Optimistic fair exchange is a kind of protocols to solve the problem of fair exchange between two parties. Almost all the previous work on this topic are provably secure only in the random oracle model. In PKC 2007, Dodis et al. considered optimistic fair exchange in a multi-user setting, and showed that the security of an optimistic fair exchange in a single-user setting may no longer be secure in a multi-user setting. Besides, they also proposed one and reviewed several previous construction paradigms and showed that they are secure in the multi-user setting. However, their proofs are either in the random oracle model, or involving a complex and very inefficient NP-reduction. Furthermore, they only considered schemes in the certified-key model in which each user has to show his knowledge of the private key corresponding to his public key. In this paper, we make the following contributions. First, we consider a relaxed model called chosen-key model in the context of optimistic fair exchange, in which the adversary can arbitrarily choose public keys without showing the knowledge of the private keys. We separate the security of optimistic fair exchange in the chosen-key model from the certifiedkey

We propose an optimistic two-party contract-signing protocol, which is fair, timely and balanced with respect to an attacker, who is able to read, write and delay messages on all communication channels. The protocol is based on the idea of a non-deterministic trusted third party that introduces uncertainty into the game. The trusted third party is accountable. In order to specify the security properties of the protocols and to formally reason about them, we use alternating-time temporal logic, extended with move selectors, allowing to restrict the sets of moves,

Abstract: The participation of an e-notary, acting as an on-line Trusted Third Party is required in some scenarios, such as Business to Business, Intellectual Property Rights contracting, or even as a legal requirement, in contract signing is frequently necessary. This e-notary gives validity to the contract or performs some tasks related to the contract, e.g. contract registration. In the abovementioned contracting scenarios, two important additional features are needed: the negotiation of the e-contract and confidentiality. However, until now, e-contract signing protocols have not considered these issues as an essential part of the protocol. In this paper, we present a new protocol which is designed to make negotiation and contract signing processes secure and confidential. Moreover, compared to other previous proposals based on an on-line Trusted Third Party, this protocol reduces the e-notary’s workload. Finally, we describe how the protocol is being used to achieve agreements on the rights of copyrighted works.

Cloud computing dynamically provides high quality cloudbased secure services and applications over the internet. The efficient sharing of secure cloud storage services (ESC) scheme which allows the upper-level user to share the secure cloud storage services with multiple lower-level users. In hierarchical identity-based architecture, the sender needs to encrypt a file only once and store only one copy of the corresponding ciphertext in a cloud. The lower-level user needs to decrypt a file which will increase the computational overhead, because the lower-level user does not perform any partial decipherment. In this paper, we propose a Trapdoor commitment scheme that enables a lower-level user to send a short trapdoor to the cloud service provider before retrieving files. This scheme allows the CSP to participate in the partial decipherment, so as to reduce computational overhead on the users without leaking any information about the plaintext. If a lower-level user wants to retrieve a file with limited bandwidth, CPU and memory, the trapdoor which will largely helps to reduce computational power. Keywords Hierarchical identity-based encryption; secure storage; trapdoor; partial decipherment. 1.

Abstract. Protocol for fair exchange of digital signatures is essential in many applications including contract signing, electronic commerce, or even peer-to-peer file sharing. In such a protocol, two parties, Alice and Bob, would like to exchange digital signatures on some messages in a fair way. It is known that a trusted arbitrator is necessary in the realization of such a protocol. We identify that in some scenarios, it is required that prior to the completion of the protocol, no observer should be able to tell whether Alice and Bob are conducting such an exchange. Consider the following scenario in which Apple engages Intel in an exchange protocol to sign a contract that terminates their OEM agreement. The information would be of value to a third party (such as the stock broker, or other OEM companies). If the protocol transcript can serve as an evidence that such a communication is in progress, any observer of this communication, including the employees of both companies, would be tempted to capture the transcript and sell it to outsiders. We introduce a new notion called perfect ambiguous optimistic fair exchange (PAOFE), which is particularly suitable to the above scenario. PAOFE fulfils all traditional requirements of cryptographic fair exchange of digital signatures and, in addition, guarantees that the communication transcript cannot be used as a proof to convince others that the protocol is in progress. Specifically, we formalize the notion of PAOFE and present a rigorous security model in the multi-user setting under the chosen-key attack. We also present a generic construction of PAOFE from existing cryptographic primitives and prove that our proposal is secure with respect to our definition in the standard model. 1