S. Micali. Certified E-mail with invisible post o#ces. Available from author; an invited presentation at the RSA '97 conference, 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....was the use of an online TTP: the TTP intervenes in each protocol run, but not in each transmission [10,11] Protocols with a light weight TTP have been proposed. Finally, a big step towards more ecient solutions was the introduction of o ine TTPs. Independently, Micali and Asokan et al. [12,13], in the context of certi ed e mail and fair exchange, designed a protocol where the TTP only intervenes in case of problem. This approach, using an o line TTP, is also called the optimistic approach. The rationale is that in most cases the participating entities are honest and the network is ....

....suppose that most of the time no problem will occur. This is the reason why protocols with o ine TTP are also called optimistic. In the framework of exchange protocols, the rst protocols, a certi ed e mail protocol and fair exchange protocols, making use of an o ine TTP were presented in [12] [13] and [27] The rst series of non repudiaiton protocols detailed hereunder are variants of the protocols presented in [14] and [16] The last part of the section is devoted to a non repudiation protocol with transparent TTP. In this kind of protocol the TTP produces evidences which are ....

[Article contains additional citation context not shown here]

S. Micali, Certi ed E-mail with invisible post oces, Available from author; an invited presentation at the RSA '97 conference (1997).

.... participant following the protocol speci cation only has to invoke the judge if something goes wrong, e.g. if the other party stops before the exchange of commitments is complete (a similar property is called viability in [BOGMR90] Optimism is a popular feature of fair exchange protocols [Mic97,ASW97,ASW00]. In cases where both signers are honest, it enables contract signing to proceed without participation of a third party, and thus avoids communication bottlenecks inherent in protocols that involve a trusted authority in every instance. 3.1 Privilege and fairness In the BGMR protocol, it can ....

S. Micali. Certi ed e-mail with invisible post oces. Presented at RSA Security Conference, 1997.

....Some protocols [11, 17, 32] use a TTP to store the details of the transaction in order to help to successfully complete an exchange. As the TTP is actively involved in the protocol, this approach considerably reduces the eciency of the exchange. To remedy this shortcoming, independently Micali [22] and Asokan et al. 1, 4] proposed a solution that avoids the presence of the TTP between the parties. They proposed not to use the TTP during the transaction when the parties behave correctly and the network functions, but to invoke the TTP to complete the protocol in case of problems with one of ....

S. Micali. Certi ed E-mail with invisible post oces. Available from author; an invited presentation at the RSA '97 conference, 1997.

....information which has the same properties as a client s nal signature when combined with the earlier committed signature. This recovered signature is not the same signature expected in a faultless case but is also a client s signature. The use of an invisible TTP was rst proposed by Micali [14] in the framework of certi ed mails. Asokan et al. 5] and Bao et al. 6] proposed fair exchange protocols allowing to recover, in case of problem, the original client s signature committed earlier in the protocol rather than adavits produced and signed by the TTP. This kind of signatures is ....

S. Micali. Certi ed E-mail with invisible post oces. Available from author; an invited presentation at the RSA '97 conference, 1997.

....nal signature when combined with the earlier committed signature. However, the signature generated by the TTP in case of a problem, can be distinguished from the signature generated in a faultless case. Hence, the TTP is not transparent. The use of an invisible TTP was rst proposed by Micali [12] in the framework of certi ed e mails. Asokan et al. 3] and Bao et al. 4] proposed fair exchange protocols allowing to recover, in case of problem, the original client s signature committed earlier in the protocol rather than adavits produced and signed by the TTP. Asokan et al. s protocol is ....

S. Micali. Certi ed E-mail with invisible post oces. Available from author; an invited presentation at the RSA '97 conference, 1997.

....to cheat or simply crashes; therefore, in the vast majority of transactions, the third party will not need to be involved at all. Following [ASW97] we call our protocol optimistic; in addition to [ASW97] optimistic protocols for several variants of the fair exchange problem are discussed in [BDM98, BP90, Mic97]. Compared to a protocol using an on line third party, the optimistic approach greatly reduces the load on the third party, which in turn reduces the cost and insecurity involved in replicating the service in order to maintain availability. It also makes it more feasible to implement the trusted ....

.... decryption, and B deposits his signature with the trusted third party so that A can retrieve it at a later time (the condition that A attached to the veri able escrow ensures that B deposits the correct signature) The logic of this protocol is essentially the same as the that of the protocols in [ASW97, BDM98, BP90, Mic97]. Actually, the protocols in [ASW97, BP90, Mic97] are in a somewhat di erent setting, and do not make use of the notion of veri able escrow in exactly the same way as we do, but that does not a ect the point we wish to make here. Although this protocol ensures fairness, it su ers from a severe if ....

[Article contains additional citation context not shown here]

S. Micali. Certied e-mail with invisible post oces. Manuscript (presented at the 1997 RSA Security Conference), 1997.

....may also impose entry or subscription fees to users and merchants for their participation in the payment system. A payment scheme per se does not provide the assurance that the merchant will deliver the relevant merchandise (goods, services, information, etc. Other schemes such as that of [12] may guarantee that a fair exchange takes place. Also, a payment scheme per se does not guarantee that the user has enough money to pay. A separate mechanism may insure the merchant against this risk (e.g. the bank may guarantee payment if the user had a valid certi cate) Anonymity is not ....

Silvio Micali. Certied e-mail with invisible post oces. In Proceedings RSA97, San Francisco, CA, January 1997. Also, U.S. Patent No. 5,666,420.

No context found.

S. Micali. Certified E-mail with invisible post o#ces. Available from author; an invited presentation at the RSA '97 conference, 1997.

No context found.

S. Micali. Certified E-mail with invisible post o#ces. Available from author; an invited presentation at the RSA '97 conference, 1997.

No context found.

S. Micali, Certified E-mail with invisible post o#ces, Available from author; an invited presentation at the RSA '97 conference (1997).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC