Cryptology ePrint Archive: Report 2009/427

Efficient Verifiable Escrow and Fair Exchange with Trusted Hardware

Stephen R. Tate and Roopa Vishwanathan

Abstract: At the heart of many fair exchange problems is verifiable escrow: a sender encrypts some value using the public key of a trusted party (called the recovery agent), and then must convince the receiver of the ciphertext that the corresponding plaintext satisfies some property (e.g., it contains the sender's signature on a contract). Previous solutions to this problem are interactive, and often rely on communication-intensive cut-and-choose zero-knowledge proofs. In this paper, we provide a solution that uses generic trusted hardware to create an efficient, non-interactive verifiable escrow scheme. Our solution allows the protocol to use a set of recovery agents with a threshold access structure, the \emph{verifiable group escrow} notion which was informally introduced by Camenisch and Damgard and which is formalized here. Finally, this paper shows how this new non-interactive verifiable escrow scheme can be used to create an efficient optimistic protocol for fair exchange of signatures.

Category / Keywords: cryptographic protocols/ fair exchange, verifiable encryption, verifiable escrow

Publication Info: An abbreviated, preliminary version of this work appeared in the \emph{Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'09)

Date: received 1 Sep 2009, last revised 29 May 2013

Contact author: vishwanathan roopa at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20130529:175044 (All versions of this report)

Short URL: ia.cr/2009/427

Discussion forum: Show discussion | Start new discussion