Secure Group Barter: Multi-party Fair Exchange with Semi-Trusted Neutral Parties
FC '98 Proceedings of the Second International Conference on Financial Cryptography
Exclusion-Freeness in Multi-party Exchange Protocols
ISC '02 Proceedings of the 5th International Conference on Information Security
Multi-Party Fair Exchange with an Off-Line Trusted Neutral Party
DEXA '99 Proceedings of the 10th International Workshop on Database & Expert Systems Applications
Strategies against Replay Attacks
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Certified e-Mail Protocol with Verifiable Third Party
EEE '05 Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE'05) on e-Technology, e-Commerce and e-Service
On fairness in exchange protocols
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
A fair multi-party exchange protocol provides equal treatment to all users, in such a way that at the end of the execution of the exchange, all parties have the element that wished to obtain, or none of them has obtained any valid item. In this paper, we analyse a well-known multi-party fair exchange protocol and, in spite of the formal proof of its correctness given in [11], we demonstrate that the protocol has a flaw. The weakness provoked by this flaw made possible a replay attack that breaks the fairness of the exchange. We will see as a group of colluding participants in the exchange can get the item from an honest participant and this participant will get nothing. In addition to that, we propose a new protocol to solve the problem of the potential replay attack which preserves the property of semi-trusted neutral party. The property was introduced in the original protocol so as to improve the user confidence in the trusted third party (TTP). Our solution not only preserves this property but also introduces the property of verifiable TTP. The property guaranties evidences from each TTP operation to the users. The evidences can be used to get compensation and correct any wrong situation caused by an incorrect operation of the TTP; for instance, in case of a passive conspiracy of the TTP.