Sender and receiver non-repudiation
Helger Lipmaa
helger at tml.hut.fi
Tue Jul 3 10:48:31 EDT 2001
On Tue, 3 Jul 2001, Panayiotis Kotzanikolaou wrote:
> The problem in this scheme is that Bob signs and sends the proof after
> he has received M. Bob can receive M and never send a receipt.
>
> By using a trusted delivery service, it is easy to produce
> non-repudiation evidence both for the sender and the receiver.
> Is there any cryptographic protocol that "forces" Bob to produce
> non-repudiation evidence during execution?
Answering only to this concrete question: the kind of things you want are
accomplished by contract signing protocols. A few recent papers:
Optimistic Protocols for Fair Exchange(N. Asokan, Matthis Schunter,
Michael Waidner, 1996)
Optimal Efficiency of Optimistic Contract Signing(Birgit Pfitzmann,
Matthias Schunter, Michael Waidner, PODC 98)
Optimistic synchronous multi-party contract signing(N. Asokan, Birgit
Baum-Waidner, Matthias Schunter, and Michael Waidner, dec 1998)
Asynchronous protocols for optimistic fair exchange(N. Asokan, Victor
Shoup, Michael Waidner, may 1998)
Optimistic asynchronous multi-party contract signing(Birgit Baum-Waidner
and Michael Waidner, nov 1998)
Optimistic fair exchange of digital signatures(N. Askon, Victor Shoup,
Michael Waidner, oct 1999)
Abuse-free Optimistic Contract Signing(Juan Garay, Markus Jakobsson, Phil
MacKenzie, CRYPTO '99)
Abuse-free Multi-party Contract Signing( Juan Garay, Phil MacKenzie, DISC
'99)
Provable Secure Certified Mail(Birgit Pfitzmann, Matthias Schunter,
Michael Waidner, 2000)
Analysis of Abuse-Free Contract Signing( Vitaly Shmatikov, John C.
Mitchell, 2000)
06/23/01 Optimistic Asynchronous Multi-Party Contract Signing with Reduced
Number of Rounds(Birgit Baum-Waidner, eprint 2001/044)
(you can find links to them at
http://www.tml.hut.fi/~helger/crypto/link/protocols/contract.html)
Answering more generally: it does not help you to get non-repudiation.
Nothing does, unless Bob is able to prove that you signed this document
consiously, being sober, and generally, that you MEANT to sign it.
Helger
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list