Coin-Based Multi-party Fair Exchange

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12726)


Multi-party fair exchange (MFE) considers scenarios where fairness means that either all exchanges as agreed upon between multiple parties take place, or no item changes hands. The two-party case was widely studied starting with the seminal work of Asokan et al. in ACM CCS 1998. The state-of-the-art MFE protocol was shown by Kılınç and Küpçü in CT-RSA 2015. Unfortunately, it only works on items that can be efficiently verifiably encrypted, which, in particular, means that it cannot efficiently handle exchange of large files in a peer-to-peer file sharing scenario. In this work, first, we extend the optimistic two-party fair computation definition of Cachin and Camenisch in CRYPTO 2000 for the MFE setting, and prove the security of our protocol with ideal-real simulation. Secondly, we extend the CT-RSA 2015 solution of Kılınç and Küpçü in a way that our protocol enables parties to exchange any item, be it a large file. While doing so, we employ electronic payments, where if a party does not obtain the desired item at the end of the protocol, the payment of the item’s owner will be obtained instead. Third, we achieve asymptotic optimality with O(1) rounds and \( O(n^2) \) messages, where n is the number of participating parties. Finally, we also provide experimental results from our prototype code.


Multi-party fair exchange Optimistic model Electronic payments Threshold cryptography 



We acknowledge the support of the Turkish Academy of Sciences and TÜBİTAK (the Scientific and Technological Research Council of Turkey) project 119E088.


  1. 1.
    Abadi, M., Glew, N.: Certified email with a light on-line trusted third party: design and implementation. In: World Wide Web, pp. 387–395. ACM (2002)Google Scholar
  2. 2.
    Akinyele, J.A., et al.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptographic Eng. 3(2), 111–128 (2013)Google Scholar
  3. 3.
    Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: SP, pp. 443–458. IEEE (2014)Google Scholar
  4. 4.
    Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for multi-party fair exchange. Technical report, IBM Research RZ2892 (1996)Google Scholar
  5. 5.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE J. Sel. Areas Commun. 18, 591–610 (2000)CrossRefGoogle Scholar
  6. 6.
    Ateniese, G.: Efficient verifiable encryption (and fair exchange) of digital signatures. In: ACM CCS, pp. 138–146. ACM (1999)Google Scholar
  7. 7.
    Ateniese, G., Nita-Rotaru, C.: Stateless-recipient certified e-mail system based on verifiable encryption. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 182–199. Springer, Heidelberg (2002). Scholar
  8. 8.
    Avoine, G., Vaudenay, S.: Optimistic fair exchange based on publicly verifiable secret sharing. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 74–85. Springer, Heidelberg (2004). Scholar
  9. 9.
    Bao, F., Deng, R., Nguyen, K.Q., Varadharajan, V.: Multi-party fair exchange with an off-line trusted neutral party. In: DEXA, pp. 858–862. IEEE (1999)Google Scholar
  10. 10.
    Bao, F., Deng, R.H., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In: IEEE Symposium on Security and Privacy, pp. 77–85 (1998)Google Scholar
  11. 11.
    Baum, C., David, B., Dowsley, R.: Insured MPC: efficient secure computation with financial penalties. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 404–420. Springer, Cham (2020). Scholar
  12. 12.
    Belenkiy, M., et al.: Making P2P accountable without losing privacy. In: WPES (2007)Google Scholar
  13. 13.
    Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). Scholar
  14. 14.
    Bentov, I., Kumaresan, R., Miller, A.: Instantaneous decentralized poker. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 410–440. Springer, Cham (2017). Scholar
  15. 15.
    Brownie cashlib cryptographic library.
  16. 16.
    Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000). Scholar
  17. 17.
    Camenisch, J., Damgård, I.: Verifiable encryption, group encryption, and their applications to separable group signatures and signature sharing schemes. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 331–345. Springer, Heidelberg (2000). Scholar
  18. 18.
    Camenisch, J., Lysyanskaya, A., Meyerovich, M.: Endorsed e-cash. In: Security and Privacy, pp. 101–115. IEEE (2007)Google Scholar
  19. 19.
    Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003). Scholar
  20. 20.
    Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13, 143–202 (2000). Scholar
  21. 21.
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 199–203. Springer, Boston, MA (1983). Scholar
  22. 22.
    Chaum, D., den Boer, B., van Heyst, E., Mjølsnes, S., Steenbeek, A.: Efficient offline electronic checks. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 294–301. Springer, Heidelberg (1990). Scholar
  23. 23.
    Cohen, B.: Incentives build robustness in BitTorrent. WEPS 6, 68–72 (2003)Google Scholar
  24. 24.
    Cramer, R., Shoup, V.: Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 45–64. Springer, Heidelberg (2002). Scholar
  25. 25.
    Damgård, I.: On \(\Sigma \)-protocols. University of Aarhus, Department for Computer Science, Lecture Notes (2002)Google Scholar
  26. 26.
    Dodis, Y., Lee, P.J., Yum, D.H.: Optimistic fair exchange in a multi-user setting. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 118–133. Springer, Heidelberg (2007). Scholar
  27. 27.
    Dziembowski, S., Eckey, L., Faust, S.: FairSwap: how to fairly exchange digital goods. In: ACM SIGSAC, pp. 967–984 (2018)Google Scholar
  28. 28.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)Google Scholar
  29. 29.
    Even, S., Yacobi, Y.: Relations among public key signature systems. Technical report, Technical Report 175, Technion, Haifa, Israel (1980)Google Scholar
  30. 30.
    Franklin, M., Tsudik, G.: Secure group barter: multi-party fair exchange with semi-trusted neutral parties. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 90–102. Springer, Heidelberg (1998). Scholar
  31. 31.
    Garay, J.A., MacKenzie, P.: Abuse-free multi-party contract signing. In: Jayanti, P. (ed.) DISC 1999. LNCS, vol. 1693, pp. 151–166. Springer, Heidelberg (1999). Scholar
  32. 32.
    González-Deleito, N., Markowitch, O.: An optimistic multi-party fair exchange protocol with reduced trust requirements. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 258–267. Springer, Heidelberg (2002). Scholar
  33. 33.
    Gordon, D., Ishai, Y., Moran, T., Ostrovsky, R., Sahai, A.: On complete primitives for fairness. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 91–108. Springer, Heidelberg (2010). Scholar
  34. 34.
    Guerraoui, R., Wang, J.: Optimal fair computation. In: Gavoille, C., Ilcinkas, D. (eds.) DISC 2016. LNCS, vol. 9888, pp. 143–157. Springer, Heidelberg (2016). Scholar
  35. 35.
    Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). Scholar
  36. 36.
    Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016). Scholar
  37. 37.
    Kılınç, H., Küpçü, A.: Optimally efficient multi-party fair exchange and fair secure multi-party computation. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 330–349. Springer, Cham (2015). Scholar
  38. 38.
    Kumaresan, R., Bentov, I.: Amortizing secure computation with penalties. In: ACM SIGSAC, pp. 418–429 (2016)Google Scholar
  39. 39.
    Kumaresan, R., Vaikuntanathan, V., Vasudevan, P.N.: Improvements to secure computation with penalties. In: ACM SIGSAC, pp. 406–417 (2016)Google Scholar
  40. 40.
    Küpçü, A., Lysyanskaya, A.: Usable optimistic fair exchange. Computer Networks, pp. 50–63 (2012)Google Scholar
  41. 41.
    Küpçü, A.: Distributing trusted third parties. ACM SIGACT News Distrib. Comput. Column 44, 92–112 (2013)Google Scholar
  42. 42.
    Küpçü, A., Lysyanskaya, A.: Optimistic fair exchange with multiple arbiters. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 488–507. Springer, Heidelberg (2010). Scholar
  43. 43.
    Lindell, A.Y.: Legally-enforceable fairness in secure two-party computation. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 121–137. Springer, Heidelberg (2008). Scholar
  44. 44.
    Liu, Y., Hu, H.: An improved protocol for optimistic multi-party fair exchange. In: EMEIT, vol. 9, pp. 4864–4867. IEEE (2011)Google Scholar
  45. 45.
    Mauw, S., Radomirovic, S., Dashti, M.T.: Minimal message complexity of asynchronous multi-party contract signing. In: CSF, pp. 13–25. IEEE (2009)Google Scholar
  46. 46.
    Meiklejohn, S., Erway, C.C., Küpçü, A., Hinkle, T., Lysyanskaya, A.: ZKPDL: a language-based system for efficient zero-knowledge proofs and electronic cash. In: USENIX Security Symposium (2010)Google Scholar
  47. 47.
    Merkle, R.C.: A digital signature based on a conventional encryption function. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 369–378. Springer, Heidelberg (1988). Scholar
  48. 48.
    Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: PODC, pp. 12–19. ACM (2003)Google Scholar
  49. 49.
    Pagnia, H., Gärtner, F.C.: On the impossibility of fair exchange without a trusted third party. Technical report, TUD-BS-1999-02 (1999)Google Scholar
  50. 50.
    Radomirovic, S.: A construction of short sequences containing all permutations of a set as subsequences. Electron. J. Comb. 19(4), 31 (2012)MathSciNetCrossRefGoogle Scholar
  51. 51.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. ACM Commun. 21, 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  52. 52.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. J. Cryptol. 15, 75–96 (2002)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.Web3.0 FoundationZugSwitzerland
  2. 2.Koç UniversityIstanbulTurkey

Personalised recommendations