A Publicly Verifiable Optimistic Fair Exchange Protocol Using Decentralized CP-ABE

Abstract

Abstract Fair exchange is a challenging problem for two mutually distrusting players. It is widely known that fair exchange is impossible without a trusted third party (TTP). However, relying on a single TTP can cause a single-point failure. An intuitive idea is to adopt multiple TTPs to distribute trust. This paper constructs a two-party optimistic fair exchange (OFE) protocol using decentralized ciphertext-policy attribute-based encryption (CP-ABE), achieving decentralized TTPs. This is achievable because decentralized CP-ABE ciphertext supports a nested access control policy. A nested access control policy fits perfectly in a fair exchange protocol which contains multiple roles (i.e. players and TTPs). Further, we apply non-interactive zero knowledge proofs to prove the well-formedness of ciphertexts, so as to enforce players to follow the protocol specification honestly. Consequently, we construct an OFE protocol in which each player’s operations are publicly verifiable without revealing secret information. Also, we obtain decentralized TTPs with optimism (i.e. the TTPs are involved only when arbitration is required), autonomy (i.e. the TTPs do not need to interact with each other), statelessness (i.e. the TTPs do not need to store data for the exchange protocol) and verifiability (i.e. the TTPs are publicly verifiable). Compared with previous work, our protocol assumes only a public communication channel and each party’s operations are publicly verifiable. Besides, it achieves a favorable $O(n)$ verification complexity in the normal case, where $n$ is the number of TTPs. Finally, we present a proof-of-concept implementation to demonstrate the feasibility.