Degree Name

Master of Computer Science - Research


School of Computer Science and Software Engineering


Fair exchange of digital items via computer networks is an important research topic in modern cryptography. Generally speaking, a fair exchange protocol can help two mistrusted parties in networks exchange their digital items in a fair way, that is, both two parties get each other's item, or neither of them gets anything valuable after the protocol runs successfully. In practical applications, the technology of fair exchange is widely used in di erent but relevant elds, such as contract signing protocols, non-repudiation protocols, e-payment system and certi ed e-mails.

In a fair exchange protocol, a trusted third party (TTP) is usually needed as an authentic mediator between two mistrusted parties. In order to reduce the load of such a TTP, the notion of optimistic fair exchange (OFE) is proposed, in which there is an o -line TTP, called arbitrator, who acts as a judge to settle the dispute between parties and should only be involved if necessary. In previous studies, fair exchange is usually carried out between individual parties. When a fair exchange protocol runs between two members from two distinct groups, anonymity of the signer in a group could be necessary for achieving better privacy in some cases (e.g. protecting customers' trading habits in e-payment systems).

In this thesis, we study optimistic fair exchange of ring signatures (OFERS), i.e., two members from two di erent groups can exchange their ring signatures in an equitable way. Each user in these groups has his/her own public-private key pair and is able to sign a message on behalf of his/her group anonymously due to the property signer ambiguity inherited from ring signatures. We rst de ne the security model of OFERS in the multi-user setting under adaptive chosen message, chosen-key and chosen public-key attacks. Then, based on veri ably encrypted ring signatures (VERS), we construct a concrete scheme by combining the technologies of ring signatures, public-key encryption and zero-knowledge proof, and then show that our OFERS solution is provably secure in our security model and preserving signer ambiguity of ring signatures. Moreover, we improve the proposed OFERS scheme in order to meet the property abuse-freeness, which means, before the OFE protocol is successfully executed, any interim result in the protocol cannot be accepted as valid evidence showing that some participant has committed to complete the protocol. We propose the formal model of abuse-freeness in OFERS, and construct the rst concrete scheme of abuse-free optimistic fair exchange of ring signatures (AOFERS), which is formally proven perfectly abuse-free in our security model. To the best of our knowledge, this is the rst formal work on the topic of optimistic fair exchange of ring signatures.