By Topic

Security Analysis of Two RSA-Based Fair Document Exchange Protocols

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
Zuhua Shao ; Zhejiang Univ. of Sci. & Technol., Hangzhou, China

In 2005, A. Nenadic N. Zhang and Q. Shi proposed a new cryptographic primitive, called Verifiable and Recoverable Encryption of Signature VRES. Based on RSA-based VRES, they presented two variant protocols RSA-CEMD1 and RSA-CEMD2 for certified e-mail delivery with RSA receipts. They claimed that the protocols provided strong fairness to ensure that the recipient receives the e-mail if and only if the sender receives the receipt. Later, N. Zhang, Q. Shi, M. Merabti, and R. Askwith presented a practical and efficient fair document exchange protocol based on a verifiable and recoverable encryption of keys that is somewhat similar to the VRES. In this paper, we find that the VRES scheme is universal forgeable. Anyone can generate the false VRES for any message without the knowledge of any private key of the sender, the recipient and the TTP. It follows that the two variant protocols RSA-CEMD1, RSA-CEMD2 are all insecure. Meanwhile, we show that the document exchange protocol is not fair since the verifiable and recoverable encryption of keys is not recoverable.

Published in:

Computer Science and Engineering, 2009. WCSE '09. Second International Workshop on  (Volume:1 )

Date of Conference:

28-30 Oct. 2009