Abstract not found

Abstract. We introduce the concept of concurrent signatures. These allow two entities to produce two signatures in such a way that, from the point of view of any third party, both signatures are ambiguous with respect to the identity of the signing party until an extra piece of information (the keystone) is released by one of the parties. Upon release of the keystone, both signatures become binding to their true signers concurrently. Concurrent signatures fall just short of providing a full solution to the problem of fair exchange of signatures, but we discuss some applications in which concurrent signatures suffice. Concurrent signatures are highly efficient and require neither a trusted arbitrator nor a high degree of interaction between parties. We provide a model of security for concurrent signatures, and a concrete scheme which we prove secure in the random oracle model under the discrete logarithm assumption.

A fair contract signing protocol allows two potentially mistrusted parities to exchange their commitments (i.e., digital signatures) to an agreed contract over the Internet in a fair way, so that either each of them obtains the other's signature, or neither party does. Based on the RSA signature scheme, a new digital contract signing protocol is proposed in this paper. Like the existing RSA-based solutions for the same problem, our protocol is not only fair, but also optimistic, since the third trusted party is involved only in the situations where one party is cheating or the communication channel is interrupted. Furthermore, the proposed protocol satisfies a new property, i.e., it is abuse-free. That is, if the protocol is executed unsuccessfully, none of the two parties can show the validity of intermediate results to others. Technical details are provided to analyze the security and performance of the proposed protocol. In summary, we present the first abuse-free fair contract signing protocol based on the RSA signature, and show that it is both secure and e#cient.

In a (t, n) proxy signature scheme, the original signer can delegate his/her signing capability to n proxy signers such that any t or more proxy singers can sign messages on behalf of the former, but t 1 or less of them cannot do the same thing.

In PODC 2003, Park et al. [32] first introduce a connection between fair exchange and sequential two-party multi-signature scheme and provide a novel method of constructing fair exchange protocol by distributing the computation of RSA signature. This approach avoids the design of verifiable encryption scheme at the expense of having cosigner store a piece of prime signer's secret key. Dodis and Reyzin [20] showed that the protocol in [32] is totally breakable in the registration phase, then presented a remedy scheme which is provably secure in the random oracle model, by utilizing Boldyreva non-interactive two-party multi-signature scheme [8]. Security in the random oracle model does not imply security in the real world. In this paper, we provide the first two e#cient committed signatures which are provably secure in the standard complexity model from strong RSA assumption. Then we construct e#cient optimistic fair exchange protocols from those new primitives.

Optimistic fair exchange is a kind of protocols to solve the problem of fair exchange between two parties. Almost all the previous work on this topic are provably secure only in the random oracle model. In PKC 2007, Dodis et al. considered optimistic fair exchange in a multi-user setting, and showed that the security of an optimistic fair exchange in a single-user setting may no longer be secure in a multi-user setting. Besides, they also proposed one and reviewed several previous construction paradigms and showed that they are secure in the multi-user setting. However, their proofs are either in the random oracle model, or involving a complex and very inefficient NP-reduction. Furthermore, they only considered schemes in the certified-key model in which each user has to show his knowledge of the private key corresponding to his public key. In this paper, we make the following contributions. First, we consider a relaxed model called chosen-key model in the context of optimistic fair exchange, in which the adversary can arbitrarily choose public keys without showing the knowledge of the private keys. We separate the security of optimistic fair exchange in the chosen-key model from the certifiedkey

In this paper, we study the security notions of verifiably committed signatures by introducing privacy and cut-o# time, and then we propose the first scheme which is provably secure in the standard complexity model based on the strong RSA assumption. The idea behind the construction is that given any valid partial signature of messages, if a co-signer with its auxiliary input is able to generate variables called the resolution of messages such that the distribution of the variables is indistinguishable from that generated by the primary signer alone from the views of the verifier/arbitrator, a verifiably committed signature can be constructed.

Abstract. This paper describes a powerful attack on a verifiably committed signature scheme based on GPS and RSA proposed in Financial Cryptography 2001. Given any partial signature, the attacker can extract the corresponding full signature. The attack works provided the attacker previously obtained a full signature of a special form, which can be done simply by eavesdropping a very small number of full signatures. For example, with the originally recommended parameters choice, 66% of the signatures are of this form. As a consequence, two “fair ” protocols using this primitive do not satisfy the fairness property. Of independent interest, our attack shows that special attention should be paid when building cryptographic protocols from GPS and RSA.

In this paper, we introduce a new and natural paradigm for fair exchange protocols, called verifiable probabilistic signature scheme. A security model with precise and formal definitions is presented, and an RSA-based efficient and provably secure verifiable probabilistic signature scheme is proposed. Our scheme works well with standard RSA signature schemes, and the proposed optimistic fair exchange protocol is much concise and efficient, and suitable for practical applications.

Abstract: The participation of an e-notary, acting as an on-line Trusted Third Party is required in some scenarios, such as Business to Business, Intellectual Property Rights contracting, or even as a legal requirement, in contract signing is frequently necessary. This e-notary gives validity to the contract or performs some tasks related to the contract, e.g. contract registration. In the abovementioned contracting scenarios, two important additional features are needed: the negotiation of the e-contract and confidentiality. However, until now, e-contract signing protocols have not considered these issues as an essential part of the protocol. In this paper, we present a new protocol which is designed to make negotiation and contract signing processes secure and confidential. Moreover, compared to other previous proposals based on an on-line Trusted Third Party, this protocol reduces the e-notary’s workload. Finally, we describe how the protocol is being used to achieve agreements on the rights of copyrighted works.