shamir. How to prove yourself. In Proc. Crypto 1986, Lecture Notes in Computer Science 263, pages 186-194, 1986. Springer.
[23] R. Cramer, I. Damgard, and B. Schoenmakers. Proofs of partial knowledge and simplied design of witness hiding protocols. In Proc. Crypto 1994, Lecture Notes in Computer Science 839, pages 174-187, 1994. Springer.
[24] S. Goldwasser, S. Micali, and R. Rivest. A digital signature scheme secure against adaptive chosen message attack. In SIAM J. Computing 17(2), pages 281-308, 1988.
[25] D. Boneh and X. Boyen. Short signatures without random oracles. In Proc. Eurocrypt 2004, Lecture Notes in Computer Science 3027, pages 56-73, 2004. Springer.
[26] C. P. Schnorr, Efficient identification and signatures for smart cards, in Proc. Crypto89, 1990, vol. 435, pp. 239-252, LNCS, Springer.