Abstract
This paper presents a new simple schemes for verifiable encryption of digital signatures. We make use of a trusted third party (TTP) but in an optimistic sense, that is, the TTP takes part in the protocol only if one user cheats or simply crashes. Our schemes can be used as primitives to build efficient fair exchange and certified e-mail protocols.
- Asokan, N., Schunter, M., and Waidner, M. 1997. Optimistic protocols for fair exchange. In Fourth ACM Conference on Computer and Communication Security. ACM Press, 8--17.]] Google Scholar
- Asokan, N., Shoup, V., and Waidner, M. 1998a. Asynchronous protocols for optimistic fair exchange. In IEEE Symposium on Security and Privacy (Oakland, CA).]]Google Scholar
- Asokan, N., Shoup, V., and Waidner, M. 1998b. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications 18, 4, 593--610, 2000. Extended abstract in Advances in Cryptology---EUROCRYPT'98. Lecture Notes in Computer Science, vol. 1403. Springer-Verlag, Berlin, 591--606.]]Google Scholar
- Ateniese, G. 1999. Efficient verifiable encryption (and fair exchange) of digital signatures. In Sixth ACM Conference on Computer and Communications Security (ACM CCS'99). Also appeared as IBM Research Report.]] Google Scholar
- Ateniese, G., de Medeiros, B., and Goodrich, M. T. 2001. TRICERT: distributed certified e-mail schemes. In ISOC 2001 Network and Distributed System Security Symposium (NDSS'01) (San Diego, CA, USA).]]Google Scholar
- Ateniese, G. and Nita-Rotaru, C. 2002. Stateless-recipient certified e-mail system based on verifiable encryption. In RSA 2002, McEnery Convention Center (San Jose, CA, USA, Feb. 19--22).]] Google Scholar
- Bahreman A. and Tygar, J. D. 1994. Certified electronic mail. In Proceedings of Symposium on Network and Distributed Systems Security (Feb. 1994). I. Society, 3--19.]]Google Scholar
- Bao, F., Deng, R. H., and Mao. W. 1998. Efficient and practical fair exchange protocols with off-line TTP. In IEEE Symposium on Security and Privacy (Oakland, CA).]]Google Scholar
- Bellare, M. and Rogaway, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communication Security. ACM Press, 62--73.]] Google Scholar
- Ben-Or, M., Goldreich, O., Micali, S., and Rivest, R. 1990. A fair protocol for signing contracts. IEEE Transactions on Information Theory IT-36, 1, 40--46.]]Google Scholar
- Boneh, D. 1998. The decision Diffie-Hellman problem. In Algorithmic Number Theory (ANTS-III). Lecture Notes in Computer Science, vol. 1423. Springer-Verlag, Berlin, 48--63.]] Google Scholar
- Camenisch, J. and Damgard, I. B. 2000. Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In Advances in Cryptology---ASIACRYPT'00. Lecture Notes in Computer Science, vol. 1976. Springer-Verlag, Berlin, 331--345.]] Google Scholar
- Camenisch, J. and Michels, M. 1998a. A group signature scheme with improved efficiency. In Advances in Cryptology---ASIACRYPT'98. Lecture Notes in Computer Science, vol. 1514. Springer-Verlag, Berlin, 160--174.]] Google Scholar
- Camenisch, J. and Michels, M. 1998b. A Group Signature Scheme Based on an RSA-Variant. Technical Report RS-98-27, BRICS, Aarhus. An earlier version appears in Camenisch and Michels {1998}.]]Google Scholar
- Camenisch, J. and Michels, M. 1999a. Proving in zero-knowledge that a number is the product of two safe primes. In Advances in Cryptology---EUROCRYPT'99. Lecture Notes in Computer Science. Springer-Verlag, Berlin.]]Google Scholar
- Camenisch, J. and Michels, M. 1999b. Separability and efficiency for generic group signature schemes. In Advances in Cryptology---Crypto'99.]] Google Scholar
- Chan, A., Frankel, Y., and Tsiounis, Y. 1998. Easy come---easy go divisible cash. In Advances in Cryptology---EUROCRYPT'98. Lecture Notes in Computer Science, vol. 1403. Springer-Verlag, Berlin, 561--575. Updated and corrected version available as GTE Technical Report.]]Google Scholar
- Chaum, D. and Pedersen, T. 1992. Wallet databases with observers. In Advances in Cryptology---Crypto'92, 89--105.]] Google Scholar
- Cramer, R. and Shoup, V. 1999. Signature schemes based on the strong RSA assumption. In Sixth ACM Conference on Computer and Communication Security. ACM Press.]] Google Scholar
- Deng, R. H., Gong, L., Lazar, A., and Wang, W. 1996. Practical protocols for certified electronic e-mail. Journal of Networks and Systems Management 4, 3, 279--297.]]Google Scholar
- Even, S., Goldreich, O., and Lempel, A. 1985. A randomized protocol for signing contracts. Communications of the ACM 28, 6, 637--647.]] Google Scholar
- Fiat, A. and Shamir, A. 1987. How to prove yourself: practical solutions to identification and signature problems. In Advances in Cryptology---CRYPTO'86. Lecture Notes in Computer Science, vol. 263. Springer-Verlag, Berlin, 186--194.]] Google Scholar
- Fujisaki, E. and Okamoto, T. 1997. Statistical zero knowledge protocols to prove modular polynomial relations. In Advances in Cryptology---CRYPTO '97. Lecture Notes in Computer Science, vol. 1294. Springer-Verlag, Berlin, 16--30.]] Google Scholar
- Gennaro, R., Halevi, S., and Rabin, T. 1999. Secure signatures, without trees or random oracles. In Advances in Cryptology---EUROCRYPT'99. Lecture Notes in Computer Science, vol. 1592. Springer-Verlag, Berlin, 123--139.]]Google Scholar
- Guillou, L. C. and Quisquater, J. J. 1988. A paradoxical identity-based signature scheme resulting from zero-knowledge. In Advances in Cryptology---CRYPTO'88. Lecture Notes in Computer Science, vol. 403. Springer-Verlag, Berlin, 216--231.]] Google Scholar
- Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. 1996. Handbook of Applied Cryptography. CRC Press, Boco Raton, FL (ISBN 0-8493-8523-7).]] Google Scholar
- Micali, S. 1997. Certified e-mail with invisible post offices. Presented at the 1997 RSA Security Conference.]]Google Scholar
- Naccache, D. and Stern, J. 1998. A new public key cryptosystem based on higher residues. In Fifth ACM Conference on Computer and Communications Security. ACM Press, 59--66.]] Google Scholar
- Okamoto, T. and Uchiyama, S. 1998. A new public-key cryptosystem as secure as factoring. In Advances in Cryptology----EUROCRYPT'98. Lecture Notes in Computer Science, vol. 1403. Springer-Verlag, Berlin, 308--318.]]Google Scholar
- Poupard, G. and Stern, J. 1998. Security analysis of a practical "on the fly" authentication and signature generation. In Advances in Cryptology---EUROCRYPT'98. Lecture Notes in Computer Science, vol. 1403. Springer-Verlag, Berlin, 422--436.]]Google Scholar
- Riordan, J. and Schneier, B. 1998. A certified e-mail protocol. In Thirteenth Annual Computer Security Applications Conference (Dec.), 100--106.]] Google Scholar
- Rivest, R. L., Shamir, A., and Adleman, L. M. 1978. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 2, 120--126.]] Google Scholar
- Schnorr, C. P. 1991. Efficient signature generation by smart-cards. Journal of Cryptology 4, 3, 161--174.]]Google Scholar
- Zhou, J. and Gollmann, D. 1996. Certified electronic mail. In Proceedings of Computer Security---ESORICS'96. Springer-Verlag, Berlin, 55--61.]] Google Scholar
Index Terms
- Verifiable encryption of digital signatures and applications
Recommendations
Efficient verifiable encryption (and fair exchange) of digital signatures
CCS '99: Proceedings of the 6th ACM conference on Computer and communications securityA fair exchange protocol allows two users to exchange items so that either each user gets the other's item or neither user does. In [2], verifiable encryption is introduced as a primitive that can be used to build extremely efficient fair exchange ...
Security Arguments for Digital Signatures and Blind Signatures
Since the appearance of public-key cryptography in the seminal Diffie--Hellman paper, many new schemes have been proposed and many have been broken. Thus, the simple fact that a cryptographic algorithm withstands cryptanalytic attacks for several years ...
An efficient contract signing protocol using the aggregate signature scheme to protect signers' privacy and promote reliability
Contract signing conducted over the Internet arouses concerns of fairness. Two signing parties exchange their signatures in a fair manner, so that no party can gain an advantage over the other. This paper will discuss the security issues of signers' ...
Comments