Fair exchange in e-commerce and certified e-mail, new scenarios and protocols

We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’àmbit del comerç electrònic està experimentant un creixement estable. Aquest increment d’ús està promovent lamigració de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantació. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmà, i quan es paga per un bé o servei ambdós venedor i comprador hi són presents. Quan totes les parts hi són presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el món electrònic. Així doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència física no és necessària, de fet, la majoria de vegades és fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no és necessari que siguin humans, podrien sermàquines. Llavors, la seguretat de que la transacció s’executarà correctament no està assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no té la seguretat que rebrà els objectes de les altres parts. L’intercanvi equitatiu té multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepció, o un procés de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi és estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A més, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mínim nombre de transaccions necessàries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participació demúltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants és de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa

SoK:Communication across distributed ledgers

Since the inception of Bitcoin, a plethora of distributed ledgers differing in design and purpose has been created. While by design, blockchains provide no means to securely communicate with external systems, numerous attempts towards trustless cross-chain communication have been proposed over the years. Today, cross-chain communication (CCC) plays a fundamental role in cryptocurrency exchanges, scalability efforts via sharding, extension of existing systems through sidechains, and bootstrapping of new blockchains. Unfortunately, existing proposals are designed ad-hoc for specific use-cases, making it hard to gain confidence in their correctness and composability. We provide the first systematic exposition of cross-chain communication protocols. We formalize the underlying research problem and show that CCC is impossible without a trusted third party, contrary to common beliefs in the blockchain community. With this result in mind, we develop a framework to design new and evaluate existing CCC protocols, focusing on the inherent trust assumptions thereof, and derive a classification covering the field of cross-chain communication to date. We conclude by discussing open challenges for CCC research and the implications of interoperability on the security and privacy of blockchains

Official Arbitration with Secure Cloud Storage Application

Static and dynamic proof of storage schemes have been proposed for use in secure cloud storage scenarios. In this setting, a client outsources storage of her data to a server, who may, willingly or not, corrupt the data (e.g., due to hardware or software failures), or delete infrequently accessed parts to save space. Most of the existing schemes only solve part of this problem: The client may ask for a cryptographic proof of integrity from the server. But what happens if this proof fails to verify? We argue that in such a case, both the client and the server should be able to contact an official court, providing cryptographic proofs, so that the Judge can resolve this dispute. We show that this property is stronger than what has been known as public verifiability in the sense that official arbitration should handle a malicious client as well. We clearly show this formalization difference, and then present multiple schemes that work for various static and dynamic storage solutions in a generic way. We implement our schemes and show that they are very efficient, diminishing the validity of arguments against their use, where the overhead for adding the ability to resolve such disputes at a court is only 2 ms and 80 bytes for each update on the stored data, using standard desktop hardware. Finally, we note that disputes may arise in many other situations, such as when two parties exchange items (e.g., e-commerce) or agree on something (e.g., contract-signing). We show that it is easy to extend our official arbitration protocols for a general case, including dynamic authenticated data structures

A Blockchain-based Decentralized Electronic Marketplace for Computing Resources

AbstractWe propose a framework for building a decentralized electronic marketplace for computing resources. The idea is that anyone with spare capacities can offer them on this marketplace, opening up the cloud computing market to smaller players, thus creating a more competitive environment compared to today's market consisting of a few large providers. Trust is a crucial component in making an anonymized decentralized marketplace a reality. We develop protocols that enable participants to interact with each other in a fair way and show how these protocols can be implemented using smart contracts and blockchains. We discuss and evaluate our framework not only from a technical point of view, but also look at the wider context in terms of fair interactions and legal implications

Electronic money and the derived applications: anonymous micropayment, receipt-free electronic voting and anonymous internet access.

by Chan Yuen Yan.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 91-[97]).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 1.1 --- Transition to a New Monetary System --- p.3Chapter 1.2 --- Security and Cryptography --- p.3Chapter 1.3 --- Electronic Cash: More than an Electronic Medium of Transaction --- p.4Chapter 1.4 --- Organisation of the Thesis --- p.5Chapter 2 --- Cryptographic Primitives --- p.7Chapter 2.1 --- One-way Hash Functions --- p.7Chapter 2.2 --- The Bit Commitment Protocol --- p.8Chapter 2.3 --- Secret Splitting --- p.8Chapter 2.4 --- Encryption / Decryption --- p.9Chapter 2.4.1 --- Symmetric Encryption --- p.10Chapter 2.4.2 --- Asymmetric Encryption --- p.10Chapter 2.5 --- The RSA Public Key Cryptosystem --- p.11Chapter 2.6 --- Blind Signature --- p.12Chapter 2.7 --- Cut-and-choose procotol --- p.13Chapter 2.8 --- The Elliptic Curve Cryptosystem (ECC) --- p.14Chapter 2.8.1 --- The Elliptic Curve Discrete Logarithm Problem --- p.15Chapter 2.8.2 --- Cryptographic Applications Implemented by ECC --- p.15Chapter 2.8.3 --- Analog of Diffie-Hellman Key Exchange --- p.15Chapter 2.8.4 --- Data Encryption [11] --- p.16Chapter 2.8.5 --- The ECC Digital Signature --- p.17Chapter 3 --- What is Money? --- p.18Chapter 3.1 --- Money --- p.18Chapter 3.1.1 --- The History of Money [17] --- p.19Chapter 3.1.2 --- Functions of Money --- p.20Chapter 3.2 --- Existing Payment Systems --- p.22Chapter 3.2.1 --- Cash Payments --- p.22Chapter 3.2.2 --- Payment through Banks --- p.22Chapter 3.2.3 --- Using Payment Cards --- p.23Chapter 4 --- Electronic Cash --- p.24Chapter 4.1 --- The Basic Requirements --- p.24Chapter 4.2 --- Basic Model of Electronic Cash --- p.25Chapter 4.2.1 --- Basic Protocol --- p.26Chapter 4.2.2 --- Modified Protocol --- p.27Chapter 4.2.3 --- Double Spending Prevention --- p.30Chapter 4.3 --- Examples of Electronic Cash --- p.31Chapter 4.3.1 --- eCash --- p.31Chapter 4.3.2 --- CAFE --- p.31Chapter 4.3.3 --- NetCash --- p.32Chapter 4.3.4 --- CyberCash --- p.32Chapter 4.3.5 --- Mondex --- p.33Chapter 4.4 --- Limitations of Electronic Cash --- p.33Chapter 5 --- Micropayments --- p.35Chapter 5.1 --- Basic Model of Micropayments --- p.36Chapter 5.1.1 --- Micropayments generation --- p.37Chapter 5.1.2 --- Spending --- p.37Chapter 5.1.3 --- Redemption --- p.38Chapter 5.2 --- Examples of Micropayments --- p.39Chapter 5.2.1 --- Pay Word --- p.39Chapter 5.2.2 --- MicroMint --- p.40Chapter 5.2.3 --- Millicent --- p.41Chapter 5.3 --- Limitations of Micropayments --- p.41Chapter 5.4 --- Digital Money - More then a Medium of Transaction --- p.42Chapter 6 --- Anonymous Micropayment Tickets --- p.45Chapter 6.1 --- Introduction --- p.45Chapter 6.2 --- Overview of the Systems --- p.46Chapter 6.3 --- Elliptic Curve Digital Signature --- p.48Chapter 6.4 --- The Micropayment Ticket Protocol --- p.49Chapter 6.4.1 --- The Micropayment Ticket --- p.50Chapter 6.4.2 --- Payment --- p.51Chapter 6.4.3 --- Redemption --- p.52Chapter 6.4.4 --- Double Spending --- p.52Chapter 6.5 --- Security Analysis --- p.52Chapter 6.5.1 --- Conditional Anonymity --- p.53Chapter 6.5.2 --- Lost Tickets --- p.53Chapter 6.5.3 --- Double Spending --- p.53Chapter 6.5.4 --- Collusion with Vendors --- p.53Chapter 6.6 --- Efficiency Analysis --- p.55Chapter 6.7 --- Conclusion --- p.56Chapter 7 --- Anonymous Electronic Voting Systems --- p.57Chapter 7.1 --- Introduction --- p.57Chapter 7.2 --- The Proposed Electronic Voting System --- p.58Chapter 7.2.1 --- The Proposed Election Model --- p.58Chapter 7.3 --- Two Cryptographic Protocols --- p.60Chapter 7.3.1 --- Protocol One - The Anonymous Authentication Protocol --- p.61Chapter 7.3.2 --- Protocol Two - Anonymous Commitment --- p.64Chapter 7.4 --- The Electronic Voting Protocol --- p.65Chapter 7.4.1 --- The Registration Phase --- p.66Chapter 7.4.2 --- The Polling Phase --- p.66Chapter 7.4.3 --- Vote-Opening Phase --- p.67Chapter 7.5 --- Security Analysis --- p.68Chapter 7.5.1 --- Basic Security Requirements --- p.68Chapter 7.5.2 --- Receipt-freeness --- p.71Chapter 7.5.3 --- Non-transferability of Voting Right --- p.72Chapter 7.6 --- Conclusion --- p.72Chapter 8 --- Anonymous Internet Access --- p.74Chapter 8.1 --- Introduction --- p.74Chapter 8.2 --- Privacy Issues of Internet Access Services --- p.75Chapter 8.2.1 --- Present Privacy Laws and Policies --- p.75Chapter 8.2.2 --- Present Anonymous Internet Services Solutions --- p.76Chapter 8.2.3 --- Conditional Anonymous Internet Access Services --- p.76Chapter 8.3 --- The Protocol --- p.77Chapter 8.3.1 --- ISP issues a new pass to Alice using blind signature [1] scheme --- p.77Chapter 8.3.2 --- Account Operations --- p.78Chapter 8.4 --- Modified Version with Key Escrow on User Identity --- p.79Chapter 8.4.1 --- Getting a new pass --- p.79Chapter 8.4.2 --- Account operations --- p.82Chapter 8.4.3 --- Identity revocation --- p.83Chapter 8.5 --- Security Analysis --- p.83Chapter 8.5.1 --- Anonymity --- p.83Chapter 8.5.2 --- Masquerade --- p.84Chapter 8.5.3 --- Alice cheats --- p.84Chapter 8.5.4 --- Stolen pass --- p.84Chapter 8.6 --- Efficiency --- p.85Chapter 8.6.1 --- Random number generation --- p.85Chapter 8.6.2 --- Signing on the pass --- p.86Chapter 8.6.3 --- Pass validation --- p.86Chapter 8.6.4 --- Identity recovery --- p.87Chapter 8.7 --- Conclusion --- p.87Chapter 9 --- Conclusion --- p.88Bibliography --- p.9