公平交易协议与协议公平性研究
|
摘要
电子商务是一项很重要的经济活动,其中公平高效的进行交易是它的基本要求,而公平交易协议则是实现这一要求的基本保障。公平交易协议是研究如何在两个互不信任的网络实体之间公平、有效的交易电子数据的一种安全协议,它要确保交易的过程中应使任何一方在任何时候都不占有任何优势,交易的最终结果是要么双方都得到对方的物品,要么双方都没有得到对方的物品。如何设计出更加公平、高效的公平交易协议,则是公平交易研究最主要的内容。
本文以公平交易中应用最广泛的两方交易为主要研究内容,在系统了解当前公平交易主要研究进展的基础上,对无需可信第三方(TTP)的公平交易协议与带有TTP的公平交易协议都做了较为深入的研究,分别提出了两个较为实用的公平交易协议。并在此基础上,从如何更好的约束当事人交易行为、如何更能体现出交易公平性的角度考虑,首先提出一个满足行为可追究性的通用协议框架,为后面奖惩机制中明确当事人行为责任提供了基础。接着提出了激励公平性的概念,并基于此设计了一个具有奖惩激励功能的公平交易协议。本文的主要研究成果及创新点总结如下:
(1)基于完美的并发签名,提出了一个无需TTP的公平交易协议。在双方起初交换两个模糊签名及相关交易数据的时候,任何人都无法辨认是谁签了哪一个签名,直到发起方公布一个秘密信息,两个签名才同时绑定到各自的签署方,之后另一方发送解密商品的密钥,从而让双方都能公平的得到对方的物品。而且本协议无需可信第三方(TTP)的参与即可让交易双方公平的交易数据条目,避免了两方勾结的可能性以及可信第三方参与协议的瓶颈。
(2)基于构造的已承诺签名,提出了一个具有惩罚功能的乐观公平交易协议。首先基于Fischlin签名构造了一个可验证承诺的签名方案,并在标准复杂模型中证明了该方案的安全性,然后基于该签名方案设计了一个具有惩罚功能的乐观公平交易协议,在保证交易公平的同时,对双方有出错的行为进行惩罚。由于惩罚思想的引入,交易双方的行为得到了更好的约束,协议变得更加公平、简洁和有效,并且协议很好的保证了交易的时效性、不可滥用性等其他重要性质。
(3)提出了一种满足行为可追究性的通用协议框架。该框架利用了安全模块防篡改的特性,通过对协议执行中的每个状态赋值,然后每次状态转移都对状态值以及协议中接收的或要发送的内容进行Hash迭代运算,记录下了协议运行过程中的每一步操作,最终保留结束状态的Hash值作为验证当事人行为的证据。该框架实现了协议每一步行为的可追究性,这对当事人是否执行了某一操作,是否该为某一争议的结果负责,是一种强有力的判断工具。该通用框架只有Hash运算,运算量并不高,保证了任何一个协议使用它都不会受太大的影响。
(4)提出了一种基于信任积分奖惩激励机制的公平交易协议。该协议首次把奖惩激励机制引入公平交易协议,基于改进的Beth信任模型进行设计,通过对成功的交易给与双方奖励,而对失败的交易,一视不同的情况,给与主动退出方一定程度的惩罚,鼓励协议参与方积极的完成每次交易。该协议不仅保证了通常意义上的公平性,而且也达到了这种奖惩意义上的公平性。同时该协议是基于安全模块设计的,利用了交叉验证理论,不仅可以交易数字签名,也可以交易其他的数字条目,是一个通用性的公平交易协议。
Electronic commerce has played an important role in global economic activity. The basic requirement for electronic commerce is to guarantee the fairness and efficiency in exchange.The basic guarantee meeting the requirement is fair exchange protocol,which is a security protocol how to exchange electronic data between two potentially distrusted parties in an efficient and fair manner. Fair exchange protocol will ensure that any party can't take any advantage in any stage of the whole exchange course,and the last result of the exchange is either both parties getting the opposing parties'data items, or neither party getting the opposing parties'ones.How to design fairer and higher efficient exchange protocol is the most primary content of fair exchange research.
This dissertation mainly focuses attention on two parties fair exchange protocol which is applied extensively. On the basis of international current fair exchange research works, this dissertation investigates fair exchange protocol with and without trusted third party (TTP) in depth and presents two practical fair exchange protocols respectively. Moreover, in order to better bound parties'behavior and make exchange fairer, a generic protocol framework is presented which meets the accountability of parties'behavior, and provides the foundation for deciding who should be responsible for error data in the bonus-malus mechanism behind.And then, the conception of incentive fairness is presented and a fair exchange protocol with bonus-malus incentive function is proposed based on the conception.The main contributions in this dissertation are summarized as follows:
(1)Based on perfect concurrent signature, a fair exchange protocol is presented without TTP.In this protocol anyone can't identify who has signed which signature when two parties have exchanged their two ambiguous signatures and relative data items.Not until the initial signer publishes a secret information,are the two signatures bound to respective signer concurrently. After that, the other party sends the key of decrypting goods,and thus the two parties can fairly get each other's data items without the trusted third party (TTP),which avoids the possibility of two parties'collusion and the bottleneck of the TTP involvement.
(2)Based on verifiable committed signature, an optimistic fair exchange protocol with punishment function is proposed.Firstly, a verifiable committed signature is constructed based on Fischlin's signature scheme, and is proved of its security in the standard complexity model,and then this protocol is designed.It will punish the misbehavior of either party in order to ensure the fairness of the exchange.Because of the introduction of punishment idea, both parties'behavior is confined better, which makes the protocol fairer, simpler and more efficient.And this protocol also ensures other important properties of fair exchange, such as timeliness, abuse-free etc.
(3)A generic protocol framework meeting the accountability of parties'behavior is proposed.This framework makes use of the tamper-proof property of security module, records each operation by assigning each state during the protocol running and taking hash overlapping operate for state value and received message or message to be sent when each state shifting.In the end, the hash value overlapping the end state is stored as the proof of parties' behavior. This framework realizes the accountability of each step behavior and is a powerful tool for determining a party whether to execute a certain operation and whether to be responsible for a certain dispute.It has only hash operation, so the computation is low, which makes sure that any security protocol will not be much affected if using it.
(4)A fair exchange protocol based on bonus-malus mechanism of the trust score is proposed. Bonus-malus mechanism is introduced to fair exchange protocol for the first time.This protocol is designed based on the improved Beth trust model,and encourages parties to complete each exchange actively through giving two parties bonus for the success of the exchange and giving the initiative withdrawing or cheating party a certain degree of penalty depending on his misbehavior. It not only guarantees fairness in the normal sense, but also achieves fairness in the sense of bonus-malus mechanism. In addition, this protocol is designed based on security module with the theory of cross validation, and it is a generic fair exchange protocol supporting the exchange of both signature and other digital items.
本文以公平交易中应用最广泛的两方交易为主要研究内容,在系统了解当前公平交易主要研究进展的基础上,对无需可信第三方(TTP)的公平交易协议与带有TTP的公平交易协议都做了较为深入的研究,分别提出了两个较为实用的公平交易协议。并在此基础上,从如何更好的约束当事人交易行为、如何更能体现出交易公平性的角度考虑,首先提出一个满足行为可追究性的通用协议框架,为后面奖惩机制中明确当事人行为责任提供了基础。接着提出了激励公平性的概念,并基于此设计了一个具有奖惩激励功能的公平交易协议。本文的主要研究成果及创新点总结如下:
(1)基于完美的并发签名,提出了一个无需TTP的公平交易协议。在双方起初交换两个模糊签名及相关交易数据的时候,任何人都无法辨认是谁签了哪一个签名,直到发起方公布一个秘密信息,两个签名才同时绑定到各自的签署方,之后另一方发送解密商品的密钥,从而让双方都能公平的得到对方的物品。而且本协议无需可信第三方(TTP)的参与即可让交易双方公平的交易数据条目,避免了两方勾结的可能性以及可信第三方参与协议的瓶颈。
(2)基于构造的已承诺签名,提出了一个具有惩罚功能的乐观公平交易协议。首先基于Fischlin签名构造了一个可验证承诺的签名方案,并在标准复杂模型中证明了该方案的安全性,然后基于该签名方案设计了一个具有惩罚功能的乐观公平交易协议,在保证交易公平的同时,对双方有出错的行为进行惩罚。由于惩罚思想的引入,交易双方的行为得到了更好的约束,协议变得更加公平、简洁和有效,并且协议很好的保证了交易的时效性、不可滥用性等其他重要性质。
(3)提出了一种满足行为可追究性的通用协议框架。该框架利用了安全模块防篡改的特性,通过对协议执行中的每个状态赋值,然后每次状态转移都对状态值以及协议中接收的或要发送的内容进行Hash迭代运算,记录下了协议运行过程中的每一步操作,最终保留结束状态的Hash值作为验证当事人行为的证据。该框架实现了协议每一步行为的可追究性,这对当事人是否执行了某一操作,是否该为某一争议的结果负责,是一种强有力的判断工具。该通用框架只有Hash运算,运算量并不高,保证了任何一个协议使用它都不会受太大的影响。
(4)提出了一种基于信任积分奖惩激励机制的公平交易协议。该协议首次把奖惩激励机制引入公平交易协议,基于改进的Beth信任模型进行设计,通过对成功的交易给与双方奖励,而对失败的交易,一视不同的情况,给与主动退出方一定程度的惩罚,鼓励协议参与方积极的完成每次交易。该协议不仅保证了通常意义上的公平性,而且也达到了这种奖惩意义上的公平性。同时该协议是基于安全模块设计的,利用了交叉验证理论,不仅可以交易数字签名,也可以交易其他的数字条目,是一个通用性的公平交易协议。
Electronic commerce has played an important role in global economic activity. The basic requirement for electronic commerce is to guarantee the fairness and efficiency in exchange.The basic guarantee meeting the requirement is fair exchange protocol,which is a security protocol how to exchange electronic data between two potentially distrusted parties in an efficient and fair manner. Fair exchange protocol will ensure that any party can't take any advantage in any stage of the whole exchange course,and the last result of the exchange is either both parties getting the opposing parties'data items, or neither party getting the opposing parties'ones.How to design fairer and higher efficient exchange protocol is the most primary content of fair exchange research.
This dissertation mainly focuses attention on two parties fair exchange protocol which is applied extensively. On the basis of international current fair exchange research works, this dissertation investigates fair exchange protocol with and without trusted third party (TTP) in depth and presents two practical fair exchange protocols respectively. Moreover, in order to better bound parties'behavior and make exchange fairer, a generic protocol framework is presented which meets the accountability of parties'behavior, and provides the foundation for deciding who should be responsible for error data in the bonus-malus mechanism behind.And then, the conception of incentive fairness is presented and a fair exchange protocol with bonus-malus incentive function is proposed based on the conception.The main contributions in this dissertation are summarized as follows:
(1)Based on perfect concurrent signature, a fair exchange protocol is presented without TTP.In this protocol anyone can't identify who has signed which signature when two parties have exchanged their two ambiguous signatures and relative data items.Not until the initial signer publishes a secret information,are the two signatures bound to respective signer concurrently. After that, the other party sends the key of decrypting goods,and thus the two parties can fairly get each other's data items without the trusted third party (TTP),which avoids the possibility of two parties'collusion and the bottleneck of the TTP involvement.
(2)Based on verifiable committed signature, an optimistic fair exchange protocol with punishment function is proposed.Firstly, a verifiable committed signature is constructed based on Fischlin's signature scheme, and is proved of its security in the standard complexity model,and then this protocol is designed.It will punish the misbehavior of either party in order to ensure the fairness of the exchange.Because of the introduction of punishment idea, both parties'behavior is confined better, which makes the protocol fairer, simpler and more efficient.And this protocol also ensures other important properties of fair exchange, such as timeliness, abuse-free etc.
(3)A generic protocol framework meeting the accountability of parties'behavior is proposed.This framework makes use of the tamper-proof property of security module, records each operation by assigning each state during the protocol running and taking hash overlapping operate for state value and received message or message to be sent when each state shifting.In the end, the hash value overlapping the end state is stored as the proof of parties' behavior. This framework realizes the accountability of each step behavior and is a powerful tool for determining a party whether to execute a certain operation and whether to be responsible for a certain dispute.It has only hash operation, so the computation is low, which makes sure that any security protocol will not be much affected if using it.
(4)A fair exchange protocol based on bonus-malus mechanism of the trust score is proposed. Bonus-malus mechanism is introduced to fair exchange protocol for the first time.This protocol is designed based on the improved Beth trust model,and encourages parties to complete each exchange actively through giving two parties bonus for the success of the exchange and giving the initiative withdrawing or cheating party a certain degree of penalty depending on his misbehavior. It not only guarantees fairness in the normal sense, but also achieves fairness in the sense of bonus-malus mechanism. In addition, this protocol is designed based on security module with the theory of cross validation, and it is a generic fair exchange protocol supporting the exchange of both signature and other digital items.
引文
[1]中国互联网络信息中心,中国互联网络发展状况统计报告,2008.
[2]卿斯汉,“电子商务协议中的可信第三方角色,”软件学报,14(11),2003,pp.1936-1943.
[3]卿斯汉,“安全协议20年研究进展,”软件学报,14(10),2003,pp.1740-1752.
[4]卿斯汉编著,安全协议,北京:清华大学出版社,2005.
[5]N. Asokan, Matthias Schunter, and Michael Waidner, "Optimistic protocols for fair exchange,"in Proc. ACM Conference on CCS, Zurich, Apr.1997. pp.8-17.
[6]N.Asokan,V.shoup,and M.Waidner, "Asynchronous protocols for optimistic fair exchange,"in Proc. IEEE Symposium on Research in Security and Privacy, Oakland,May1998, pp.86-99.
[7]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature,"IEEE J.Select. Areas Commun.,18(4),2000, pp.593-610.
[8]N. Asokan, Fairness in electronic commerce, Waterloo, Ontario, Canada: University of Waterloo,1998.
[1]A. J.Menezes, P. C. van Oorschot, and S.A. Vantstone, Handbook of Applied Cryptographic, CRC Press,1996.
[2]王育民,刘建伟,通信网的安全—理论与技术,西安:西安电子科技大学出版社,1999.
[3]D.R.Stinson著,冯登国译,密码学原理与实践(第二版),北京,电子工业出版社,2003.
[4]W. Mao, Modern cryptography:theory & practice, Prentice Hall,2003.
[5]X. Y.Wang,"Collisions for some Hash functions MD4, MD5, HAVAL-128, RIP EMD," in Proc. Crypto,2004.
[6]X.Y. Wang, H. B. Yu, and Y.L. Yin, "Efficient collision search attacks on SHA-0," in Proc. Cryptology-Crypto, LNCS 3621,2005,pp.1-16.
[7]X. Y. Wang, Y.L. Yin, and H. B. Yu, "Finding collisions in the Full SHA-1,"in Proc. Cryptology-Crypto, LNCS 3621,2005, pp.17-36.
[8]X. Y. Wang, X. J.Lai, D. G.Feng etc, "Cryptanalysis for Hash functions MD4 and RIP EMD,"in Proc. Cryptology-Crypto, LNCS 3494,2005, pp.1-18.
[9]X.Y.Wang and H.B.Yu, "How to break MD5 and other Hash functions," in Proc. Cryptology-Crypto, LNCS 3494,2005.pp.19-35,
[10]Michael Ben-Or,Oded Golderich,Silvio Micali,and Ronald L. Rivest,"A fair protocol for signing contracts," IEEE Transaction on Information Theory,36(1), Jan.1990, pp.40-46.
[11]Shimon Even,Oded Golderich,and Abarham Lempel, "A randomized protocol for signing contracts," Communications of the ACM,28(6), Jun.1985,pp.637-647.
[12]Matthew K. Franklin and Michael K. Reiter, "Fair exchange with a Semi-trusted third party,"in Proc. the 4th ACM Conference on CCS, April 1997, pp.1-5.
[13]Birgit Pfiztmann,Matthias Schunter,and Michael Waidner, "Optimal efficiency of optimistic contract signing," in Proc. the 17th Annual ACM Symposium on Principles of Distributed Computing, New York, May1998, pp.113-122.
[14]Holger Vogt,Henning Pagnia,and Felix C. Gartner,"Modular fair exchange protocols for electronic commerce,"in Proc. the 15th Annual Computer security Applications Conference,Phoenix,Dec.1999, pp.3-11.
[15]Jianying Zhou and Dieter Gollmann, "Evidence and non-repudiation," Journal of Network and Computer Applications,20,1997, pp.267-281.
[16]N. Asokan,Matthias Schunter,and Michael Waidner,"Optimistic protocols for fair exchange," in Proc. the 4th ACM Conference on Computer and Communications Security, Zurich, Apr.1997, pp.8-17.
[17]N.Asokan,V.shoup,and M.Waidner, "Asynchronous protocols for optimistic fair exchange," in Proc. IEEE Symposium on Research in Security and Privacy, Oakland, May1998,pp.86-99.
[18]Felix C. Gartner,Henning Pagnia,and Holger Vogt, "Approaching a formal definition of fairness in electronic commerce,"in Proc. WELCOM, Lausanne, Oct.1999, pp.354-359.
[19]Giuseppe Ateniese, "Efficient verifiable encryption (and fair exchange) of digital Signatuers,"in Proc. the 6th ACM Conference on Computer and Communications Security, Singapore, Nov.1999, pp.138-146.
[20]V'eronique Cortier,Jonathan K. Millen,and Harald Ruess, "Proving secrecy is easy enough,"in Proc. the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Jun.2001.
[21]Jianying Zhou,Robert H. Deng,and Feng Bao,"Some remarks on a fair exchange protocol,"in Proc. International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1751,Springer-Verlag, Jan.2000, pp.46-57.
[22]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature," IEEE J. on Selected Areas in Communication,18(4),2000, pp.593-610.
[23]N. Asokan, Fairness in Electronic Commerce, Waterloo, Ontario, Canada: University of Waterloo,1998.
[24]H. Pagnia, H. Vogt, and F.C. Gartner, "Fair exchange," The Computer Journal, 46(1),2003, pp.55-75.
[25]张玲,电子代币支付协议的分析与设计,长沙:国防科学技术大学,2006.
[26]邢育红,公平交换协议分析方法研究,济南:山东大学,2005.
[27]沈炜,用于公平交换的若干协议和规范的研究与应用,杭州:浙江大学,2003.
[28]卿斯汉编著,安全协议,北京:清华大学出版社,2005
[29]L. Chen, C. Kudla, and K. G.Paterson, "Concurrent signatures," in Proc. Eurocrypt2004, LNCS 3027, Spriger-Verlag,2004, pp.287-305.
[30]王贵林,门限签名方案和认证协议的设计和分析,北京:中国科学院软件研究所信息安全技术工程研究中心,2000.
[31]王芷玲,张玉清,杨波,“公平交换协议设计原则,”中国科学院研究生院学报,23(4),Jul.2006,pp.555-560.
[32]Pagnia H,Gartner C,"On the impossibility of fair exchange without a trusted third party," Technical Report TUD-BS-1999-02, Darmstadt University of Technology,1999.
[33]Kremer S, Markowitch O, Zhou J, "An intensive survey of non-repudiation protocols,"Computer Communications,25 (17),2002, pp.1606-1621.
[34]Shao Min-Hua, Wang Guilin and Zhou Jianying, "Some common attacks against certified email protocols and the countermeasures,"Computer Communications, 29(15), Sep.2006, pp.2759-2769.
[35]周永彬,张振峰,卿斯汉等,“基于RSA签名的优化公平交换协议,”软件学报,15(7),2004,pp.1049-1055.
[36]Bao F, Deng RH, Mao W, "Efficient and practical faire exchange protocols with off-line TTP," in Proc. the 1998 IEEE Symp. on Security and Privacy,1998, pp. 77-85.
[37]Zhou J, Gollmann D, "A fair non-repudiation protocol,"in Proc. the 1996 IEEE Symp.on Security and Privacy,1996, pp.55-61.
[38]Franklin MK, Reiter MK, "Fair exchange with a semi-trusted third party," in Proc. the 4th ACM Conf.on Computer and Communications Security,1997, pp.1-5.
[39]Damgard I B, "Practical and provably secure release of a secret and exchange of signatures,"Journal of Cryptology,8(4),1995,pp.201-222.
[40]Deng R and Gong L and Lazar A.,"Practical protocol for certified electronic mail," Journal of Network and Systems Management,1996,4(3), pp.279-297.
[41]Zhou J and Gollmann D, "A fair non-repudiation protocol," in Proc. the IEEE Symposium on Security and Privacy,1996, pp.55-61.
[42]J.L. Ferrer-Gomila, M. Payeras-Capella, and L. Huguet-Rotger, "Efficient optimistic n-party contract signing protocol,"in Proc. Information Security Conference, LNCS 2200,2001,pp.394-407.
[43]Bao F, Wang G and Zhou J, "Analysis and improvement of Micali's fair contract signing protocol,"in Proc. Information Security and Privacy ACISP 2004, LNCS3108,2004, pp.176-187.
[44]Even,S.,O. Goldreich, and A. Lempel, "A randomized protocol for signing contracts," Communications of the ACM,28(6),1985,pp.279-297.
[45]Okamoto, T. and K. Ohta, "How to simultaneously exchange secrets by general assumptions," in Proc. the 2nd ACM Conference on Computer and Communications Security,1994, pp.184-192.
[46]T. Tedrick, "How to exchange half a bit,"in Proc. Crypto83,1983,pp.147-151.
[47]T. Tedrick, "Fair exchange of Secrets,"in Proc. Crypto84. LNCS 196,1985, pp.434-438.
[48]Brickell E, Chaum D,Damgard I,and Graaf J,"Gradual and verifiable release of a secret,"in Proc. Crypto87. Berlin,1988.
[49]O.Markowitch and Y. Roggeman, "Probabilistic non-repudiation without trusted third party,"in Proc. the 2nd Workshop on Security in Communication Networks, 1999.
[50]R.Rivest,A.Shamir and Y. Tauman, "How to leak a secret," in Proc. ASIACRYPT2001,LNCS2248,2001,pp.552-565.
[51]M.Abe,M.Ohkubo,and K. Suzuki,"1-out-of-n signatures from a variety of keys,"in Proc. ASIACRYPT 2002,LNCS2501,2002,pp.415-432.
[52]W. Susilo, Y. Mu,F. Zhang, "Perfect concurrent signature schemes," in Proc. ICICS 2004, LNCS 3269,2004, pp.14-26.
[53]Guilin Wang, Feng Bao, Jianying Zhou, "The fairness of perfect concurrent signatures," in Proc. ICICS 2006, pp.435-451.
[54]Benjamin Cox,Doug Tygar,and Marvin Sirbu, "NetBill security and transaction protocol,"in Proc. the First UNIX Workshop of Electronic Commerce, Jul.1995, Pages77-88.
[55]Robert H. Deng,Li Gong,Aurel A. Lazar,and Weiguo Wang, "Practical protocols for certified electronic mail,"Journal of Network and System Management,4(3),1996, pp.279-297.
[56]Ning Zhang and Qi Shi, "Achieving non-repudiation of receipt," The Computer Journal,39(10),1996, pp.844-853.
[57]Silvio Micali, "Certified E-mail with invisible post offices," an invited presentation at the RSA 1997 conference,1997.
[58]Jianying Zhou and Dieter Gollmann, "An efficient non-repudiation protocol," in Proc. the 10th IEEE Computer Security Foundations Workshop, Jun.1997, pp.126-132.
[59]Jianying Zhou,Robert H. Deng,and Feng Bao, "Evolution of fair non-repudiation with TTP," in Proc. ACISP, LNCS 1587,1999, pp.258-269.
[60]Steve Kremer and Olivier Markowitch,"Optimistic non-repudiable information exchange,"in Proc. the 21st Symp. On Information Theory, May2000, pp.139-146.
[61]Indrakshi Ray, Indrajit Ray, "An optimistic fair exchange e-commerce protocol with automated dispute resolution,"in Proc. the First International Conference on Electronic Commerce and Web Technologies, Greenwich, LNCS 1815,Sep. 2000.
[62]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39(3), May 2005,pp.267-292.
[63]J. M. Park, E. Chong, H. Siegel, and I. Ray,"Constructing fair exchange protocols for E-commerce via distributed computation of RSA signatures," in Proc. the 22nd Annual ACM Symposium on Principles of Distributed Computing, Jul.2003,pp.172-181.
[64]Y.Dodis, L. Reyzin, "Breaking and repairing optimistic fair exchange from PODC 2003,"in Proc. the ACM Workshop on Digital Rights Management,2003, pp.47-54.
[65]Huafei Zhu. Constructing optimistic fair exchange protocols from committed signatures, http://eprint.iacr.org
[66]O. Markowitch and S.Kremer, "An optimistic non-repudiation protocol with transparent trusted third party," in Proc. Information Security Conference (ISC'01),LNCS 2200,2001,pp.363-378.
[67]Guilin Wang, Generic fair non-repudiation protocols with transparent off-line TTP, IOS Press,2003.
[68]Guilin Wang, "An abuse-free fair contract signing protocol based on the RSA signature," in Proc. WWW2005,Chiba, May 2005.
[69]Gildas Avoine, Felix Gartner, Rachid Guerraoui, etc, "Reducing fair exchange to atomic commit," Technical Report IC/2004/11,Swiss Federal Institute of Technology (EPFL), Feb.2004.
[70]G. Avoine, F. Gartner, R. Guerraoui and M. Vuolic, "Gracefully degrading fair exchange with security modules,"in Proc. the 5th European Dependable Computing Conference, LNCS 3463,2005,pp.55-71.
[71]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols," IEEE Transactions on Dependable and Secure Computing,2(4),pp.2005,273-286.
[72]Nicolas Gonzalez-Deleito, Olivier Markowitch. An Optimistic Multi-party Fair Exchange Protocol with Reduced Trust Requirements. www.ulb.ac.be/di/scsi/markowitch/publications/icisc01.pdf
[73]Levente Buttyan, Jean-Pierre Hubaux.Toward a Formal Model of Fair Exchange-a Game Theoretic Approach. An updated version of EPFL SSC Technical Report No.SSC/1999/039.Swiss Federal Institute of Technology, Switzerland,4 May 2000.
[74]Levente Buttyan, Jean-Pierre Hubaux and Srdjan Capkun. A Formal Analysis of Syverson's Rational Exchange Protocol.Proceedings of the 15th IEEE Computer Security Foundations Workshop, June 2002. http://www.terminodes.org
[75]卿斯汉,李改成.公平交易协议的一个形式化模型.中国科学(E辑),2005,35(2):161-172.
[76]卿斯汉,李改成.多方公平交易协议的形式化分析和设计.中国科学(E辑),2006,36(6):598-616.
[1]Asokan N. Fairness in electronic commerce.Waterloo, Ontario, Canada: University of Waterloo,1998.
[2]F. Bao, R. H. Deng and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP,"in Proc. IEEE Symposium on Security and Privacy, Oakland, May 1998, pp.77-85,.
[3]Indrakshi Ray, Indrajit Ray, "An optimistic fair exchange e-commerce protocol with automated dispute resolution," in Proc. the First International Conference on Electronic Commerce and Web Technologies, Greenwich, LNCS 1815,Sep. 2000.
[4]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39,2005, pp.267-292.
[5]Guilin Wang, "An abuse-free fair contract signing protocol based on the RSA signature,"in Proc. WWW2005, Chiba, May 2005.
[6]L. Chen, C. Kudla, and K. G. Paterson,"Concurrent signatures,"in Proc. Eurocrypt'04, LNCS 3027,2004, pp.287-305.
[7]Jakobsson M.,Sako K.,and Impagliazzo R, "Designated verifier proofs and their applications,"in Proc. Cryptology-EUROCRYPT 1996, LNCS 1070,1996, pp.143-154.
[8]C.P. Schnorr, "Efficient identification and signatures for smart cards," in Proc. Cryptology-CRYPTO 1989, LNCS 435,1990, pp.239-252.
[9]W. Susilo, Y. Mu, F. Zhang, "Perfect concurrent signature schemes," in Proc. ICICS 2004, LNCS 3269,2004, pp.14-26.
[10]Guilin Wang, Feng Bao, Jianying Zhou, "The Fairness of perfect concurrent signatures,"in Proc. ICICS,2006, pp.435-451.
[11]Zhenfeng Zhang, Dengguo Feng, "Generic fair exchange without TTP," in Proc. the 3rd Security Protocol Symposium of SKLOIS,Beijing, Sep.2007, pp.1-18.
[12]J. Camenisch, "Efficient and generalized group signatures," in Proc. Cryptology-EUROCRYPT 1997, LNCS1233,1998, pp.465-479.
[13]Huaping Li, Weidong Kou, Xiaozhen Du, "Fair e-commerce protocols without a third party," in Proc. the 11th IEEE Symposium on Computers and Communications, Jun.2006, pp.324-327.
[14]Zhenjie Huang, Rufen Huang, Xuanzhi Lin, "Perfect concurrent signature protocol," in Proc. the 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, Jul.2007, pp.467-472.
[1]N. Asokan, V. Shoup, and M. Waidner,"Optimistic fair exchange of digital signature," in Proc. Cryptology-EUROCRYPT'98, LNCS 1403,1998, pp. 591-606.
[2]N. Asokan, V. Shoup, M. Waidner,"Optimistic fair exchange of digital signature," IEEE J.on Selected Areas in Communication,18(4),2000, pp. 593-610.
[3]N. Asokan. Fairness in electronic commerce. Waterloo, Ontario, Canada: University of Waterloo,1998.
[4]D. Boneh, C. Gentry, B. Lynn, H. Shacham, "Aggregate and verifiably encrypted signatures from bilinear maps," in Proc. Cryptolcgy-EUROCRYPT 2003, Warsaw, May 2003, LNCS2656, pp.416-432.
[5]G Ateniese, "Efficient verifiable encryption (and fair exchange) of digital signatures," in Proc. the Sixth ACM Conference on Computer and Communication Security Nov.1999, pp.138-146.
[6]F. Bao, R. Deng, and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP," in Proc. the IEEE Symposium on Security and Privacy,1998, pp.77-85.
[7]Y.T. Kalai, R. Raz,"Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP," in Proc. the 47th Annual IEEE Symposium on Foundations of Computer Science,Berkeley,2006,355-366.
[8]Guilin Wang, Generic fair non-repudiation protocols with transparent off-line TTP, IOS Press,2003.
[9]L. Chen, "Efficient fair exchange with verifiable confirmation of signatures,"in Proc. Cryptology-Asiacrypt 1998, LNCS1514,1998, pp.286-299.
[10]S.Micali, "Simple and fast optimistic protocols for fair electronic exchange,"in Proc. ACM Symposium on Principles of Distributed Computing,2003,pp.12-19.
[11]G. Ateniese, "Verifiable encryption of digital signatures and applications,"ACM transactions on Information and System Security,7(1),2004, pp.1-20.
[12]J.Camenisch and I. B.Damgard, "Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes,"in Proc. Cryptology-ASIACRYPT 2000, LNCS 1976, Kyoto, Dec.2000, pp.331-345.
[13]Y. Dodis, L. Reyzin,"Breaking and repairing optimistic fair exchange from PODC 2003," in Proc. ACM Workshop on Digital Rights Management, Washington, Oct.2003, pp.47-54.
[14]J.M. Park, E. Chong, H. Siegel, and I. Ray,"Constructing fair-exchange protocols for e-commerce via distributed computation of RSA signatures," in Proc. PODC 2003, pp.172-181.
[15]A. Boldyreva, "Efficient threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme," in Proc. PKC 2003, LNCS 2567,2003,pp.31-46.
[16]D. Boneh, B. Lynn, and H. Shacham, "Short signatures from the weil pairing," in Proc. Cryptology-ASIACRYPT 2001,LNCS 2248, Gold Coast, Dec.2001, pp.514-532.
[17]J.-S.Coron and D. Naccache. Boneh et al,"'s k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption," in Proc. Cryptology-ASIACRYPT-2003, Taipei, Nov.2003.
[18]M. Payeras-Capella, J.L. Ferrer-Gomila, L. Huguet-Rotger, "Achieving fairness and timeliness in a previous electronic contract signing protocol,"in Proc. the First International Conference on Availability, Reliability and Security, Vienna, Apr.2006.
[19]H. Zhu, F. Bao,"Stand-alone and setup-free verifiably committed signatures," in Proc. CTRSA2006, LNCS 3860,2006, pp.159-173.
[20]I. Ray, I. Ray, N. Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39,2005,pp.267-292.
[21]R. Cramer, V.Shoup, "Signature scheme based on the Strong RSA assumption," ACM Transactions on Information and System Security,3(3),2000, pp.161-185.
[22]M. Fischlin, "The Cramer-Shoup strong-RSA signature scheme revisited,"in Proc. Public Key Cryptography, Miami,Jan.2003, LNCS2567, pp.116-129.
[23]Jan Camenisch, Markus Michels, "Proving in zero-knowledge that a number is the product of two safe primes," in Proc. EUROCRYPT 1999, pp.107-122.
[24]H. Krawczyk, T. Rabin, "Chameleon signatures," in Proc. Network and Distributed System Security. San Diego,2000, pp.143-154.
[1]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature,"in Proc. Cryptology-EUROCRYPT'98, LNCS 1403,1998, pp.591-606.
[2]N. Asokan, V. Shoup, M. Waidner, "Optimistic fair exchange of digital signature,"IEEE J. on Selected Areas in Communication,18(4),2000, pp. 593-610.
[3]N. Asokan, Fairness in electronic commerce, Waterloo, Ontario, Canada: University of Waterloo,1998.
[4]G Ateniese, "Verifiable encryption of digital signatures and applications,"ACM transactions on Information and System Security,7(1),2004, pp.1-20.
[5]M. Payeras-Capella, J.L. Ferrer-Gomila, L. Huguet-Rotger, "Achieving fairness and timeliness in a previous electronic contract signing protocol," in Proc. the First International Conference on Availability, Reliability and Security, Vienna, Apr.2006.
[6]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39(3), May 2005,pp.267-292.
[7]Huaping Li, Weidong Kou, Xiaozhen Du, "Fair e-commerce protocols without a third party,"in Proc. the 11th IEEE Symposium on Computers and Communications, Jun.2006, pp.324-327.
[8]Zhenfeng Zhang, Dengguo Feng,"Generic fair exchange without TTP," in Proc. the 3rd Security Protocol Symposium of SKLOIS, Beijing, Sep.2007, pp.1-18.
[9]Joan Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer, Leendert van Doom, Sean Smith, and Steve Weingart, "Building the IBM 4758 secure coprocessor," IEEE Computer Society,34(10), Oct.2001,pp.57-66.
[10]Trusted computing group.https://www.trustedcomputinggroup.org,2003.(27)
[11]Gildas Avoine, Felix Gartner, Rachid Guerraoui, etc, "Reducing fair exchange to atomic commit," Technical Report IC/2004/11,Swiss Federal Institute of Technology (EPFL),Feb.2004.
[12]G Avoine, F. Gartner, R.Guerraoui and M.Vuolic,"Gracefully degrading fair exchange with security modules," in Proc. the 5th European Dependable Computing Conference, LNCS 3463,2005,pp.55-71.
[13]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols,"IEEE Transactions on Dependable and Secure Computing,2(4),2005,pp.273-286.
[14]Gildas Avoine and Serge Vaudenay, "Cryptography with guardian angels: Bringing civilization to pirates," ACM Mobile Computing and Communications Review,7(1), Jan.2003,pp.74-94.
[15]Gildas Avoine and Serge Vaudenay, "Fair exchange with guardian angels,"in Proc. WISA 2003,LNCS 2908, Jeju Island, Aug.2003,pp.188-202.
[16]Gildas Avoine, "Cryptography in radio frequency identification and fair exchange protocols," Ph.D.Thesis, PEFL, Dec.2005.
[17]汪涛,基于智能卡的认证与隐私保护协议研究,北京:北京邮电大学,2006.
[1]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature," IEEE J. Select. Areas Commun.,18(4),2000, pp.593-610.
[2]Indrakshi Ray, Indrajit Ray, "An optimistic fair exchange e-commerce protocol with automated dispute resolution," in Proc. the First International Conference on Electronic Commerce and Web Technologies, Greenwich, LNCS 1815,Sep. 2000.
[3]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39(3),May 2005, pp.267-292.
[4]Guilin Wang, "An abuse-free fair contract signing protocol based on the RSA signature," in Proc. WWW2005,Chiba, May 2005.
[5]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols," IEEE Transactions on Dependable and Secure Computing,2(4),2005,pp.273-286.
[6]H. Pagnia, H. Vogt, and F.C. Gartner,"Fair exchange,"The Computer Journal, 2003,46(1):55-75.
[7]邢育红,公平交换协议分析方法研究,济南:山东大学,2005.
[8]卿斯汉编著,安全协议,北京:清华大学出版社,2005.
[9]T. Beth, M.Borcherding, and B. Klein, "Valuation of trust in open network,"in Proc. ESORICS,1994, pp.3-18.
[10]徐锋,吕建,“Web安全中的信任管理研究与进展,”软件学报,13(8),2002,pp.1-6.
[11]陈华勇,谢冬青,王永静,“Beth信任计算模型的分析和改进,”湖南大学学报,30(3),2003,pp.59-62.
[12]W. Stallings, Cryptography and network security:principles and practice,2nd edition, Prentice-Hall, New Jersey,1999.
[13]Gildas Avoine, Felix Gartner, Rachid Guerraoui, etc, "Reducing fair exchange to atomic commit," Technical Report IC/2004/11,Swiss Federal Institute of Technology (EPFL),Feb.2004.
[14]G Avoine, F. Gartner, R.Guerraoui and M. Vuolic, "Gracefully degrading fair exchange with security modules,"in Proc. the 5th European Dependable Computing Conference, LNCS 3463,2005,pp.55-71.
[15]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols," Technical Report Series CS-TR-928, University of Newcastle upon Tyne, Sep.2005.
[16]Gildas Avoine and Serge Vaudenay,"Cryptography with guardian angels: Bringing civilization to pirates," ACM Mobile Computing and Communications Review,7(1),Jan.2003, pp.74-94.
[17]Gildas Avoine and Serge Vaudenay, "Fair exchange with guardian angels," in Proc. WISA2003, LNCS 2908, Jeju Island, Aug.2003, pp.188-202.
[18]Gildas Avoine,"Cryptography in Radio Frequency Identification and Fair Exchange Protocols,"Ph.D.Thesis, PEFL, Dec.2005.
[2]卿斯汉,“电子商务协议中的可信第三方角色,”软件学报,14(11),2003,pp.1936-1943.
[3]卿斯汉,“安全协议20年研究进展,”软件学报,14(10),2003,pp.1740-1752.
[4]卿斯汉编著,安全协议,北京:清华大学出版社,2005.
[5]N. Asokan, Matthias Schunter, and Michael Waidner, "Optimistic protocols for fair exchange,"in Proc. ACM Conference on CCS, Zurich, Apr.1997. pp.8-17.
[6]N.Asokan,V.shoup,and M.Waidner, "Asynchronous protocols for optimistic fair exchange,"in Proc. IEEE Symposium on Research in Security and Privacy, Oakland,May1998, pp.86-99.
[7]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature,"IEEE J.Select. Areas Commun.,18(4),2000, pp.593-610.
[8]N. Asokan, Fairness in electronic commerce, Waterloo, Ontario, Canada: University of Waterloo,1998.
[1]A. J.Menezes, P. C. van Oorschot, and S.A. Vantstone, Handbook of Applied Cryptographic, CRC Press,1996.
[2]王育民,刘建伟,通信网的安全—理论与技术,西安:西安电子科技大学出版社,1999.
[3]D.R.Stinson著,冯登国译,密码学原理与实践(第二版),北京,电子工业出版社,2003.
[4]W. Mao, Modern cryptography:theory & practice, Prentice Hall,2003.
[5]X. Y.Wang,"Collisions for some Hash functions MD4, MD5, HAVAL-128, RIP EMD," in Proc. Crypto,2004.
[6]X.Y. Wang, H. B. Yu, and Y.L. Yin, "Efficient collision search attacks on SHA-0," in Proc. Cryptology-Crypto, LNCS 3621,2005,pp.1-16.
[7]X. Y. Wang, Y.L. Yin, and H. B. Yu, "Finding collisions in the Full SHA-1,"in Proc. Cryptology-Crypto, LNCS 3621,2005, pp.17-36.
[8]X. Y. Wang, X. J.Lai, D. G.Feng etc, "Cryptanalysis for Hash functions MD4 and RIP EMD,"in Proc. Cryptology-Crypto, LNCS 3494,2005, pp.1-18.
[9]X.Y.Wang and H.B.Yu, "How to break MD5 and other Hash functions," in Proc. Cryptology-Crypto, LNCS 3494,2005.pp.19-35,
[10]Michael Ben-Or,Oded Golderich,Silvio Micali,and Ronald L. Rivest,"A fair protocol for signing contracts," IEEE Transaction on Information Theory,36(1), Jan.1990, pp.40-46.
[11]Shimon Even,Oded Golderich,and Abarham Lempel, "A randomized protocol for signing contracts," Communications of the ACM,28(6), Jun.1985,pp.637-647.
[12]Matthew K. Franklin and Michael K. Reiter, "Fair exchange with a Semi-trusted third party,"in Proc. the 4th ACM Conference on CCS, April 1997, pp.1-5.
[13]Birgit Pfiztmann,Matthias Schunter,and Michael Waidner, "Optimal efficiency of optimistic contract signing," in Proc. the 17th Annual ACM Symposium on Principles of Distributed Computing, New York, May1998, pp.113-122.
[14]Holger Vogt,Henning Pagnia,and Felix C. Gartner,"Modular fair exchange protocols for electronic commerce,"in Proc. the 15th Annual Computer security Applications Conference,Phoenix,Dec.1999, pp.3-11.
[15]Jianying Zhou and Dieter Gollmann, "Evidence and non-repudiation," Journal of Network and Computer Applications,20,1997, pp.267-281.
[16]N. Asokan,Matthias Schunter,and Michael Waidner,"Optimistic protocols for fair exchange," in Proc. the 4th ACM Conference on Computer and Communications Security, Zurich, Apr.1997, pp.8-17.
[17]N.Asokan,V.shoup,and M.Waidner, "Asynchronous protocols for optimistic fair exchange," in Proc. IEEE Symposium on Research in Security and Privacy, Oakland, May1998,pp.86-99.
[18]Felix C. Gartner,Henning Pagnia,and Holger Vogt, "Approaching a formal definition of fairness in electronic commerce,"in Proc. WELCOM, Lausanne, Oct.1999, pp.354-359.
[19]Giuseppe Ateniese, "Efficient verifiable encryption (and fair exchange) of digital Signatuers,"in Proc. the 6th ACM Conference on Computer and Communications Security, Singapore, Nov.1999, pp.138-146.
[20]V'eronique Cortier,Jonathan K. Millen,and Harald Ruess, "Proving secrecy is easy enough,"in Proc. the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Jun.2001.
[21]Jianying Zhou,Robert H. Deng,and Feng Bao,"Some remarks on a fair exchange protocol,"in Proc. International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1751,Springer-Verlag, Jan.2000, pp.46-57.
[22]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature," IEEE J. on Selected Areas in Communication,18(4),2000, pp.593-610.
[23]N. Asokan, Fairness in Electronic Commerce, Waterloo, Ontario, Canada: University of Waterloo,1998.
[24]H. Pagnia, H. Vogt, and F.C. Gartner, "Fair exchange," The Computer Journal, 46(1),2003, pp.55-75.
[25]张玲,电子代币支付协议的分析与设计,长沙:国防科学技术大学,2006.
[26]邢育红,公平交换协议分析方法研究,济南:山东大学,2005.
[27]沈炜,用于公平交换的若干协议和规范的研究与应用,杭州:浙江大学,2003.
[28]卿斯汉编著,安全协议,北京:清华大学出版社,2005
[29]L. Chen, C. Kudla, and K. G.Paterson, "Concurrent signatures," in Proc. Eurocrypt2004, LNCS 3027, Spriger-Verlag,2004, pp.287-305.
[30]王贵林,门限签名方案和认证协议的设计和分析,北京:中国科学院软件研究所信息安全技术工程研究中心,2000.
[31]王芷玲,张玉清,杨波,“公平交换协议设计原则,”中国科学院研究生院学报,23(4),Jul.2006,pp.555-560.
[32]Pagnia H,Gartner C,"On the impossibility of fair exchange without a trusted third party," Technical Report TUD-BS-1999-02, Darmstadt University of Technology,1999.
[33]Kremer S, Markowitch O, Zhou J, "An intensive survey of non-repudiation protocols,"Computer Communications,25 (17),2002, pp.1606-1621.
[34]Shao Min-Hua, Wang Guilin and Zhou Jianying, "Some common attacks against certified email protocols and the countermeasures,"Computer Communications, 29(15), Sep.2006, pp.2759-2769.
[35]周永彬,张振峰,卿斯汉等,“基于RSA签名的优化公平交换协议,”软件学报,15(7),2004,pp.1049-1055.
[36]Bao F, Deng RH, Mao W, "Efficient and practical faire exchange protocols with off-line TTP," in Proc. the 1998 IEEE Symp. on Security and Privacy,1998, pp. 77-85.
[37]Zhou J, Gollmann D, "A fair non-repudiation protocol,"in Proc. the 1996 IEEE Symp.on Security and Privacy,1996, pp.55-61.
[38]Franklin MK, Reiter MK, "Fair exchange with a semi-trusted third party," in Proc. the 4th ACM Conf.on Computer and Communications Security,1997, pp.1-5.
[39]Damgard I B, "Practical and provably secure release of a secret and exchange of signatures,"Journal of Cryptology,8(4),1995,pp.201-222.
[40]Deng R and Gong L and Lazar A.,"Practical protocol for certified electronic mail," Journal of Network and Systems Management,1996,4(3), pp.279-297.
[41]Zhou J and Gollmann D, "A fair non-repudiation protocol," in Proc. the IEEE Symposium on Security and Privacy,1996, pp.55-61.
[42]J.L. Ferrer-Gomila, M. Payeras-Capella, and L. Huguet-Rotger, "Efficient optimistic n-party contract signing protocol,"in Proc. Information Security Conference, LNCS 2200,2001,pp.394-407.
[43]Bao F, Wang G and Zhou J, "Analysis and improvement of Micali's fair contract signing protocol,"in Proc. Information Security and Privacy ACISP 2004, LNCS3108,2004, pp.176-187.
[44]Even,S.,O. Goldreich, and A. Lempel, "A randomized protocol for signing contracts," Communications of the ACM,28(6),1985,pp.279-297.
[45]Okamoto, T. and K. Ohta, "How to simultaneously exchange secrets by general assumptions," in Proc. the 2nd ACM Conference on Computer and Communications Security,1994, pp.184-192.
[46]T. Tedrick, "How to exchange half a bit,"in Proc. Crypto83,1983,pp.147-151.
[47]T. Tedrick, "Fair exchange of Secrets,"in Proc. Crypto84. LNCS 196,1985, pp.434-438.
[48]Brickell E, Chaum D,Damgard I,and Graaf J,"Gradual and verifiable release of a secret,"in Proc. Crypto87. Berlin,1988.
[49]O.Markowitch and Y. Roggeman, "Probabilistic non-repudiation without trusted third party,"in Proc. the 2nd Workshop on Security in Communication Networks, 1999.
[50]R.Rivest,A.Shamir and Y. Tauman, "How to leak a secret," in Proc. ASIACRYPT2001,LNCS2248,2001,pp.552-565.
[51]M.Abe,M.Ohkubo,and K. Suzuki,"1-out-of-n signatures from a variety of keys,"in Proc. ASIACRYPT 2002,LNCS2501,2002,pp.415-432.
[52]W. Susilo, Y. Mu,F. Zhang, "Perfect concurrent signature schemes," in Proc. ICICS 2004, LNCS 3269,2004, pp.14-26.
[53]Guilin Wang, Feng Bao, Jianying Zhou, "The fairness of perfect concurrent signatures," in Proc. ICICS 2006, pp.435-451.
[54]Benjamin Cox,Doug Tygar,and Marvin Sirbu, "NetBill security and transaction protocol,"in Proc. the First UNIX Workshop of Electronic Commerce, Jul.1995, Pages77-88.
[55]Robert H. Deng,Li Gong,Aurel A. Lazar,and Weiguo Wang, "Practical protocols for certified electronic mail,"Journal of Network and System Management,4(3),1996, pp.279-297.
[56]Ning Zhang and Qi Shi, "Achieving non-repudiation of receipt," The Computer Journal,39(10),1996, pp.844-853.
[57]Silvio Micali, "Certified E-mail with invisible post offices," an invited presentation at the RSA 1997 conference,1997.
[58]Jianying Zhou and Dieter Gollmann, "An efficient non-repudiation protocol," in Proc. the 10th IEEE Computer Security Foundations Workshop, Jun.1997, pp.126-132.
[59]Jianying Zhou,Robert H. Deng,and Feng Bao, "Evolution of fair non-repudiation with TTP," in Proc. ACISP, LNCS 1587,1999, pp.258-269.
[60]Steve Kremer and Olivier Markowitch,"Optimistic non-repudiable information exchange,"in Proc. the 21st Symp. On Information Theory, May2000, pp.139-146.
[61]Indrakshi Ray, Indrajit Ray, "An optimistic fair exchange e-commerce protocol with automated dispute resolution,"in Proc. the First International Conference on Electronic Commerce and Web Technologies, Greenwich, LNCS 1815,Sep. 2000.
[62]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39(3), May 2005,pp.267-292.
[63]J. M. Park, E. Chong, H. Siegel, and I. Ray,"Constructing fair exchange protocols for E-commerce via distributed computation of RSA signatures," in Proc. the 22nd Annual ACM Symposium on Principles of Distributed Computing, Jul.2003,pp.172-181.
[64]Y.Dodis, L. Reyzin, "Breaking and repairing optimistic fair exchange from PODC 2003,"in Proc. the ACM Workshop on Digital Rights Management,2003, pp.47-54.
[65]Huafei Zhu. Constructing optimistic fair exchange protocols from committed signatures, http://eprint.iacr.org
[66]O. Markowitch and S.Kremer, "An optimistic non-repudiation protocol with transparent trusted third party," in Proc. Information Security Conference (ISC'01),LNCS 2200,2001,pp.363-378.
[67]Guilin Wang, Generic fair non-repudiation protocols with transparent off-line TTP, IOS Press,2003.
[68]Guilin Wang, "An abuse-free fair contract signing protocol based on the RSA signature," in Proc. WWW2005,Chiba, May 2005.
[69]Gildas Avoine, Felix Gartner, Rachid Guerraoui, etc, "Reducing fair exchange to atomic commit," Technical Report IC/2004/11,Swiss Federal Institute of Technology (EPFL), Feb.2004.
[70]G. Avoine, F. Gartner, R. Guerraoui and M. Vuolic, "Gracefully degrading fair exchange with security modules,"in Proc. the 5th European Dependable Computing Conference, LNCS 3463,2005,pp.55-71.
[71]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols," IEEE Transactions on Dependable and Secure Computing,2(4),pp.2005,273-286.
[72]Nicolas Gonzalez-Deleito, Olivier Markowitch. An Optimistic Multi-party Fair Exchange Protocol with Reduced Trust Requirements. www.ulb.ac.be/di/scsi/markowitch/publications/icisc01.pdf
[73]Levente Buttyan, Jean-Pierre Hubaux.Toward a Formal Model of Fair Exchange-a Game Theoretic Approach. An updated version of EPFL SSC Technical Report No.SSC/1999/039.Swiss Federal Institute of Technology, Switzerland,4 May 2000.
[74]Levente Buttyan, Jean-Pierre Hubaux and Srdjan Capkun. A Formal Analysis of Syverson's Rational Exchange Protocol.Proceedings of the 15th IEEE Computer Security Foundations Workshop, June 2002. http://www.terminodes.org
[75]卿斯汉,李改成.公平交易协议的一个形式化模型.中国科学(E辑),2005,35(2):161-172.
[76]卿斯汉,李改成.多方公平交易协议的形式化分析和设计.中国科学(E辑),2006,36(6):598-616.
[1]Asokan N. Fairness in electronic commerce.Waterloo, Ontario, Canada: University of Waterloo,1998.
[2]F. Bao, R. H. Deng and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP,"in Proc. IEEE Symposium on Security and Privacy, Oakland, May 1998, pp.77-85,.
[3]Indrakshi Ray, Indrajit Ray, "An optimistic fair exchange e-commerce protocol with automated dispute resolution," in Proc. the First International Conference on Electronic Commerce and Web Technologies, Greenwich, LNCS 1815,Sep. 2000.
[4]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39,2005, pp.267-292.
[5]Guilin Wang, "An abuse-free fair contract signing protocol based on the RSA signature,"in Proc. WWW2005, Chiba, May 2005.
[6]L. Chen, C. Kudla, and K. G. Paterson,"Concurrent signatures,"in Proc. Eurocrypt'04, LNCS 3027,2004, pp.287-305.
[7]Jakobsson M.,Sako K.,and Impagliazzo R, "Designated verifier proofs and their applications,"in Proc. Cryptology-EUROCRYPT 1996, LNCS 1070,1996, pp.143-154.
[8]C.P. Schnorr, "Efficient identification and signatures for smart cards," in Proc. Cryptology-CRYPTO 1989, LNCS 435,1990, pp.239-252.
[9]W. Susilo, Y. Mu, F. Zhang, "Perfect concurrent signature schemes," in Proc. ICICS 2004, LNCS 3269,2004, pp.14-26.
[10]Guilin Wang, Feng Bao, Jianying Zhou, "The Fairness of perfect concurrent signatures,"in Proc. ICICS,2006, pp.435-451.
[11]Zhenfeng Zhang, Dengguo Feng, "Generic fair exchange without TTP," in Proc. the 3rd Security Protocol Symposium of SKLOIS,Beijing, Sep.2007, pp.1-18.
[12]J. Camenisch, "Efficient and generalized group signatures," in Proc. Cryptology-EUROCRYPT 1997, LNCS1233,1998, pp.465-479.
[13]Huaping Li, Weidong Kou, Xiaozhen Du, "Fair e-commerce protocols without a third party," in Proc. the 11th IEEE Symposium on Computers and Communications, Jun.2006, pp.324-327.
[14]Zhenjie Huang, Rufen Huang, Xuanzhi Lin, "Perfect concurrent signature protocol," in Proc. the 8th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking, and Parallel/Distributed Computing, Jul.2007, pp.467-472.
[1]N. Asokan, V. Shoup, and M. Waidner,"Optimistic fair exchange of digital signature," in Proc. Cryptology-EUROCRYPT'98, LNCS 1403,1998, pp. 591-606.
[2]N. Asokan, V. Shoup, M. Waidner,"Optimistic fair exchange of digital signature," IEEE J.on Selected Areas in Communication,18(4),2000, pp. 593-610.
[3]N. Asokan. Fairness in electronic commerce. Waterloo, Ontario, Canada: University of Waterloo,1998.
[4]D. Boneh, C. Gentry, B. Lynn, H. Shacham, "Aggregate and verifiably encrypted signatures from bilinear maps," in Proc. Cryptolcgy-EUROCRYPT 2003, Warsaw, May 2003, LNCS2656, pp.416-432.
[5]G Ateniese, "Efficient verifiable encryption (and fair exchange) of digital signatures," in Proc. the Sixth ACM Conference on Computer and Communication Security Nov.1999, pp.138-146.
[6]F. Bao, R. Deng, and W. Mao, "Efficient and practical fair exchange protocols with off-line TTP," in Proc. the IEEE Symposium on Security and Privacy,1998, pp.77-85.
[7]Y.T. Kalai, R. Raz,"Succinct non-interactive zero-knowledge proofs with preprocessing for LOGSNP," in Proc. the 47th Annual IEEE Symposium on Foundations of Computer Science,Berkeley,2006,355-366.
[8]Guilin Wang, Generic fair non-repudiation protocols with transparent off-line TTP, IOS Press,2003.
[9]L. Chen, "Efficient fair exchange with verifiable confirmation of signatures,"in Proc. Cryptology-Asiacrypt 1998, LNCS1514,1998, pp.286-299.
[10]S.Micali, "Simple and fast optimistic protocols for fair electronic exchange,"in Proc. ACM Symposium on Principles of Distributed Computing,2003,pp.12-19.
[11]G. Ateniese, "Verifiable encryption of digital signatures and applications,"ACM transactions on Information and System Security,7(1),2004, pp.1-20.
[12]J.Camenisch and I. B.Damgard, "Verifiable encryption, group encryption, and their applications to group signatures and signature sharing schemes,"in Proc. Cryptology-ASIACRYPT 2000, LNCS 1976, Kyoto, Dec.2000, pp.331-345.
[13]Y. Dodis, L. Reyzin,"Breaking and repairing optimistic fair exchange from PODC 2003," in Proc. ACM Workshop on Digital Rights Management, Washington, Oct.2003, pp.47-54.
[14]J.M. Park, E. Chong, H. Siegel, and I. Ray,"Constructing fair-exchange protocols for e-commerce via distributed computation of RSA signatures," in Proc. PODC 2003, pp.172-181.
[15]A. Boldyreva, "Efficient threshold signatures, multisignatures and blind signatures based on the Gap-Diffie-Hellman-group signature scheme," in Proc. PKC 2003, LNCS 2567,2003,pp.31-46.
[16]D. Boneh, B. Lynn, and H. Shacham, "Short signatures from the weil pairing," in Proc. Cryptology-ASIACRYPT 2001,LNCS 2248, Gold Coast, Dec.2001, pp.514-532.
[17]J.-S.Coron and D. Naccache. Boneh et al,"'s k-element aggregate extraction assumption is equivalent to the Diffie-Hellman assumption," in Proc. Cryptology-ASIACRYPT-2003, Taipei, Nov.2003.
[18]M. Payeras-Capella, J.L. Ferrer-Gomila, L. Huguet-Rotger, "Achieving fairness and timeliness in a previous electronic contract signing protocol,"in Proc. the First International Conference on Availability, Reliability and Security, Vienna, Apr.2006.
[19]H. Zhu, F. Bao,"Stand-alone and setup-free verifiably committed signatures," in Proc. CTRSA2006, LNCS 3860,2006, pp.159-173.
[20]I. Ray, I. Ray, N. Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39,2005,pp.267-292.
[21]R. Cramer, V.Shoup, "Signature scheme based on the Strong RSA assumption," ACM Transactions on Information and System Security,3(3),2000, pp.161-185.
[22]M. Fischlin, "The Cramer-Shoup strong-RSA signature scheme revisited,"in Proc. Public Key Cryptography, Miami,Jan.2003, LNCS2567, pp.116-129.
[23]Jan Camenisch, Markus Michels, "Proving in zero-knowledge that a number is the product of two safe primes," in Proc. EUROCRYPT 1999, pp.107-122.
[24]H. Krawczyk, T. Rabin, "Chameleon signatures," in Proc. Network and Distributed System Security. San Diego,2000, pp.143-154.
[1]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature,"in Proc. Cryptology-EUROCRYPT'98, LNCS 1403,1998, pp.591-606.
[2]N. Asokan, V. Shoup, M. Waidner, "Optimistic fair exchange of digital signature,"IEEE J. on Selected Areas in Communication,18(4),2000, pp. 593-610.
[3]N. Asokan, Fairness in electronic commerce, Waterloo, Ontario, Canada: University of Waterloo,1998.
[4]G Ateniese, "Verifiable encryption of digital signatures and applications,"ACM transactions on Information and System Security,7(1),2004, pp.1-20.
[5]M. Payeras-Capella, J.L. Ferrer-Gomila, L. Huguet-Rotger, "Achieving fairness and timeliness in a previous electronic contract signing protocol," in Proc. the First International Conference on Availability, Reliability and Security, Vienna, Apr.2006.
[6]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39(3), May 2005,pp.267-292.
[7]Huaping Li, Weidong Kou, Xiaozhen Du, "Fair e-commerce protocols without a third party,"in Proc. the 11th IEEE Symposium on Computers and Communications, Jun.2006, pp.324-327.
[8]Zhenfeng Zhang, Dengguo Feng,"Generic fair exchange without TTP," in Proc. the 3rd Security Protocol Symposium of SKLOIS, Beijing, Sep.2007, pp.1-18.
[9]Joan Dyer, Mark Lindemann, Ronald Perez, Reiner Sailer, Leendert van Doom, Sean Smith, and Steve Weingart, "Building the IBM 4758 secure coprocessor," IEEE Computer Society,34(10), Oct.2001,pp.57-66.
[10]Trusted computing group.https://www.trustedcomputinggroup.org,2003.(27)
[11]Gildas Avoine, Felix Gartner, Rachid Guerraoui, etc, "Reducing fair exchange to atomic commit," Technical Report IC/2004/11,Swiss Federal Institute of Technology (EPFL),Feb.2004.
[12]G Avoine, F. Gartner, R.Guerraoui and M.Vuolic,"Gracefully degrading fair exchange with security modules," in Proc. the 5th European Dependable Computing Conference, LNCS 3463,2005,pp.55-71.
[13]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols,"IEEE Transactions on Dependable and Secure Computing,2(4),2005,pp.273-286.
[14]Gildas Avoine and Serge Vaudenay, "Cryptography with guardian angels: Bringing civilization to pirates," ACM Mobile Computing and Communications Review,7(1), Jan.2003,pp.74-94.
[15]Gildas Avoine and Serge Vaudenay, "Fair exchange with guardian angels,"in Proc. WISA 2003,LNCS 2908, Jeju Island, Aug.2003,pp.188-202.
[16]Gildas Avoine, "Cryptography in radio frequency identification and fair exchange protocols," Ph.D.Thesis, PEFL, Dec.2005.
[17]汪涛,基于智能卡的认证与隐私保护协议研究,北京:北京邮电大学,2006.
[1]N. Asokan, V. Shoup, and M. Waidner, "Optimistic fair exchange of digital signature," IEEE J. Select. Areas Commun.,18(4),2000, pp.593-610.
[2]Indrakshi Ray, Indrajit Ray, "An optimistic fair exchange e-commerce protocol with automated dispute resolution," in Proc. the First International Conference on Electronic Commerce and Web Technologies, Greenwich, LNCS 1815,Sep. 2000.
[3]Indrakshi Ray, Indrakshi Ray and Narasimhamurthi Natarajan, "An anonymous and failure resilient fair-exchange e-commerce protocol," Decision Support Systems,39(3),May 2005, pp.267-292.
[4]Guilin Wang, "An abuse-free fair contract signing protocol based on the RSA signature," in Proc. WWW2005,Chiba, May 2005.
[5]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols," IEEE Transactions on Dependable and Secure Computing,2(4),2005,pp.273-286.
[6]H. Pagnia, H. Vogt, and F.C. Gartner,"Fair exchange,"The Computer Journal, 2003,46(1):55-75.
[7]邢育红,公平交换协议分析方法研究,济南:山东大学,2005.
[8]卿斯汉编著,安全协议,北京:清华大学出版社,2005.
[9]T. Beth, M.Borcherding, and B. Klein, "Valuation of trust in open network,"in Proc. ESORICS,1994, pp.3-18.
[10]徐锋,吕建,“Web安全中的信任管理研究与进展,”软件学报,13(8),2002,pp.1-6.
[11]陈华勇,谢冬青,王永静,“Beth信任计算模型的分析和改进,”湖南大学学报,30(3),2003,pp.59-62.
[12]W. Stallings, Cryptography and network security:principles and practice,2nd edition, Prentice-Hall, New Jersey,1999.
[13]Gildas Avoine, Felix Gartner, Rachid Guerraoui, etc, "Reducing fair exchange to atomic commit," Technical Report IC/2004/11,Swiss Federal Institute of Technology (EPFL),Feb.2004.
[14]G Avoine, F. Gartner, R.Guerraoui and M. Vuolic, "Gracefully degrading fair exchange with security modules,"in Proc. the 5th European Dependable Computing Conference, LNCS 3463,2005,pp.55-71.
[15]Paul D. Ezhilchelvan, Santosh K. Shrivastava, "A family of trusted third party based fair-exchange protocols," Technical Report Series CS-TR-928, University of Newcastle upon Tyne, Sep.2005.
[16]Gildas Avoine and Serge Vaudenay,"Cryptography with guardian angels: Bringing civilization to pirates," ACM Mobile Computing and Communications Review,7(1),Jan.2003, pp.74-94.
[17]Gildas Avoine and Serge Vaudenay, "Fair exchange with guardian angels," in Proc. WISA2003, LNCS 2908, Jeju Island, Aug.2003, pp.188-202.
[18]Gildas Avoine,"Cryptography in Radio Frequency Identification and Fair Exchange Protocols,"Ph.D.Thesis, PEFL, Dec.2005.