Elsevier

Computer Communications

Volume 29, Issue 15, 5 September 2006, Pages 2770-2780
Computer Communications

A new dependable exchange protocol

https://doi.org/10.1016/j.comcom.2005.10.028Get rights and content

Abstract

As electronic transaction becomes common practice in real-world business, its dependability develops into a major concern, especially in critical transactions, e.g., electronic payment and electronic contract signing. Many recent fair-exchange protocols can recover the transaction from network failures; however, few can survive local system failures. In this paper, we propose a new Dependable Exchange Protocol. With proper convertible signature scheme and message logging method, the exchange protocol provides a recovery method for network and local system failures. To the best of our knowledge, this protocol is the first fault-tolerant exchange protocol in the context of offline TTP and asynchronous channels.

Introduction

As electronic transaction becomes common practice in real-world business, its dependability develops into a major concern. When the transaction between organizations is executed on network, they may face the risks of broken fairness in case of local system failures [2], network failures, cheating behavior of either involved organization, etc. Thus, it is very important for them to follow some kind of protocol assuring dependability. Dependability guarantees fairness for involved parties and recoverability from failures. Fairness is a vital requirement for electronic transactions, which means that when the electronic transaction terminates, either both/all parties get their expected items or neither does.

We first set up the application scenario for our transaction protocol: company B (the client, denoted as Bob) is going to purchase some electronic goods from company A (the merchant, denoted as Alice) and they have settled on the goods and the price. Now they need to finish the exchange of Bob’s check with Alice’s goods. Bob’s check, issued by Bob’s bank, is an electronic document composed of his bank-certified account information, and goods information, which can be validated only after signed by his signature. With the signed check, Alice can get her money paid from Bob’s bank. Note that anonymity is not considered in this scenario and interested readers can find detailed discussion in [3]. With this scenario set, we state the assumptions of our protocol explicitly (refer to Section 3).

To realize fairness, a TTP (trusted third party who is assumed to be fully trusted) must be included into the protocol when network or system failures occur [4]. In [5], Asokan et al. introduce the idea of optimistic approach and present fair protocols with offline TTP, in which TTP intervenes only when an error occurs (network error or malicious party’s cheating). Protocols with offline TTP can recover network failures between Alice and Bob. Yet the recovered messages are different from those produced by the sender or the recipient, which make the protocols suffer from weak fairness, as the recovered messages may lose some functionality of the original ones. Transparent TTP is first introduced by Micali [6] to solve this problem. The TTP-recovered messages are exactly the same as the ones from the original sender. In this way, the outcome messages will not indicate whether the TTP has been involved, so the recovery is done in a transparent way. Of course, the transparent recovery may decrease observability of the exchange (for detailed discussion, see Section 5.1.1).

Until now, the best method to realize transparent TTP is to use convertible signatures (CS). It sends a partial committed signature that can be converted into a full signature (that is a normal signature) by both the TTP and the signer. Recently, Park et al. [7] present a very efficient protocol in which the output evidences are standard RSA signatures and the partial signature is non-interactively verifiable. But very soon, Dodis and Reyzin [8] break the scheme by proving that the TTP can obtain the signer’s entire secret key with only her registration information. In the same paper, they propose a new CS scheme (DR signature scheme) to produce an equally efficient but more secure protocol.

Unfortunately, all these protocols do not consider local system failures and assume that local systems of Alice, Bob, and TTP are all reliable. To our knowledge, there are only very few efforts to overcome the local system failures problem. Liu et al. [2] propose the Semantics-based Message Logging (SbML method) to enable recovery of local system failures. The SbML is a logging method which optimizes the number of messages that need to be pessimistically logged (log all messages before sending out). Involved parties can define their critical points (called point-of-no-return) in the protocol run and message will be logged before they enter the defined points. This logging method works in protocols with online TTP [9]. Although they mention offline TTP, fairness after failures can still be potentially broken (as discussed in Section 5.2). As Ezhilchelvan and Shrivastava [10] argue that as the number of protocol messages is small, to minimize the overhead of logging may not worth the effort. In the same paper, Ezhilchelvan and Shrivastava have proposed a whole set of fault-tolerant protocols. They have considered different types of misbehaviors, communication channel, and online/offline TTP. But they have not proposed any protocol that is fault tolerant of local system failures in the context of offline TTP and asynchronous channels.

In this paper, we propose the first dependable exchange protocol, with transparent TTP (as we already know, it is an upgraded version of offline TTP) and asynchronous channels, to be fault tolerant of network and local system failures. We use the DR signature scheme and a proper non-interactive zero-knowledge proof method [11] as the basic cryptographic tools to realize transparent TTP. To enable recovery of network and local system failures, we use pessimistic message logging method and introduce a new inquiry sub-protocol. We prove that the transaction protocol is dependable. Also we argue that the transparent TTP will not affect the observability of our protocol. When implementing the protocols, we incorporate the label and message construction design principles proposed by Gurgens et al. [12]. When using offline TTP, the problem of encrypted item validation arises and we propose two methods considering different application scenarios.

In Section 2, we first lay out all the preliminaries: the dependability definition of electronic exchange, the cryptographic tools including DR signature scheme and the zero-knowledge proof method. Then, we present the exchange protocol in Section 3, with detailed analysis in Section 4. In Section 5, we compare our protocol with former ones and discuss several possible extensions: the observability and encrypted item validation problem with transparent TTP, unreliable network between Alice/Bob and the TTP, and protocol information storing issue for TTP.

Section snippets

Dependability of electronic exchange

When we design an exchange protocol, what is meant to be achieved must be made clear at first. Five requirements for fair exchange have been formulated by Asokan et al. in [13] and further discussed in [14]. Their requirement definitions do not presume new advances in recent years. In [15], Kremer et al. study many former fairness definitions and present a well-knitted definition. Recently, we present a set of new requirements for fair protocols with transparent TTP [16]. Based on that, we

The dependable payment protocol

In this section, we present the dependable protocol described in the payment scenario mentioned in Section 1. This protocol adds two parts to the basic model described in Section 2.3: the register sub-protocol and the inquiry sub-protocol (see Fig. 3). The register sub-protocol is presented because both parties must negotiate with TTP on some common parameters like shared secret keys. The registration protocol between the Alice/Bob and TTP needs to be run only once. And the resulting common

Analysis of the protocol

Following is the analysis with respect to the dependability definition in Section 2.

Claim 1

Assuming the channel between Alice and Bob is unreliable and adopted cryptographic tools are secure, the protocol satisfies the effectiveness requirement.

Proof

When both Alice and Bob are honest, thus they will follow the protocol to send messages. If the probability of successful transmission in the unreliable channel is δ, then the probability of successful execution of one main protocol run will roughly be δ4. Even

Conclusions

In this paper, we produce a dependable transaction protocol with transparent TTP. We have shown that the protocol are practical as it has high recoverability and can survive relatively unreliable (asynchronous) network. Several discussions are as following:

Acknowledgments

The authors thank Tao Wang, Botong Xu for instructive discussions. Furthermore, we thank the anonymous reviewers of WICS’05 and Computer Communications for valuable comments.

Hao Wang, PhD. candidate, School of Computer Science and Engineering, South China University of Technology. Main research interests include fair exchange in electronic transaction, game-based mechanism design in multi-agent systems (http://member.acm.org/~iswanghao for more details).

References (19)

  • S. Kremer et al.

    An intensive survey of fair non-repudiation protocols

    Comput. Commun.

    (2002)
  • H. Wang et al.

    Dependable transaction for electronic commerce

  • P. Liu et al.

    Avoiding loss of fairness owing to process crashes in fair data exchange protocols

  • C.H. Wang

    Untraceable fair network payment protocols with off-line TTP

  • H. Pagnia, F.C. Gartner, On the impossibility of fair exchange without a trusted third party, Tech. Rep. TUD-BS-1999-02...
  • N. Asokan, M. Schunter, M. Waidner, Optimistic protocols for fair exchange, in: Proceedings of the Fourth ACM...
  • S. Micali, Certified e-mail with invisible post offices (Available from author), an invited presentation at the RSA’97...
  • J.M. Park et al.

    Constructing fair-exchange protocols for E-commerce via distributed computation of RSA signatures

  • Y. Dodis et al.

    Breaking and repairing optimistic fair exchange from PODC 2003

There are more references available in the full text version of this article.

Cited by (16)

  • Blockchain-based data privacy management with Nudge theory in open banking

    2020, Future Generation Computer Systems
    Citation Excerpt :

    Because the shared core financial data are connected with the interests of different stakeholders, open banking faces many challenges and difficulties. Privacy concerns prevent the owners of data from sharing and exchanging data outside their institutions for fear of fraud and abuse [2,3]. In addition, the issue of personal data ownership and privacy has significant impact on open banking, especially regulations such as General Data Protection Regulation (GDPR) by European Union (EU) have come into force in May 2018 [4].

  • LoC — A new financial loan management system based on smart contracts

    2019, Future Generation Computer Systems
    Citation Excerpt :

    The ledger holds a complete, and all-agreed transaction record. It has led to an increasing interest in the technical community for using the underlying decentralized ledger of transactions to solve other interesting problems, such as the fairness in information exchange [7,8]. A number of large industrial companies, such as IBM, Microsoft, Intel and Tencent are currently investing in exploiting blockchain technology in order to enrich their product portfolios.

  • A secured transaction based on blockchain architecture in mobile banking platform

    2022, International Journal of Internet Technology and Secured Transactions
View all citing articles on Scopus

Hao Wang, PhD. candidate, School of Computer Science and Engineering, South China University of Technology. Main research interests include fair exchange in electronic transaction, game-based mechanism design in multi-agent systems (http://member.acm.org/~iswanghao for more details).

Heqing Guo, Professor, School of Computer Science and Engineering, South China University of Technology. Main research interests include network-based systems, electronic commerce.

Manshan Lin, PhD. candidate, Professor, College of Information Engineering, Shenzhen University, Shenzhen 518060, China. Main research interests include web services and communications.

Jianfei Yin, PhD. candidate, Professor, School of Computer Science and Engineering, South China University of Technology. Main research interests include model-driven system development.

Qi He, PhD. student, School of Computer Engineering, Nanyang Technological University. Main research interests include web-based systems.

Jun Zhang, Assistant professor, School of Computer Engineering, Nanyang Technological University. Main research interests include indexing techniques and query optimization in spatial and spatio-temporal databases and warehouses (http://www.ntu.edu.sg/home/jzhang/ for more details).

A preliminary version of this paper was published at WICS’05 [1].

View full text