Public Key Cryptography – PKC 2007
DOI: 10.1007/978-3-540-71677-8_9
|View full text |Cite
|
Sign up to set email alerts
|

Optimistic Fair Exchange in a Multi-user Setting

Abstract: Abstract. This paper addresses the security of optimistic fair exchange in a multi-user setting. While the security of public key encryption and public key signature schemes in a single-user setting guarantees the security in a multi-user setting, we show that the situation is different in the optimistic fair exchange. First, we show how to break, in the multi-user setting, an optimistic fair exchange scheme provably secure in the single-user setting. This example separates the security of optimistic fair exch… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
117
0

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 64 publications
(117 citation statements)
references
References 30 publications
0
117
0
Order By: Relevance
“…[3, 10, 11, 15-22, 28, 29]. In [10], Dodis et al showed a gap between the security of OFE in single-user setting (where there are one signer and one verifier) and that in multi-user setting (where there are multiple signers and verifiers). Using random oracle heuristic, they proposed a OFE secure in the multi-user setting and registered-key model [5].…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…[3, 10, 11, 15-22, 28, 29]. In [10], Dodis et al showed a gap between the security of OFE in single-user setting (where there are one signer and one verifier) and that in multi-user setting (where there are multiple signers and verifiers). Using random oracle heuristic, they proposed a OFE secure in the multi-user setting and registered-key model [5].…”
Section: Related Workmentioning
confidence: 99%
“…The partial signature in traditional OFE [3,10,20] is publicly verifiable, and everyone is able to tell from it the fact that the signer signed the message. In the enhanced variant AOFE [15,16,18,19], although the partial signature is ambiguous, however, anyone is still able to confirm that the given partial signature was generated by either the signer or the verifier.…”
Section: Ambiguity Of σ Ambiguity Of σ Variants Before Resolution Aftmentioning
confidence: 99%
“…On the other hand, contrary to the common belief that concurrent signature is applicable to tendering systems (such as [6,17,18]), level 1 advantage to a malicious initial signer could be unacceptable to some of the suppliers. Hence, in those scenarios, the OFE [2][3][4]7] or Ambiguous OFE [10][11][12] systems are indeed more suitable compared to concurrent signatures.…”
Section: Fairness In Practicementioning
confidence: 99%
“…Brakerski and Segev [19] define MU security of D-PKE in the auxiliary input setting and give a scheme that achieves it for messages that are block sources, but they do not show a separation between the SU and MU settings. Dodis, Lee and Yum [24] give another example of a setting where SU security does not imply MU security, namely optimistic fair exchange.…”
Section: Introductionmentioning
confidence: 99%