Sender and receiver non-repudiation

Emmanouil Magkos emagos at unipi.gr
Tue Jul 3 10:18:34 EDT 2001


A 1997 paper might be of great help for you:

Asokan, Victor Shoup, and Michael Waidner. Asynchronous protocols for
optimistic fair exchange. Research Report RZ 2976 (#93022), IBM Research

www.zurich.ibm.com/csc/infosec/publications/bibliography/


In this paper, there is a trusted third party (TTP), which is used
optimistically. This means that TTP is only invoqued if something goes
wrong. Although used in the context of contract signing, this approach can
be used in the "certified delivery" context.




=====================
Emmanouil Magkos
Department of Informatics
University of Piraeus
185 34 Piraeus, Greece
tel (1): +30 1 2113090
tel (2): +30 1 4142134
fax: +30 1 4142264
mobile: +30 945 075815
e-mail: emagos at unipi.gr
=====================

> It is well known that digital signatures can be used to ensure
> non-repudiation of the sender in message exchange.
>
> Say that Alice (A) sends to Bob (B) a mesage M. If Alice sends to Bob a
> signed receipt of the message sent, then Alice cannot refuse of having
> send the message.
> A-->B: M, SIGN_A(A sends M to M)
>
> Now if Bob receives the message and replies with a signed receipt
> B-->A: SIGN_B(B received M from A)
> then Bob cannot later refuse of having received the message M.
>
> The problem in this scheme is that Bob signs and sends the proof after
> he has received M. Bob can receive M and never send a receipt.
>
> By using a trusted delivery service, it is easy to produce
> non-repudiation evidence both for the sender and the receiver.
> Is there any cryptographic protocol that "forces" Bob to produce
> non-repudiation evidence during execution?
>
>
>
> [Your exposition is filled with statements lots of people might take
> issue with, like the concept that Alice "cannot" deny sending the
> message. What if Alice claims it wasn't her key, or her key was stolen
> or misappropriated, or what have you? One lesson I've learned -- you
> cannot perfect law with technology, or eliminate business risk with
> law. --Perry]
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com
>




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list