Optimistic fair exchange

A fair exchange guarantees that a participant only reveals its items (such as signatures, payments, or data) if it receives the expected items in exchange. Efficient fair exchange requires a so-called third party, which is assumed to be correct. Optimistic fair exchange involves this third party only if needed, i.e., if the participants cheat or disagree. In Part I, we prove lower bounds on the message and time complexity of two particular instances of fair exchange in varying models, namely contract signing (fair exchange of two signatures under a contract) and certified mail (fair exchange of data for a receipt). We show that all given bounds are tight by describing provably time- and message-optimal protocols for all considered models and instances. In Part II, we have a closer look at formalizing the security of fair exchange. We introduce a new formal notion of security (including secrecy) for reactive distributed systems. We illustrate this new formalism by a specification of certified mail as an alternative to the traditional specification given in Part I. In Part III, we describe protocols for generic and optimistic fair exchange of arbitrary items. These protocols are embedded into the SEMPER Fair Exchange Layer, which is a central part of the SEMPER Framework for Secure Electronic Commerce.Ein Austausch ist fair, wenn eine Partei die angebotenen Güter, wie zum Beispiel digitale Signaturen, Zahlungen oder Daten, nur abgibt, wenn sie die erwarteten Güter im Tausch erhält. Ohne eine als korrekt angenommene dritte Partei, welche eine mit einem Notar vergleichbare Rolle übernimmt, ist fairer Austausch nicht effizient möglich. Ein fairer Austausch heißt optimistisch, falls diese dritte Partei nur in Problemfällen am Protokoll teilnimmt. In Teil I werden beweisbar zeit- und nachrichtenoptimale Protokolle für die Spezialfälle \u27;elektronische Vertragsunterzeichnung" (fairer Austausch zweier Signaturen; engl. contract signing) und \u27;elektronisches Einschreiben" (fairer Austausch von Daten gegen eine Quittung; engl. certified mail) von fairem Austausch vorgestellt. Teil II beschreibt einen neuen Integritäts- und Geheimhaltungsbegriff für reaktive Systeme. Dieser basiert auf einer Vergleichsrelation \u27;so sicher wie", welche die Sicherheit zweier Systeme vergleicht. Ein verteiltes, reaktives System wird dann als sicher bezeichnet, wenn es so sicher wie ein idealisiertes System (engl. trusted host) für diesen Dienst ist. Mit diesem Formalismus geben wir eine alternative Sicherheitsdefinition von \u27;elektronischem Einschreiben" an, deren Semantik im Gegensatz zu der in Teil I beschriebenen Definition nun unabhängig vom erbrachten Dienst ist. Teil III beschreibt ein Design und optimistische Protokolle für generischen fairen Austausch von zwei beliebigen Gütern und den darauf aufbauenden SEMPER Fair Exchange Layer. Dieser ist ein wesentlicher Baustein des SEMPER Framework for Secure Electronic Commerce

Optimistic fair exchange

A fair exchange guarantees that a participant only reveals its items (such as signatures, payments, or data) if it receives the expected items in exchange. Efficient fair exchange requires a so-called third party, which is assumed to be correct. Optimistic fair exchange involves this third party only if needed, i.e., if the participants cheat or disagree. In Part I, we prove lower bounds on the message and time complexity of two particular instances of fair exchange in varying models, namely contract signing (fair exchange of two signatures under a contract) and certified mail (fair exchange of data for a receipt). We show that all given bounds are tight by describing provably time- and message-optimal protocols for all considered models and instances. In Part II, we have a closer look at formalizing the security of fair exchange. We introduce a new formal notion of security (including secrecy) for reactive distributed systems. We illustrate this new formalism by a specification of certified mail as an alternative to the traditional specification given in Part I. In Part III, we describe protocols for generic and optimistic fair exchange of arbitrary items. These protocols are embedded into the SEMPER Fair Exchange Layer, which is a central part of the SEMPER Framework for Secure Electronic Commerce.Ein Austausch ist fair, wenn eine Partei die angebotenen Güter, wie zum Beispiel digitale Signaturen, Zahlungen oder Daten, nur abgibt, wenn sie die erwarteten Güter im Tausch erhält. Ohne eine als korrekt angenommene dritte Partei, welche eine mit einem Notar vergleichbare Rolle übernimmt, ist fairer Austausch nicht effizient möglich. Ein fairer Austausch heißt optimistisch, falls diese dritte Partei nur in Problemfällen am Protokoll teilnimmt. In Teil I werden beweisbar zeit- und nachrichtenoptimale Protokolle für die Spezialfälle ';elektronische Vertragsunterzeichnung" (fairer Austausch zweier Signaturen; engl. contract signing) und ';elektronisches Einschreiben" (fairer Austausch von Daten gegen eine Quittung; engl. certified mail) von fairem Austausch vorgestellt. Teil II beschreibt einen neuen Integritäts- und Geheimhaltungsbegriff für reaktive Systeme. Dieser basiert auf einer Vergleichsrelation ';so sicher wie", welche die Sicherheit zweier Systeme vergleicht. Ein verteiltes, reaktives System wird dann als sicher bezeichnet, wenn es so sicher wie ein idealisiertes System (engl. trusted host) für diesen Dienst ist. Mit diesem Formalismus geben wir eine alternative Sicherheitsdefinition von ';elektronischem Einschreiben" an, deren Semantik im Gegensatz zu der in Teil I beschriebenen Definition nun unabhängig vom erbrachten Dienst ist. Teil III beschreibt ein Design und optimistische Protokolle für generischen fairen Austausch von zwei beliebigen Gütern und den darauf aufbauenden SEMPER Fair Exchange Layer. Dieser ist ein wesentlicher Baustein des SEMPER Framework for Secure Electronic Commerce

Fair exchange in e-commerce and certified e-mail, new scenarios and protocols

We are witnessing a steady growth in the use of Internet in the electronic commerce field. This rise is promoting the migration from traditional processes and applications (paper based) to an electronic model. But the security of electronic transactions continues to pose an impediment to its implementation. Traditionally, most business transactions were conducted in person. Signing a contract required the meeting of all interested parties, the postman delivered certified mail in hand, and when paying for goods or services both customer and provider were present. When all parties are physically present, a transaction does not require a complex protocol. The participants acknowledge the presence of the other parties as assurance that they will receive their parts, whether a signature on a contract, or a receipt, etc. But with e-commerce growing in importance as sales and business channel, all these transactions have moved to its digital counterpart. Therefore we have digital signature of contracts, certified delivery of messages and electronic payment systems. With electronic transactions, the physical presence is not required,moreover, most of the times it is even impossible. The participants in a transaction can be thousands of kilometers away from each other, and they may not even be human participants, they can be machines. Thus, the security that the transaction will be executed without incident is not assured per se, we need additional security measures. To address this problem, fair exchange protocols were developed. In a fair exchange every party involved has an item that wants to exchange, but none of the participants is willing to give his item away unless he has an assurance he will receive the corresponding item from the other participants. Fair exchange has many applications, like digital signature of contracts, where the items to be exchanged are signatures on contracts, certified delivery of messages, where we exchange a message for evidence of receipt, or a payment process, where we exchange a payment (e-cash, e-check, visa, etc.) for digital goods or a receipt. The objective of this dissertation is the study of the fair exchange problem. In particular, it presents two new scenarios for digital contracting, the Atomic Multi- Two Party (AM2P) and the Agent Mediated Scenario (AMS), and proposes one optimistic contract signing protocol for each one. Moreover, it studies the efficiency of Multi-Party Contract Signing (MPCS) protocols from their architecture point of view, presenting a new lower bound for each architecture, in terms of minimum number of transactions needed. Regarding Certified Electronic Mail (CEM), this dissertation presents two optimistic CEMprotocols designed to be deployed on thecurrent e-mail infrastructure, therefore they assume the participation of multiple Mail Transfer Agents (MTAs). In one case, the protocol assumes untrusted MTAs whereas in the other one it assumes each User Agent (UA) trusts his own MTA. Regarding payment systems, this dissertation presents a secure and efficient electronic bearer bank check scheme allowing the electronic checks to be transferred fairly and anonymously.L’ús d’Internet en l’àmbit del comerç electrònic està experimentant un creixement estable. Aquest increment d’ús està promovent lamigració de processos tradicionals i aplicacions (basades en paper) cap a un model electrònic. Però la seguretat de les transaccions electròniques continua impedint la seva implantació. Tradicionalment, la majoria de les transaccions s’han dut a terme en persona. La firma d’un contracte requeria la presència de tots els firmants, el carter entrega les cartes certificades enmà, i quan es paga per un bé o servei ambdós venedor i comprador hi són presents. Quan totes les parts hi són presents, les transaccions no requereixen un protocol complex. Els participants assumeixen la presència de les altres parts com assegurança que rebran el que esperen d’elles, ja sigui la firma d’un contracte, un rebut d’entrega o un pagament. Però amb el creixement del comerç electrònic com a canal de venda i negoci, totes aquestes transaccions s’hanmogut al seu equivalent en el món electrònic. Així doncs tenim firma electrònica de contractes, enviament certificat de missatges, sistemes de pagament electrònic, etc. En les transaccions electròniques la presència física no és necessària, de fet, la majoria de vegades és fins it tot impossible. Els participants poden estar separats permilers de kilòmetres, i no és necessari que siguin humans, podrien sermàquines. Llavors, la seguretat de que la transacció s’executarà correctament no està assegurada per se, necessitem proporcionar mesures de seguretat addicionals. Per solucionar aquest problema, es van desenvolupar els protocols d’intercanvi equitatiu. En un intercanvi equitatiu totes les parts involucrades tenen un objecte que volen intercanviar, però cap de les parts implicades vol donar el seu objecte si no té la seguretat que rebrà els objectes de les altres parts. L’intercanvi equitatiu té multitud d’aplicacions, com la firma electrònica de contractes, on els elements a intercanviar son firmes de contractes, enviament certificat demissatges, on s’intercanvien unmissatge per una evidència de recepció, o un procés de pagament, on intercanviemun pagament (e-cash, visa, e-xec, etc.) per bens digitals o per un rebut. L’objectiu d’aquesta tesi és estudiar el problema de l’intercanvi equitatiu. En particular, la tesi presenta dos nous escenaris per a la firma electrònica de contractes, l’escenari multi-two party atòmic i l’escenari amb agents intermediaris, i proposa un protocol optimista per a cada un d’ells. A més, presenta un estudi de l’eficiència dels protocols de firma electrònica multi-part (Multi-Party Contract Signing (MPCS) protocols) des del punt de vista de la seva arquitectura, presentant una nova fita per a cada una, en termes de mínim nombre de transaccions necessàries. Pel que fa al correu electrònic certificat, aquesta tesi presenta dos protocols optimistes dissenyats per a ser desplegats damunt l’infraestructura actual de correu electrònic, per tant assumeix la participació demúltiples agents de transferència de correu. Un dels protocols assumeix que cap dels agents de transferència de correu participants és de confiança,mentre que l’altre assumeix que cada usuari confia en el seu propi agent. Pel que fa a sistemes de pagament, la tesi presenta un esquema de xec bancari al portador, eficient i segur, que garanteix que la transferència dels xecs es fa demanera anònima i equitativa

Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols

Fokkink, W.J. [Promotor]Pol, J.C. van de [Promotor

Transaction protocols for self-organizing systems of autonomous entities

Self-organizing systems of autonomous entities have gained wide-spread attention in the research community. The most difficult problem of such systems is that autonomous entities may choose between cooperation and defection in the transactions they participate. In internet based eCommerce, transaction protocols (so-called exchange protocols) are applied for this purpose. Yet, it has been repeatedly conjectured that such protocols are not applicable to self-organizing systems. Distributed reputation systems have been proposed as a means of compensating for such lack of applicability. Still, there is no analysis of the applicability of transaction protocols and their relationship with distributed reputation systems

Balanced byzantine reliable broadcast with near-optimal communication and improved computation

CNS-1718135 - National Science Foundation; CNS-1801564 - National Science Foundation; CNS-1931714 - National Science Foundation; CNS-1915763 - National Science Foundation; HR00112020021 - Department of Defense/DARPA; 000000000000000000000000000000000000000000000000000000037211 - SRI Internationalhttps://eprint.iacr.org/2022/776.pdfFirst author draf