Sciweavers

DRM
2003
Springer

Breaking and repairing optimistic fair exchange from PODC 2003

13 years 8 months ago
Breaking and repairing optimistic fair exchange from PODC 2003
In PODC 2003, Park, Chong, Siegel and Ray [22] proposed an optimistic protocol for fair exchange, based on RSA signatures. We show that their protocol is totally breakable already in the registration phase: the honest-but-curious arbitrator can easily determine the signer’s secret key. On a positive note, the authors of [22] informally introduced a connection between fair exchange and “sequential two-party multisignature schemes” (which we call two-signatures), but used an insecure two-signature scheme in their actual construction. Nonetheless, we show that this connection can be properly formalized to imply provably secure fair exchange protocols. By utilizing the stateof-the-art non-interactive two-signature of Boldyreva [6], we obtain an efficient and provably secure (in the random oracle model) fair exchange protocol, which is based on GDH signatures [9]. Of independent interest, we introduce a unified model for non-interactive fair exchange protocols, which results in a ne...
Yevgeniy Dodis, Leonid Reyzin
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where DRM
Authors Yevgeniy Dodis, Leonid Reyzin
Comments (0)