Abstract
-
How to sign an electronic contract online between two parties
(say Alice and Bob) in a fair manner is an interesting problem, and has
been studied for a long time. Optimistic Fair Exchange (OFE) is an
efficient solution to this problem, in which a semi-trusted third party
named arbitrator is called in to resolve a dispute if there is one during an
exchange between Alice and Bob. Recently, several extensions of OFE,
such as Ambiguous OFE (AOFE) and Perfect AOFE (PAOFE), have
been proposed to protect the privacy of the exchanging parties. These
variants prevent any outsider including the arbitrator from telling which
parties are involved in the exchange of signatures before the exchange
completes.
However, in PAOFE, AOFE, and all the current work on OFE, the
arbitrator can always learn the signer’s signature at (or before) the end
of a resolution, which is undesirable in some important applications,
for example, signing a contract between two parties which do not wish
others to find out even when there is a dispute that needs a resolution by
the arbitrator. In this work, we introduce a new notion called Privacy-
Preserving Optimistic Fair Exchange (P2OFE), in which other than Alice
and Bob, no one else, including the arbitrator, can collect any evidence
about an exchange between them even after the resolution of a dispute.
We formally define P2OFE and propose a security model. We also propose
a concrete and efficient construction of P2OFE, and prove its security
based on the Strong Diffie-Helllman and Decision Linear assumptions in
the standard model.