Efficient Fair Certified E-Mail Delivery Based on RSA
Certified e-mail delivery (CEMD) has become one of the basic requirement in performing business transactions over the Internet securely. How to construct fair protocols for certified e-mail delivery based on the RSA cryptosystem is of great interest.
Recently, Nenadic etc. proposed a novel RSA-based method for the verifiableand recoverable encrypted signature (VRES), and utilized it to construct a security protocol for certified e-mail delivery, which are claimed to provide strong fairness to ensure that the recipient receives the e-mail if and only if the sender receives the receipt. However, as a building block, their RSA-based VRES is totally breakable. This papers shows that an adversary can generate a valid VRES which cannot be recovered by the designated TTP, and hence the proposed certified e-mail delivery protocol cannot guarantee the required fairness.
Based on probabilistic signatures, we proposed a novel fair CEMD protocol which works with the RSA cryptosystem and guarantees strong fairness. Moreover, there is no need for a registration phase between a party and TTP, and the proposed protocol is more computation and communication efficient.
KeywordsFair exchange RSA E-mail Security protocol
Unable to display preview. Download preview PDF.
- 2.Ateniese, G.: Verifiable encryption of digital signatures and applications. ACM Transactions on Information and System Security 7,1, 1–20 (2004)Google Scholar
- 4.Bao, F., Deng, R., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In: Proc. IEEE Symposium on Security and Privacy, pp. 77–85 (1998)Google Scholar
- 6.Camenisch, J.L., Michels, M.: Separability and efficiency for generic group signature schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 106–121. Springer, Heidelberg (1999)Google Scholar
- 9.Even, S., Yacobi, Y.: Relations among public key signature schemes. Technical Report 175, Computer Science Dept., Technion, Israel (1980)Google Scholar
- 10.Franklin, M., Reiter, M.: Fair exchange with a semi-trusted third party. In: Proc. ACM conference on computer and communications security, Zurich, pp. 1–5 (1997)Google Scholar
- 11.Garay, J.A., Jakobsson, M., MacKenzie, P.D.: Abuse-free optimistic contract signing. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999)Google Scholar
- 12.Schneier, B., Riordan, J.: A certified E-mail protocol. In: Proc. 13th Computer Security Applications Conference, pp. 347–352. ACM Press, New York (1998)Google Scholar
- 14.Nenadic, A., Zhang, N., Barton, S.: Fair certified E-mail delivery. In: Proc. ACM Symposium on Applied Computing (SAC 2004) - Computer Security Track, Nicosia, Cyprus, pp. 391–396 (2004)Google Scholar
- 15.Nenadic, A., Zhang, N., Barton, S.: FIDES-A middleware E-commerce security solution. In: Proc. 3rd European Conference on Information Warfare and Security (ECIW 2004), London, UK, pp. 295–304 (2004)Google Scholar
- 16.S/MIME. Secure Multipurpose Internet Mail Extensions, Available at, http://www.rsasecurity.com/standards/smime/
- 17.OpenPGP, An Open Specification for Pretty Good Privacy, Available at, http://www.ietf.org/html.charters/openpgp-charter.html