Research On Design And Security Of The Fair Exchange Protocol

In the era of electronic commerce, the rapid development of the internet transaction has greatly improved the convenience and quickness, but it also brings the risk of online transactions. There are some specialties in the online transactions or business with the extremely complex network environment. And the participant can disappear without a trace at the end of the transaction. The traceability and disputes may arise after the transaction, which has brought more troubles. Therefore, the problem of the fair exchange becomes particularly important. And how to ensure the security of online transactions has become an urgent problem needs to solve. Beside the requirements of effectiveness, confidentiality, authentication and integrity, e-commerce also needs to satisfy timeless, non-repudiation and abuse-freeness etc., and the fair exchange protocol is the key to achieving these security properties.In recent years, many researchers have proposed a number of efficient fair exchange protocols and primitives of the fair exchange protocol. These results laid the foundation for the research on fair exchange protocol, but still have some defects. For example, most of the fair exchange protocol can not guarantee the abuse-freeness for a good party; the primitives of the two parties fair exchange protocol can not be directly used to design multi-party exchange protocol; most multi-contract signing protocol is only suitable for asynchronous networks, no maximum number of rounds for message delay, and efficiency is relatively low. Therefore, in designing safe and efficient fair exchange protocol that much work needs further study.This dissertation mainly focuses on the design and security analysis of the fair exchange protocol. The content of this dissertation includes four aspects: the design of the paradigm of the fair exchange protocol, the design of the fair exchange protocol, the design of the multi-party fair exchange protocol and the design of the fair exchange protocol without involved TTP. The main innovation of this dissertation briefly summarized as follows:1?In the verifiably encrypted signature:Utilizing the Shim's identity-based signature scheme, a new identity-based verifiably encrypted signature scheme is proposed. As a building block of the fair exchange protocol, this approach does not use any zero-knowledge proofs to provide verifiability; it avoids most of the costly computations.2?To construct the multi-party fair exchange protocol (multi-party contract signing protocol), a new concept:Aggregate verifiably encrypted signature (AVES) scheme is proposed by combining aggregate signature with the new verifiably encrypted signature scheme. As a building block of the multi-party fair exchange protocol, many signers can aggregate their verifiably encrypted signature to one commitment message by using aggregate verifiably encrypted signature scheme. Thus, the verifier interacts with each signer for certification can be avoided, and only needs once.3?In the fair exchange protocol:Firstly, utilizing the Cha-Cheon's identity-based signature scheme, a new provably secure identity-based verifiably encrypted signature scheme is proposed. Then, combining the proposed scheme and identity-based proxy verifiably encrypted signature scheme, a new novel multiplex contract signing protocol is proposed. The original signer or proxy signer uses verifiably encrypted signature or proxy verifiably encrypted signature to realize the interaction and certification of the commitment message in the information exchange process. The users can be any combination of forms of the original signer and the proxy signer, such as the original signer and the original signer, the original signer and the proxy signer, the proxy signer and the proxy signer. Secondly, based on the key-exposure-free chameleon hashing scheme, a new timeliness optimistic fair exchange protocol is proposed. The new scheme does not require the use of interactive zero-knowledge proofs in the exchange phase. Both parties can contact the trusted third party and settle the argument before the deadline. Finally, based on the security analysis, an abuse-free optimistic fair exchange protocol can not satisfy the requirement of fairness. Such weaknesses may lead to an unfair situation for the honest party. In order to overcome these weaknesses, a new secure abuse-free optimistic fair exchange protocol is proposed. In the proposed scheme, both parties can contact the trusted third party and settle the argument before the deadline.4?In the multi-party fair exchange protocol:Utilizing the unrestricted aggregate signature scheme and the public-key cryptosystem based broadcast protocol, a new multi-party contract signing protocol (MCSP) was proposed. The MCSP employed the public-key cryptosystem based broadcast protocol (PCBP) to distribute the messages of the signers, and employed the unrestricted aggregate signature scheme to sign the contract between the signers. The scheme does not require the order to send the messages and determining the number of dishonest in advance, and sets the validity of the certificate.5?In the fair exchange protocol without involved TTP:Through analysis, the perfect concurrent signature (CS)-based fair exchange protocol does not satisfy the property of the abuse-freeness if both parties are honest. Before releasing the secret information (keystone), anyone can identify who is the real signer when two parties have exchanged their two ambiguous signatures and relative data items. Then, an improved perfect concurrent signature-based fair exchange protocol was presented which overcomes the flaw of the previous scheme and realizes the property of the abuse-freeness. Based on the security analysis, an existing signcryption-based concurrent signature is broken. If the receiver has a valid ambiguous signature of the signer, without the signer's keystone and secret key, he can obtain the signer's message and forge an ambiguous signature on arbitrary message on behalf of the signer easily. So, the fair exchange protocol is insecure. Then, an improved signcrytion-base concurrent signature was presented which overcame the flaw of the previous scheme, which ensured the security of the fair exchange protocol.