Cryptology ePrint Archive: Report 2008/431

Usable Optimistic Fair Exchange

Alptekin Kupcu and Anna Lysyanskaya

Abstract: Fairly exchanging digital content is an everyday problem. It has been shown that fair exchange cannot be done without a trusted third party (called the Arbiter). Yet, even with a trusted party, it is still non-trivial to come up with an efficient solution, especially one that can be used in a p2p file sharing system with a high volume of data exchanged.

We provide an efficient optimistic fair exchange mechanism for bartering digital files, where receiving a payment in return to a file (buying) is also considered fair. The exchange is optimistic, removing the need for the Arbiter's involvement unless a dispute occurs. While the previous solutions employ costly cryptographic primitives for every file or block exchanged, our protocol employs them only once per peer, therefore achieving O(n) efficiency improvement when n blocks are exchanged between two peers. The rest of our protocol uses very efficient cryptography, making it perfectly suitable for a p2p file sharing system where tens of peers exchange thousands of blocks and they do not know beforehand which ones they will end up exchanging. Therefore, our system yields to one-two orders of magnitude improvement in terms of both computation and communication (40 seconds vs. 42 minutes, 1.6MB vs. 200MB). Thus, for the first time, a provably secure (and privacy respecting when payments are made using e-cash) fair exchange protocol is being used in real bartering applications (e.g., BitTorrent) without sacrificing performance.

Category / Keywords: cryptographic protocols / fair exchange, barter, peer-to-peer file sharing, BitTorrent.

Publication Info: full version of the CT-RSA 2010 paper with the same title

Date: received 6 Oct 2008, last revised 26 Jan 2010

Contact author: kupcu at cs brown edu

Available format(s): PDF | BibTeX Citation

Note: updated performance numbers

Version: 20100126:181700 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]