Efficient and practical fair exchange protocols with off-line TTP

We present protocols for fair exchange of electronic data (digital signatures, payment and confidential data) between two parties A and B. Novel properties of the proposed protocols include: 1) offline trusted third party (TTP), i.e., TTP does not take part in the exchange unless one of the parties...

Full description

Saved in:
Bibliographic Details
Main Authors: BAO, Feng, DENG, Robert H., MAO, Wenbo
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 1998
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/3893
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:We present protocols for fair exchange of electronic data (digital signatures, payment and confidential data) between two parties A and B. Novel properties of the proposed protocols include: 1) offline trusted third party (TTP), i.e., TTP does not take part in the exchange unless one of the parties behaves improperly; 2) only three message exchanges are required in the normal situation; 3) true fair exchange, i.e., either A and B obtain each other's data or no party receives anything useful; no loss can be incurred to a party no matter how maliciously the other party behaves during the exchange. This last property is in contrast to previously proposed protocols with offline TTP ([1] and [21]), where a misbehaving party may get another party's data while refusing to send his document to the other party, and the TTP can provide affidavits attesting to what happened during the exchange. To our knowledge, the protocols presented here are the first exchange protocols which use offline TTP and at the same time guarantee true fair exchange of digital messages. We introduce a novel cryptographic primitive, called the Certificate of Encrypted Message Being a Signature (CEMBS), as the basic building block of the fair exchange protocols. It is used to prove that an encrypted message is a certain party's signature on a public file, without revealing the signature. We also give two examples to show in detail how the certificate can be constructed.