Collusion-resistance in optimistic fair exchange

Abstract

Optimistic fair exchange (OFE) is a type of cryptographic protocols aimed at solving the fair exchange problem over open networks with the help of a third party to settle disputes between exchanging parties. It is well known that a third party is necessary in the realization of a fair exchange protocol. However, a fully trusted third party may not be available over open networks. In this paper, the security of most of the proposed OFE protocols depends on the assumption that the third party is semitrusted in the sense that it may misbehave on its own but does not conspire with either of the main parties. The existing security models of OFE have not taken into account the case where the potentially dishonest third party may collude with a signer in the sense of sharing its secret key with the signer. In this paper, to reduce the trust level of the arbitrator and increase the security of OFE, we propose an enhanced security model that, for the first time, captures this scenario. We also show a separation between the existing model and our enhanced model with a concrete counter example. Finally, we revisit two popular approaches in the construction of OFE protocols, which are based on verifiably encrypted signature and conventional signature plus ring signature, respectively. Our result shows that the conventional signature plus ring signature approach approach remains valid in our enhanced model. However, for schemes based on verifiably encrypted signature, slight modifications are needed to guarantee the security. © 2005-2012 IEEE.