Cryptology ePrint Archive: Report 2010/236

Accountability: Definition and Relationship to Verifiability

Ralf Kuesters and Tomasz Truderung and Andreas Vogt

Abstract: Many cryptographic tasks and protocols, such as non-repudiation, contract-signing, voting, auction, identity-based encryption, and certain forms of secure multi-party computation, involve the use of (semi-)trusted parties, such as notaries and authorities. It is crucial that such parties can be held accountable in case they misbehave as this is a strong incentive for such parties to follow the protocol. Unfortunately, there does not exist a general and convincing definition of accountability that would allow to assess the level of accountability a protocol provides.

In this paper, we therefore propose a new, widely applicable definition of accountability, with interpretations both in symbolic and computational models. Our definition reveals that accountability is closely related to verifiability, for which we also propose a new definition. We prove that verifiability can be interpreted as a restricted form of accountability. Our findings on verifiability are of independent interest.

As a proof of concept, we apply our definitions to the analysis of protocols for three different tasks: contract-signing, voting, and auctions. Our analysis unveils some subtleties and unexpected weaknesses, showing in one case that the protocol is unusable in practice. However, for this protocol we propose a fix to establish a reasonable level of accountability.

Category / Keywords: cryptographic protocols / Accountability, Verifiability, Protocol Analysis, E-Voting, Auction, Contract Signing

Original Publication (with minor differences): Proceedings of the 17th ACM Conference on Computer and Communications Security (ACM CCS 2010)

Date: received 27 Apr 2010, last revised 2 Feb 2015

Contact author: kuesters at uni-trier de

Available format(s): PDF | BibTeX Citation

Note: Added publication information as well as some explanation in Section 5.2.

Version: 20150202:163211 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]