Contract signing, optimism, and advantage

A contract signing protocol lets two parties exchange digital signatures on a pre-agreed text. Optimistic contract signing protocols enable the signers to do so without invoking a trusted third party. However, an adjudicating third party remains available should one or both signers seek timely resolution. We analyze optimistic contract signing protocols using a game-theoretic approach and prove a fundamental impossibility result: in any fair, optimistic, timely protocol, an optimistic player yields an advantage to the opponent. The proof relies on a careful characterization of optimistic play that postpones communication to the third party.     

How to protect exchanged secrets in the fair exchange protocol with off-line TTP

The most efficient approach to a fair exchange is to use an off-line trusted third party (TTP for short) who gets involved only when a dispute between two parties occurs. However, exchanged secrets that are not protected properly may be exposed to the TTP when one of these two parties asks the TTP to mediate the dispute. The first work to protect exchanged secrets from TTP’s misuse was proposed by Franklin and Reiter in 1997. They provided an on-line semi-trusted third party instead of an off-line third party for a fair exchange. Their schemes forced the TTP to take part in the protocol for all the cases, and thus, deemed to be impractical.The present paper, introduces several models, including single and multiple TTPs, to focus the attention not only on security properties, but also on reliability functions. In the single TTP mode, our new scheme can protect the exchanged data through an efficient exchange protocol, whereas in the multiple TTP mode, we proposed an approach to balance the security level with the reliability of the system.     

基于半可信离线第三方的公平交易协议

电子商务是Ｉnternet应用的发展趋势,它的基础这一是公平的交易的协议,提出一种新的解决方案,它所依赖的第三方不必完全可信,且只需离线工作,协议还是高效的,表现为在一般情况下,一次交易只需交互４条信息,同时,交互的信息都自然地被加密,因而特别适合Ｉnternet这种几乎没有物理安全的公共网络,它的理论基础是公开可验证秘密分享原理。     

P2P组合交易的公平支付协议

针对P2P交易环境中的多方组合交易模式,提出一个新的乐观公平的离线支付方案。在该方案中,参与协议的任何一方均不具有优势,信任方不需要在线介入支付过程。分析支付中可能出现的争议,并给出解决方案。分析结果验证了该协议的公平性。     

具有多个仲裁者的可验证加密签名方案及应用

可验证加密签名方案常用于构建公平交换协议,公平交换协议中的可信第三方往往会成为瓶颈。该文将Boneh等提出的单仲裁者可验证加密签名方案扩展为具有多个仲裁者的方案,方案应用无可信中心的可验证秘密共享技术实现了仲裁权力的分散。基于所构建的方案设计了一个公平合同签署协议,协议的可信第三方由多个仲裁者来构成,降低了第三方与其中一方合谋欺骗的风险。除此之外,协议具有不可伪造性、非透明性、公平性和机密性。由于该方案的设计是基于短签名方案和聚集签名方案,因此具有更高的通信效率。     

新的公平数字签名交换方案

基于Gorantla等最近提出的标准模型下可证安全的可验证加密签名,提出了一个优化的公平数字签名交换方案。签名交换双方首先交换他们的可验证加密签名,验证通过以后再交换他们的真实签名,如果其中一方不能诚实地执行协议,则另一方可求助可信任第三方以达到公平交换的目的。提出的方案具有签名长度短、计算量小等优点,可以公平且有效地实现数字签名的交换。     

An efficient protocol for anonymous and fair document exchange

Fairness in document exchange has been well studied, while anonymity in the exchange, which protects the privacy of personal information such as identities and locations, has been either ignored or handled with partial or inappropriate considerations. In this paper we propose a new protocol for anonymous and fair document exchange between two parties with the assistance of an off-line trusted third party. The new protocol treats both fairness and anonymity as essential properties, employs an efficient method for off-line key recovery, and places weak requirements on the security of the third party.     

Assume-guarantee synthesis for digital contract signing

We study the automatic synthesis of fair non-repudiation protocols, a class of fair exchange protocols, used for digital contract signing. First, we show how to specify the objectives of the participating agents and the trusted third party as path formulas in linear temporal logic and prove that the satisfaction of these objectives imply fairness; a property required of fair exchange protocols. We then show that weak (co-operative) co-synthesis and classical (strictly competitive) co-synthesis fail, whereas assume-guarantee synthesis (AGS) succeeds. We demonstrate the success of AGS as follows: (a) any solution of AGS is attack-free; no subset of participants can violate the objectives of the other participants; (b) the Asokan–Shoup–Waidner certified mail protocol that has known vulnerabilities is not a solution of AGS; (c) the Kremer–Markowitch non-repudiation protocol is a solution of AGS; and (d) AGS presents a new and symmetric fair non-repudiation protocol that is attack-free. To our knowledge this is the first application of synthesis to fair non-repudiation protocols, and our results show how synthesis can both automatically discover vulnerabilities in protocols and generate correct protocols. The solution to AGS can be computed efficiently as the secure equilibrium solution of three-player graph games.     

Micali类公平交换协议的分析*

主要对Micali 2003年提出的ECS1协议进行分析。通过分析,找到了已有攻击并发现了五种新攻击,对发现的所有攻击进行深入分析,找出了攻击存在的原因。此外,还对Bao Feng等人给出的该协议的改进方案进行了分析,发现改进方案中还存在冗余。最后,对他们提出的改进协议进行了简化,在不降低安全性的前提下提高了效率。     

Communication efficient shuffle for mental poker protocols

Mental poker protocols are considered to be computationally and communicationally consuming. A secure and fast mental poker protocol was proposed by Wang and Wei (2009) [26]. The cost of communication (total length of message) can be considered as feasible, but is still relatively expensive for networks with lower bandwidths. A shuffle requires 64 MB of data transmission for a typical setting (9 players, 52 cards, 1024 bit keys, and security parameter L = 100). The most communicationally consuming part of Wang and Wei’s protocol is the shuffle verification protocol SV.In this paper, we propose a new method to verify the integrity of the shuffle, namely, NewSV which can be used as a drop-in replacement for SV. NewSV is slower than SV. The benefit of using NewSV is that the communication cost can be greatly reduced. Using the same settings, if NewSV is used instead of SV, then 70% of the communication cost can be saved. A shuffle requires only 20 MB of data transmission for L = 100. The computational overhead is 7-2% for security parameter L = 30-100.This technique can be applied to a similar mental poker protocol proposed by Castella-Roca (2004) [7]. The Castella-Roca’s shuffle requires 154 MB of data transmission for L = 100. By using NewSV, 87% of the communication cost can be reduced so that only 20 MB of data transmission is required. The computational overhead is also 7-2% for L = 30-100.     

EnhancedBit: Unleashing the potential of the unchoking policy in the BitTorrent protocol

In this paper, we propose a modification to the BitTorrent  protocol related to its peer unchoking policy. In particular, we apply a novel optimistic unchoking approach that improves the quality of inter-connections amongst peers, i.e., increases the number of directly-connected and interested-in-cooperation peers without penalizing underutilized and/or idle peers. Our optimistic unchoking policy takes into consideration the number of clients currently interested in downloading from a peer that is to be unchoked. Our conjecture is that peers having few clients interested in downloading data from them, should be favored with optimistic unchoke intervals. This enables the peers in question to receive data since they become unchoked faster and in turn, they will trigger the interest of additional clients. In contrast, peers with plenty of “interested” clients should enjoy a lower priority to be selected as planned optimistic unchoked, since these peers likely have enough data to forward; nevertheless, they receive enough data due to tit-for-tat peer reciprocation and are not in need of optimistic unchoking slots. Armed with this realization, we establish an analytical model and prove a significant performance improvement under our modified BitTorrent  protocol. Experimental results, also, indicate that our approach significantly outperforms the existing optimistic unchoking policy in three important aspects: first, there is a higher number of interested-in-cooperation and directly-connected peers. Second, since leechers now act as data intermediaries, the load on seeders eases up considerably. Last, a shorter bootstrapping period for fresh peers is achieved. Hence, we claim that our approach helps implement an enhanced BitTorrent  protocol and we name it “EnhancedBit”.     

基于RSA签名的优化公平交换协议

公平性是电子商务协议的基本安全要求.RSA是应用最为广泛的公钥密码体制之一.公平交换协议可以使得参与交换的双方以公平的方式交换信息,这样,要么任何一方都可以得到对方的信息,要么双方都得不到对方的信息.分析了现有的公平交换协议构造方法、体系结构及其在实用性和效率方面存在的问题.在此基础上,利用精心构造的扩环中可公开验证的、加密的RSA签名,提出了一种完全基于RSA签名方案的优化公平交换协议,并对其安全性和效率进行了证明和分析.分析表明,提出的方案是简洁、高效、安全的.     

Fair exchange protocol of Schnorr signatures with semi-trusted adjudicator

In this paper, we propose an optimistic fair exchange protocol of Schnorr signatures with a semi-trusted adjudicator. In this protocol, we enforce the adjudicator accountability in the protocol to relax excessive reliance on the trust of the adjudicator, so that the adjudicator only needs to be trusted by the signer. We present a security model and then show that the protocol is strong EUF–CMA secure under the standard Discrete Logarithm (DL) assumption in the random oracle model. Finally, we compare the performance of the fair exchange protocol of Schnorr signatures.     

具有隐私性的公平文档交换协议

提出一种新的公平文档交换协议。在该协议中,交换双方都各自拥有一个秘密消息,他们想以一种公平的方式交换他们的秘密消息,即交换结束后,交换双方要么都获得对方的秘密消息,要么都没有获得对方的秘密消息。与其他的公平交换协议相比,该协议具有很强的隐私性,即使在需要可信任第三方参与解决协议争端的情况下,可信任第三方也无法获得交换过程中传输的秘密消息,因此除了交换双方,任何实体都无法获得交换过程中传输的秘密消息。     

P2P系统的信任研究

由于P2P系统的开放、匿名等特点,使得P2P系统对节点缺乏约束机制,节点间缺乏信任。针对以上问题,本文提出了一种新的P2P系统信任模型,该模型根据系统中节点的历史交易情况和系统中其它节点的推荐计算节点的信任度,节点根据计算的结果决定是否进行交易。仿真试验及分析表明,该模型能有效地评估节点的信任度,隔离恶意节点,提高下载成功率。     

Certificate-based fair exchange protocol of signatures from pairings

In 2003, Boneh et al. proposed the first non-interactive verifiably encrypted signature scheme that can be used to construct optimistic fair exchange protocols of signatures. However, their scheme depends on an entirely honest adjudicator, neither forging signatures nor colluding with one party. To eliminate this unrealistic premise, we propose a new paradigm for building fair exchange protocols of signatures from pairings by choosing a certificate authority CA as an adjudicator. In this paradigm, a certificate, or generally, a signature plays threefold role, firstly acts as the binding of the public key and its holder, secondly acts as a decryption key, and thirdly acts as CA’s guarantee against partiality in adjudication. The proposed protocol not only overcomes the classical authentication problem of public keys, but also relaxes excessive reliance on the trustworthiness of the adjudicator so that the adjudicator only needs to be trusted by the signer.     

基于Schnorr数字签名和秘密分享的交换协议

通过在Schnlorr签名方案中利用秘密分享技术，给出了一种新的公平交易方案。该方案的公平性和安全性依赖于多个可信任第三方(TTP)。由协议的公平性和安全性分析可知，它比那些单纯地依赖于一个可信任第三方的公平交易方案具有更好的安全性和可靠性。     

具有分布式半可信第三方的公平交换协议

运用可验证秘密分享和可验证加密技术设计了一个安全的双方公平交换协议。该协议引入了分布式的半可信第三方,与已有的具有单一半可信第三方的公平交换协议相比,分布式半可信笫三方的存在使新协议的安全性和公平性得到了更好的保证。     

Overlay architectures for file distribution: Fundamental performance analysis for homogeneous and heterogeneous cases

Peer-to-peer networks have been commonly used for tasks such as file sharing or file distribution. We study a class of cooperative file distribution systems where a file is broken up into many chunks that can be downloaded independently. The different peers cooperate by mutually exchanging the different chunks of the file, each peer being client and server at the same time. While such systems are already in widespread use, little is known about their performance and scaling behavior. We develop analytic models that provide insights into how long it takes to deliver a file to N clients given a distribution architecture. Our results indicate that even for the case of heterogeneous client populations it is possible to achieve download times that are almost independent of the number of clients and very close to optimal.     

无须可信第三方的防滥用公平交易协议*

基于改进的完美并发签名,提出了一个无须可信第三方的防滥用公平交易协议,该协议避免了既有方案中买方滥用交易信息获得额外利益的缺陷。协议中,买方对订单、支付凭证、数字内容进行模糊签名;卖方确认买方的消息内容后,对数字内容的哈希结果和买方的订单、支付凭证一起进行模糊签名,买方提供使签名公开可验证的keystone后,卖方提供数字内容的解密密钥。买、卖双方的签名数据中包含了数字内容、支付凭证、订单信息,使得买卖双方的模糊签名与交易信息形成惟一的绑定关系,避免任何一方对签名数据和交易信息的滥用。该协议无须可信第三方