Abstract
We introduce the notion of abuse-free distributed contract signing, that is, distributed contract signing in which no party ever can prove to a third party that he is capable of choosing whether to validate or invalidate the contract. Assume Alice and Bob are signing a contract. If the contract protocol they use is not abuse-free, then it is possible for one party, say Alice, at some point to convince a third party, Val, that Bob is committed to the contract, whereas she is not yet. Contract protocols with this property are therefore not favorable to Bob, as there is a risk that Alice does not really want to sign the contract with him, but only use his willingness to sign to get leverage for another contract. Most existing optimistic contract signing schemes are not abuse-free. (The only optimistic contract signing scheme to date that does not have this property is inefficient, and is only abuse-free against an off-line attacker.) We give an efficient abuse-free optimistic contract-signing protocol based on ideas introduced for designated verifier proofs (i.e., proofs for which only a designated verifier can be convinced). Our basic solution is for two parties. We show that straightforward extensions to n > 2 party contracts do not work, and then show how to construct a three-party abuse-free optimistic contract-signing protocol. An important technique we introduce is a type of signature we call a private contract signature. Roughly, these are designated verifier signatures that can be converted into universally-verifiable signatures by either the signing party or a trusted third party appointed by the signing party, whose identity and power to convert can be verified (without interaction) by the party who is the designated verifier.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
N. Asokan, B. Baum-Waidner, M. Schunter, and M. Waidner. Optimistic synchronous multi-party contract signing. Technical Report RZ3089, IBM Research Report, 1998. to appear in Verlaessliche Informationssysteme 1999.
N. Asokan, M. Schunter, and M. Waidner. Optimistic protocols for fair exchange. In ACM Security’96, pages 6–17.
N. Asokan, V. Shoup, and M. Waidner. Fair exchange of digital signatures. Technical Report RZ2973, IBM Research Report, 1998. Extended Abstract in Eurocrypt’ 98.
B. Baum-Waidner and M. Waidner. Optimistic asynchronous multi-party contract signing. Technical Report RZ3078, IBM Research Report, 1998.
M. Bellare, J. Garay, and T. Rabin. Fast batch exponentiation for modular exponentiation and digital signatures. In EUROCRYPT’98, pages 236–250.
M. Bellare and O. Goldreich. On defining proofs of knowledge. In CRYPTO’92, pages 390–420.
M. Ben-Or, O. Goldreich, S. Micali, and R. Rivest. A fair protocol for signing contracts. IEEE Trans. Info. Theory, 36(1):40–46, 1990.
M. Blum. Coin flipping by telephone: A protocol for solving impossible problems. In CRYPTO’81, pages 11–15. ECE Report 82-04, 1982.
M. Blum. How to exchange (secret) keys. ACM Transactions on Computer Systems, 1(2):175–193, May 1983.
H. Burk and A. Pfitzmann. Value exchange systems enabling security and unobservability. Computers and Security, 9:715–721, 1990.
D. Catalano and R. Gennaro. New efficient and secure protocols for verifiable signature sharing and other applications. In CRYPTO’98, pages 105–120.
D. Chaum. Designated confirmer signatures. In EUROCRYPT’94, pages 86–91.
D. Chaum and H. V. Antwerpen. Undeniable signatures. In CRYPTO’89, pages 212–216.
D. Chaum and T. P. Pedersen. Transferred cash grows in size. In EUROCRYPT’92, pages 390–407.
D. L. Chaum. Silo watching. In CRYPTO’81, pages 138–139. ECE Report 82-04, 1982.
B. Cox, J. D. Tygar, and M. Sirbu. Netbill security and transaction protocol. In First USENIX Workshop on Electronic Commerce, pages 77–88, 1995.
R. Cramer. Modular Design of Secure yet Practical Cryptographic Protocols. PhD thesis, University of Amsterdam, 1995.
R. Cramer, I. Damgård, and B. Schoenmakers. Proofs of partial knowledge and simplified design of witness hiding protocols. In CRYPTO’94, pages 174–187.
I. Damgård and T. Pedersen. New convertible undeniable signature schemes. In EUROCRYPT’96, pages 372–386.
I. B. Damgård. On the existence of bit commitment schemes and zero-knowledge proofs. In CRYPTO’89, pages 17–27.
I. B. Damgård. Practical and provably secure release of a secret and exchange of signatures. J. of Crypt., 8(4):201–222, Autumn 1995.
R. H. Deng, L. Gong, A. A. Lazar, and W. Wang. Practical protocols for certified electronic mail. J. of Network and Systems Management, 4(3), 1996.
T. ElGamal. A public key cryptosystem and a signature scheme based on discrete logarithm. IEEE Trans. Info. Theory, 31:465–472, 1985.
S. Even. A protocol for signing contracts. ACM SIGACT News, 15(1):34–39, 1983.
S. Even, O. Goldreich, and A. Lempel. A randomized protocol for signing contracts. Commun. ACM, 28(6):637–647, June 1985.
U. Feige and A. Shamir. Zero knowledge proofs of knowledge in two rounds. In CRYPTO’89, pages 526–545.
M. Fischer, N. Lynch, and M. Paterson. Impossibility of distributed commit with one faulty process. J. ACM, 32(2), 1985.
M. Franklin and M. Reiter. Fair exchange with a semi-trusted third party. In ACM SECURITY’96, pages 1–5.
J. Garay and P. MacKenzie. Multi-party contract signing. Manuscript.
O. Goldreich. A simple protocol for signing contracts. In CRYPTO’83, pages 133–136.
M. Jakobsson, K. Sako, and R. Impagliazzo. Designated verifier proofs and their applications. In EUROCRYPT’96, pages 143–154.
C. H. Lim and P. J. Lee. More flexible exponentiation with precomputation. In CRYPTO’94, pages 95–107.
S. Micali. Certified e-mail with invisible post offices. Presented at the 1997 RSA Security Conference, 1997.
M. Michels, H. Petersen and P. Horster. Breaking and repairing a convertible undeniable signature scheme. In ACM SECURITY’96, pages 148–152.
D. Pointcheval and J. Stern. Security proofs for signature schemes. In EUROCRYPT’ 96, pages 387–398.
C. P. Schnorr. Efficient identification and signatures for smart cards. In CRYPTO’89, pages 239–252.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garay, J.A., Jakobsson, M., MacKenzie, P. (1999). Abuse-Free Optimistic Contract Signing. In: Wiener, M. (eds) Advances in Cryptology — CRYPTO’ 99. CRYPTO 1999. Lecture Notes in Computer Science, vol 1666. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48405-1_29
Download citation
DOI: https://doi.org/10.1007/3-540-48405-1_29
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66347-8
Online ISBN: 978-3-540-48405-9
eBook Packages: Springer Book Archive