Untraceable Fair Network Payment Protocols with Off-Line TTP

  • Chih-Hung Wang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2894)


A fair network payment protocol plays an important role in electronic commerce. The fairness concept in payments can be illustrated as that two parties (e.g. customers and merchants) exchange the electronic items (e.g. electronic money and goods) with each other in a fair manner that no one can gain advantage over the other even if there are malicious actions during exchanging process. In the previous works of fair payments, the buyer is usually required to sign a purchase message which can be traced by everyone. The information about where the buyer spent the money and what he purchased would easily be revealed by this way. This paper employs two techniques of off-line untraceable cash and designated confirmer signatures to construct a new fair payment protocol, in which the untraceability (or privacy) property can be achieved. A Restrictive Confirmation Signature Scheme (RCSS) will be introduced and used in our protocol to prevent the interested persons except the off-line TTP (Trusted Third Party) from tracing the buyer’s spending behavior.


Cryptography Electronic cash Payment System Undeniable Signature Designated Confirmer Signatures Electronic Commerce 


  1. ASW98.
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. ASW00 .
    Asokan, N., Shoup, V., Waidner, M.: Optimistic Fair Exchange of Digital Signatures. IEEE Journal on Selected Areas in Communications 18, 591–610 (2000)CrossRefGoogle Scholar
  3. BDM98.
    Bao, F., Deng, R.H., Mao, W.: Efficient and Practical Fair Exchange Protocols with Off-line TTP. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, Oakland, CA, May 1998, pp. 77–85. IEEE Computer Press, Los Alamitos (1998)Google Scholar
  4. BF98 .
    Boyd, C., Foo, E.: Off-line Fair Payment Protocols Using Convertible Signature. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 271–285. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  5. Bra93a.
    Brands, S.: An Efficient Off-line Electronic Cash System Based on the Representation Problem. Technical Report CS-R9323, CWI (Centre for Mathematics and Computer Science), Amsterdam (1993),
  6. Bra93b.
    Brands, S.: Untraceable Off-line Cash inWallets with Observers. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 302–318. Springer, Heidelberg (1994)Google Scholar
  7. BCC88 .
    Brassard, G., Chaum, D., Crepeau, C.: Minimum Disclosure Proofs of Knowledge. Journal of Computer and System Sciences 37(2), 156–189 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  8. CFMT96.
    Chan, A., Frankel, Y., MacKenzie, P., Tsiounis, Y.: Mis-representation of Identities in E-cash Schemes and how to Prevent it. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 276–285. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  9. Cha90.
    Chaum, D.: Zero-knowledge Undeniable Signature. In: Damgård, I.B. (ed.) EUROCRYPT 1990. LNCS, vol. 473, pp. 458–464. Springer, Heidelberg (1991)Google Scholar
  10. Cha94.
    Chaum, D.: Designated Confirmer Signatures. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 86–91. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  11. CHP92.
    Chaum, D., van Heijst, E., Pfitzmann, B.: Cryptographically Strong Undeniable Signers, Unconditionally Secure for the Signer. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 470–484. Springer, Heidelberg (1992)Google Scholar
  12. CA89.
    Chaum, D., Van Antwerpen, H.: Undeniable Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 212–217. Springer, Heidelberg (1990)Google Scholar
  13. Che98.
    Chen, L.: Efficient Fair Exchange with Verifiable Confirmation of Signatures. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 286–299. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  14. DGLW96.
    Deng, R.H., Gong, L., Lazar, A.A., Wang, W.: Practical Protocol for Certified Electronic Mail. Journal of Network and Systems Management 4(3), 279–297 (1996)CrossRefGoogle Scholar
  15. EGL85.
    Even, S., Goldreich, O., Lempel, A.: A Randomized Protocol for Signing Contracts. CACM 28(6), 637–647 (1985)MathSciNetGoogle Scholar
  16. FOO92.
    Fujioka, A., Okamoto, T., Ohta, K.: Interactive Bi-Proof Systems and Undeniable Signature Schemes. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 243–256. Springer, Heidelberg (1991)Google Scholar
  17. GKR97.
    Gennaro, R., Krawczyk, H., Rabin, T.: RSA-Based Undeniable Signatures. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 132–149. Springer, Heidelberg (1997)Google Scholar
  18. GKR99.
    Gennaro, R., Krawczyk, H., Rabin, T.: Undeniable Certificates. Electronic Letters 35(20), 1723–1724 (1999)CrossRefGoogle Scholar
  19. JSI96.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated Verifier Proofs and Their Application. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)Google Scholar
  20. Mao97.
    Mao, W.: Publicly Verifiable Partial Key Escrow. In: Mu, Y., Pieprzyk, J.P., Varadharajan, V. (eds.) ACISP 1997. LNCS, vol. 1270, pp. 240–248. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  21. MS98.
    Michels, M., Stadler, M.: Generic Constructions for Secure and Efficient Confirmer Signature Schemes. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 406–421. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. NMV99.
    Nguyen, K., Mu, Y., Varadharajan, V.: Undeniable Confirmer Signature. In: Zheng, Y., Mambo, M. (eds.) ISW 1999. LNCS, vol. 1729, pp. 235–246. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  23. Oka94.
    Okamoto, T.: Designated Confirmer Signatures and Public-key Encryption Are Equivalent. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 61–74. Springer, Heidelberg (1994)Google Scholar
  24. OO94.
    Okamoto, T., Ohta, K.: How to Simultaneously Exchange Secrets by General Assumption. In: Proceedings of 2nd ACM Conference on Computer and Communications Security, pp. 184–192 (1994)Google Scholar
  25. Pet97.
    Petersen, H.: How to Convert any Digital Signature Scheme into a Group Signature Scheme. In: Security Protocol 1997. LNCS, Springer, Heidelberg (1997)Google Scholar
  26. PS96.
    Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996)Google Scholar
  27. Sch91.
    Schnorr, C.P.: Efficient Signature Generation for Smart Cards. Journal of Cryptology 4(3), 161–174 (1991)zbMATHCrossRefMathSciNetGoogle Scholar
  28. Sta96.
    Stadler, M.: Publicly Verifiable Secret Sharing. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 190–199. Springer, Heidelberg (1996)Google Scholar
  29. WC03.
    Wang, C.-H., Chen, Y.-C.: Proxy Confirmation Signatures. Informatica (2003) (accepted)Google Scholar
  30. ZG96.
    Zhou, J., Gollmann, D.: A Fair Non-repudiation Protocol. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Oakland, CA, pp. 55–61. IEEE Computer Press, Los Alamitos (1996)CrossRefGoogle Scholar
  31. ZG97.
    Zhou, J., Gollmann, D.: An Efficient Non-repudiation Protocol. In: Proceedings of the 1997 IEEE Computer Security Foundations Workshop (CSFW 10)., pp. 126–132. IEEE CS Press, Los Alamitos (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Chih-Hung Wang
    • 1
  1. 1.Department of Computer Science and Information EngineeringNational Chiayi UniversityChiayiTaiwan , R.O.C.

Personalised recommendations