An optimistic fair e-commerce protocol for large e-goods

Suppose two entities that do not trust each other want to exchange some arbitrary data over a public channel. A fair exchange protocol ensures that both parties get what they want or neither gets anything. In this paper, a fair e-commerce protocol for large e-goods is proposed and implemented. The proposed protocol provides a method for the fair exchange of e-money for e-products, and a method for verifying the contents of the exchanged items. The protocol is optimistic and efficient such that when none of the parties tries to cheat, only three messages are sufficient. In case of disputes, three more messages are needed. Furthermore, the customer remains anonymous after the transaction; thus, no information about the customers' shopping habits can be gathered through the protocol. The implementation results show that the protocol is efficient and secure and that only a small number of cryptographic operations is sufficient

Cryptanalysis of the RSA-CEGD protocol

Recently, Nenadi\'c et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we demonstrate how this protocol cannot achieve fairness by presenting a severe attack and also pointing out some other weaknesses.Comment: 8 pages, 1 figur

TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub

This paper presents TumbleBit, a new unidirectional unlinkable payment hub that is fully compatible with today s Bitcoin protocol. TumbleBit allows parties to make fast, anonymous, off-blockchain payments through an untrusted intermediary called the Tumbler. TumbleBits anonymity properties are similar to classic Chaumian eCash: no one, not even the Tumbler, can link a payment from its payer to its payee. Every payment made via TumbleBit is backed by bitcoins, and comes with a guarantee that Tumbler can neither violate anonymity, nor steal bitcoins, nor print money by issuing payments to itself. We prove the security of TumbleBit using the real/ideal world paradigm and the random oracle model. Security follows from the standard RSA assumption and ECDSA unforgeability. We implement TumbleBit, mix payments from 800 users and show that TumbleBits offblockchain payments can complete in seconds.https://eprint.iacr.org/2016/575.pdfPublished versio

ESTABLISHED WAYS TO ATTACK EVEN THE BEST ENCRYPTION ALGORITHM

Which solution is the best – public key or private key encryption? This question cannot have a very rigorous, logical and definitive answer, so that the matter be forever settled :). The question supposes that the two methods could be compared on completely the same indicators – well, from my point of view, the comparison is not very relevant. Encryption specialists have demonstrated that the sizes of public key encrypted messages are much bigger than the encrypted message using private key algorithms. From this point of view, we can say that private key algorithms are more efficient than their newer counterparts. Looking at the issue through the eyeglass of the security level, the public key encryption have a great advantage of the private key variants, their level of protection, in the most pessimistic scenarios, being at least 35 time higher. As a general rule, each type of algorithm has managed to find its own market niche where could be applicable as a best solution and be more efficient than the other encryption model.Encryption, decryption, key, cryptanalysis, brute-force, linear, differential, algebra

The Evolution of Embedding Metadata in Blockchain Transactions

The use of blockchains is growing every day, and their utility has greatly expanded from sending and receiving crypto-coins to smart-contracts and decentralized autonomous organizations. Modern blockchains underpin a variety of applications: from designing a global identity to improving satellite connectivity. In our research we look at the ability of blockchains to store metadata in an increasing volume of transactions and with evolving focus of utilization. We further show that basic approaches to improving blockchain privacy also rely on embedding metadata. This paper identifies and classifies real-life blockchain transactions embedding metadata of a number of major protocols running essentially over the bitcoin blockchain. The empirical analysis here presents the evolution of metadata utilization in the recent years, and the discussion suggests steps towards preventing criminal use. Metadata are relevant to any blockchain, and our analysis considers primarily bitcoin as a case study. The paper concludes that simultaneously with both expanding legitimate utilization of embedded metadata and expanding blockchain functionality, the applied research on improving anonymity and security must also attempt to protect against blockchain abuse.Comment: 9 pages, 6 figures, 1 table, 2018 International Joint Conference on Neural Network

A Practical Set-Membership Proof for Privacy-Preserving NFC Mobile Ticketing

To ensure the privacy of users in transport systems, researchers are working on new protocols providing the best security guarantees while respecting functional requirements of transport operators. In this paper, we design a secure NFC m-ticketing protocol for public transport that preserves users' anonymity and prevents transport operators from tracing their customers' trips. To this end, we introduce a new practical set-membership proof that does not require provers nor verifiers (but in a specific scenario for verifiers) to perform pairing computations. It is therefore particularly suitable for our (ticketing) setting where provers hold SIM/UICC cards that do not support such costly computations. We also propose several optimizations of Boneh-Boyen type signature schemes, which are of independent interest, increasing their performance and efficiency during NFC transactions. Our m-ticketing protocol offers greater flexibility compared to previous solutions as it enables the post-payment and the off-line validation of m-tickets. By implementing a prototype using a standard NFC SIM card, we show that it fulfils the stringent functional requirement imposed by transport operators whilst using strong security parameters. In particular, a validation can be completed in 184.25 ms when the mobile is switched on, and in 266.52 ms when the mobile is switched off or its battery is flat