Revisiting optimistic fair exchange based on ring signatures

Yang Wang, Man Ho Allen Au, Willy Susilo

Research output: Journal article publicationJournal articleAcademic researchpeer-review

1 Citation (Scopus)

Abstract

Optimistic fair exchange (OFE) is a kind of protocol that solves the fair exchange problem with the help of a trusted third party, usually referred to as an arbitrator. Participation of the arbitrator is required only when there is a dispute among the exchanging parties. Thus, the majority of the executions of the exchange does not involve the arbitrator and hence the term optimistic. The passive nature of the arbitrator makes optimistic fair exchange a desirable tool in applications, such as contract signing and electronic commerce. The highest level of security of optimistic fair exchange in the literature is the multiuser security in the chosen-key model, proposed by Huang, Yang, Wong, and Susilo in CT-RSA 2008. They showed that an efficient optimistic fair exchange scheme secure in this sense can be constructed generically from a conventional digital signature and a two-party ring signature. In particular, the underlying ring signature is required to be unforgeable under an adaptive attack, against a static adversary in the 2-user setting. In this paper, we propose a new security model for two-party ring signatures called unforgeability against restricted adaptive attacks and demonstrate that our new model is strictly weaker than the model of unforgeable under an adaptive attack, against a static adversary in the 2-user setting. We make an observation that two-party ring signatures secure in this weaker model will suffice to guarantee the security of the resulting OFE scheme following the aforementioned generic construction. Based on this observation, more efficient OFE schemes secure in the standard model can be constructed. Specifically, we prove that the wellknown Bender, Katz, and Morselli's 2-user ring signature is secure in our weakened model. Based on this two-party ring signature, we construct an OFE secure in the chosen-key model offering multiuser security in the standard model under the computational Diffie-Hellman assumption. The assumption is arguably weaker than those used in all existing constructions, which rely on the random oracle model, decisional assumptions, or the strong Diffie-Hellman assumptions. It is also worth noting that our scheme is the most efficient one in the standard model, and offers comparable efficiency against those secure under the random oracle model.
Original languageEnglish
Article number2354986
Pages (from-to)1883-1892
Number of pages10
JournalIEEE Transactions on Information Forensics and Security
Volume9
Issue number11
DOIs
Publication statusPublished - 1 Nov 2014

Keywords

  • Generic construction
  • Optimistic fair exchange
  • Restricted adaptive attacks
  • Two party ring signatures

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this