Chapter

Public Key Cryptography – PKC 2007

Volume 4450 of the series Lecture Notes in Computer Science pp 118-133

Optimistic Fair Exchange in a Multi-user Setting

  • Yevgeniy DodisAffiliated withDepartment of Computer Science, New York University, NY
  • , Pil Joong LeeAffiliated withDepartment of Electronic and Electrical Eng., POSTECH, Pohang
  • , Dae Hyun YumAffiliated withDepartment of Electronic and Electrical Eng., POSTECH, Pohang

Abstract

This paper addresses the security of optimistic fair exchange in a multi-user setting. While the security of public key encryption and public key signature schemes in a single-user setting guarantees the security in a multi-user setting, we show that the situation is different in the optimistic fair exchange. First, we show how to break, in the multi-user setting, an optimistic fair exchange scheme provably secure in the single-user setting. This example separates the security of optimistic fair exchange between the single-user setting and the multi-user setting. We then define the formal security model of optimistic fair exchange in the multi-user setting, which is the first complete security model of optimistic fair exchange in the multi-user setting. We prove the existence of a generic construction meeting our multi-user security based on one-way functions in the random oracle model and trapdoor one-way permutations in the standard model. Finally, we revisit two well-known methodologies of optimistic fair exchange, which are based on the verifiably encrypted signature and the sequential two-party multisignature, respectively. Our result shows that these paradigms remain valid in the multi-user setting.