Fair Exchange Protocol

Question 1

Exchange must embody ____

Answer 1

Non-repudiation

Question 2

What is non-repudiation?

Answer 2

Protection against false denials and accusations.

Question 3

What are the 2 types of non-repudiation?

Answer 3

• NRO: Recipient of message M receives proof that originator of M has sent M
• NRR: Originator of M obtains proof that recipient has received M

Question 4

What is evidence?

Answer 4

• Information either by itself or in conjunction with other info constitutes proof about an event.

Question 5

What is a Trusted Third Party? (TTP)

Answer 5

An entity that ensures fairness in exchange protocols by mediating disputes

Question 6

What are the two types of TTP?

Answer 6

On-line and Off-line.

Question 7

What is the key difference between On-line TTP and Off-line TTP?

Answer 7

• On-line: Actively particpates
• Off-line: Only intervenes in case of disputes.

Question 8

Why do we use hash functions in fair exchange protocols?

Answer 8

To ensure message authenticity and integrity without having to reveal the message.

Question 9

What is the pseudocode of Protocol 1 for On-line fair exchange?

Answer 9

1. A -> TTP: Req
2. TTP -> A: L
3. A -> TTP: (L,A,B,M,EOO)
4. TTP -> B:(L,A,B,H(EOO))
5. B -> TTP: (L, EOR)
6. TTP -> B: (L,M,EOO)
7. TTP -> A: (L, EOR)

Question 10

What are the notations used in Fair Exchange protocols?

Answer 10

L: Label used to link all messages of given execution
Req: Request for L to send certified email
EOO: SigA(A,B,M) // Evidence of Origin
EOR: SigB(A,B, H(EOO) // Evidence of Receipt

Question 11

Describe the principle of Protocol 2 in On-line fair exchange protocols.

Answer 11

• A ‘locks’ M in Box1, and puts Key1 in Box2.
• Key1 is generated randomly
• Box2 is locked with TTPs public key
• A sends Box1, Box2 and H(M) to B
• B produces EOR on H(M) and sends it to TTP along with A’s Boxes.
• TTP opens Box1 and Box2. After checking B’s EOR, TTP sends K to B

Question 12

Write the pseudocode of protocol 2 in On-line fair exchange protocols.

Answer 12

1. A -> B: {A, B, TTP, H(M), eK(M, EOO), eVttp(K)}
2. B -> TTP: {A, B, TTP, H(M), eK(M, EOO), eVttp(K), EOR}
3. TTP -> B: K
4. TTP -> A: EOR

Question 13

What are the principles of Protocol 3?

Answer 13

• A generates random K only know to itself
• A sends B C = eK(M) and TTP K
• B sends EOR for C
• A sends K to TTP with EOO2 for K
• If EOO for K is correct:
  1. TTP sends to A an EOR2 for K
  2. TTP sends to B, K and EOO2

Question 14

What is the pseudocode for Protocol 3?

Answer 14

1. A -> B: (B, TTP, C, EOO1)
2. B -> A: (EOR1)
3. A -> TTP: (B, TTP, K, EOO2)
4. TTP -> B: (K, EOO2)
5. TTP -> A: (EOR2)

Question 15

What are the 3 parts of off-line fair exchange?

Answer 15

Exchange, Abort, Resolve

Question 16

Who can request an abort in Protocol 3?

Answer 16

The initiator

Question 17

What is the necessary condition to request a resolve in Protocol 3?

Answer 17

Show that S1* has been reached.