Skip to main content
placeholder image

Fairness in concurrent signatures revisited

Journal Article


Download full-text (Open Access)

Abstract


  • Concurrent signature, introduced by Chen, Kudla and Paterson, is known to just

    fall short to solve the long standing fair exchange of signature problem without requiring any

    trusted third party (TTP). The price for not requiring any TTP is that the initial signer is

    always having some advantage over the matching signer in controlling whether the protocol

    completes or not, and hence, whether the two ambiguous signatures will bind concurrently

    to their true signers or not. In this paper, we examine the notion and classify the advantages

    of the initial signer into three levels, some of which but not all of them may be known in

    the literature.

    – Advantage level 0 is the commonly acknowledged fact that concurrent signature is not

    abuse-free since an initial signer who holds a keystone can always choose to complete or

    abort a concurrent signature protocol run by deciding whether to release the keystone

    or not.

    – Advantage level 1 refers to the fact that the initial signer can convince a third party that

    both ambiguous signatures are valid without actually making the signatures publicly

    verifiable.

    – Advantage level 2 allows the initial signer to convince a third party that the matching

    signer agrees to commit to a specific message, and nothing else.We stress that advantage

    level 2 is not about proving the possession of a keystone. Proving the knowledge of a

    keystone would make the malicious initial signer accountable as this could only be done

    by the initial signer.

    We remark that the original security models for concurrent signature do not rule out the

    aforementioned advantages of the initial signer. Indeed, we show that theoretically, the

    initial signer always enjoys the above advantages for any concurrent signatures. Our work

    demonstrates a clear gap between the notion of concurrent signature and optimistic fair

    exchange (OFE) in which no party enjoys advantage level 1. Furthermore, in a variant

    known as Ambiguous OFE, no party enjoys advantage level 1 and 2.

UOW Authors


  •   Susilo, Willy
  •   Au, Man Ho Allen (external author)
  •   Wang, Yang (external author)
  •   Wong, Duncan S. (external author)

Publication Date


  • 2013

Citation


  • Susilo, W., Au, M. Ho., Wang, Y. & Wong, D. S. (2013). Fairness in concurrent signatures revisited. Lecture Notes in Computer Science, 7959 318-329. Brisbane, QLD Fairness in concurrent signatures revisited

Scopus Eid


  • 2-s2.0-84884485538

Ro Full-text Url


  • http://ro.uow.edu.au/cgi/viewcontent.cgi?article=2297&context=eispapers

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/1288

Has Global Citation Frequency


Number Of Pages


  • 11

Start Page


  • 318

End Page


  • 329

Volume


  • 7959

Place Of Publication


  • Germany

Abstract


  • Concurrent signature, introduced by Chen, Kudla and Paterson, is known to just

    fall short to solve the long standing fair exchange of signature problem without requiring any

    trusted third party (TTP). The price for not requiring any TTP is that the initial signer is

    always having some advantage over the matching signer in controlling whether the protocol

    completes or not, and hence, whether the two ambiguous signatures will bind concurrently

    to their true signers or not. In this paper, we examine the notion and classify the advantages

    of the initial signer into three levels, some of which but not all of them may be known in

    the literature.

    – Advantage level 0 is the commonly acknowledged fact that concurrent signature is not

    abuse-free since an initial signer who holds a keystone can always choose to complete or

    abort a concurrent signature protocol run by deciding whether to release the keystone

    or not.

    – Advantage level 1 refers to the fact that the initial signer can convince a third party that

    both ambiguous signatures are valid without actually making the signatures publicly

    verifiable.

    – Advantage level 2 allows the initial signer to convince a third party that the matching

    signer agrees to commit to a specific message, and nothing else.We stress that advantage

    level 2 is not about proving the possession of a keystone. Proving the knowledge of a

    keystone would make the malicious initial signer accountable as this could only be done

    by the initial signer.

    We remark that the original security models for concurrent signature do not rule out the

    aforementioned advantages of the initial signer. Indeed, we show that theoretically, the

    initial signer always enjoys the above advantages for any concurrent signatures. Our work

    demonstrates a clear gap between the notion of concurrent signature and optimistic fair

    exchange (OFE) in which no party enjoys advantage level 1. Furthermore, in a variant

    known as Ambiguous OFE, no party enjoys advantage level 1 and 2.

UOW Authors


  •   Susilo, Willy
  •   Au, Man Ho Allen (external author)
  •   Wang, Yang (external author)
  •   Wong, Duncan S. (external author)

Publication Date


  • 2013

Citation


  • Susilo, W., Au, M. Ho., Wang, Y. & Wong, D. S. (2013). Fairness in concurrent signatures revisited. Lecture Notes in Computer Science, 7959 318-329. Brisbane, QLD Fairness in concurrent signatures revisited

Scopus Eid


  • 2-s2.0-84884485538

Ro Full-text Url


  • http://ro.uow.edu.au/cgi/viewcontent.cgi?article=2297&context=eispapers

Ro Metadata Url


  • http://ro.uow.edu.au/eispapers/1288

Has Global Citation Frequency


Number Of Pages


  • 11

Start Page


  • 318

End Page


  • 329

Volume


  • 7959

Place Of Publication


  • Germany