Timed Commitments

@inproceedings{Boneh2000TimedC,
  title={Timed Commitments},
  author={Dan Boneh and Moni Naor},
  booktitle={Annual International Cryptology Conference},
  year={2000}
}
  • D. BonehM. Naor
  • Published in
    Annual International…
     20 August 2000
  • Computer Science
We introduce and construct timed commitment schemes, an extension to the standard notion of commitments in which a potential forced opening phase permits the receiver to recover (with effort) the committed value without the help of the committer. An important application of our timed-commitment scheme is contract signing: two mutually suspicious parties wish to exchange signatures on a contract. We show a two-party protocol that allows them to exchange RSA or Rabin signatures. The protocol is… 
View via Publisher
link.springer.com
250 Citations
Highly Influential Citations
19
Background Citations
121
Methods Citations
43
Results Citations
4

250 Citations

Efficient CCA Timed Commitments in Class Groups

This protocol is the first to simultaneously achieve high scalability in the number of participants, a transparent one-time setup, lightning speed in the optimistic case where all parties are honest, and ensure that the output random string is unpredictable and unbiased, even when the adversary corrupts parties.

Multi-Party Timed Commitments

By adapting Time Capsule, the Time-Capsule protocol is allowed to be used for Proof of Work, preventing frontrunning by system operators and tuning the puzzle difficulty using the blockchain mechanism.

An Efficient Gradual Release Homomorphic Timed Commitment

2003, Pinkas first introduced the gradual release timed commitment, which has important applications for signatures/secrets exchange protocol and fair multi-party computation protocol. 2006, Garay et

Optimistic Fair Exchange with Transparent Signature Recovery

A new protocol allowing the exchange of an item against a signature while assuring fairness is proposed, which assumes the existence of a trusted third party that is involved in the protocol only when one of the parties does not follow the designated protocol or some technical problem occurs during the execution of the protocol.

Fair Secure Two-Party Computation Extended Abstract

A transformation of Yao's protocol for two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely is demonstrated.

Fair Secure Two-Party Computation

We demonstrate a transformation of Yao's protocol for secure two-party computation to a fair protocol in which neither party gains any substantial advantage by terminating the protocol prematurely.

CommitCoin: Carbon Dating Commitments with Bitcoin

In the standard definition of a commitment scheme, the sender commits to a message and immediately sends the commitment to the recipient interested in it. However the sender may not always know at

Efficient Simultaneous Contract Signing

A novel and efficient protocol for contract signing based on a construction by Even, Goldreich, and Lempel is proposed, focusing on the reduction of on-line computational complexity of the protocol.

A formal analysis of exchange of digital signatures

This work study in detail the optimistic two-party signature exchange protocol of Garay, Jakobsson and MacKenzie using a game-theoretic framework and shows that no signer enjoys an advantage over an honest counterparty.

Fair Exchange of Short Signatures without Trusted Third Party

A new non-interactive zero-knowledge (NIZK) argument is used to prove that a commitment is the encryption of a bit vector.
...

37 References

A fair protocol for signing contracts

A new protocol is proposed that is fair in the sense that, at any stage in its execution, the conditional probability that one party cannot commit both parties to the contract given that the other party can, is close to zero.

Optimal efficiency of optimistic contract signing

Tight lower bounds on the message and round complexity of optimistic contract signing on synchronous and asynchronous networks are proved, and new and efficient protocols based on digital signatures which achieve provably optimal efficiency are presented.

Analysis of Abuse-Free Contract Signing

This work analyzes the abuse-free optimistic contract signing protocol of Garay, Jakobsson, and MacKenzie and discovers an attack in which negligence or corruption of the trusted third party may allow abuse or unfairness.

A randomized protocol for signing contracts

Randomized protocols for signing contracts, certified mail, and flipping a coin are presented and an implementation of the 1-out-of-2 oblivious transfer, using any public key cryptosystem, is presented.

Optimistic fair exchange of digital signatures

We present a new protocol that allows two players to exchange digital signatures over the Internet in a fair way, so that either each player gets the other's signature, or neither player does. The

Abuse-Free Optimistic Contract Signing

We introduce the notion of abuse-free distributed contract signing, that is, distributed contract signing in which no party ever can prove to a third party that he is capable of choosing whether to

Efficient verifiable encryption (and fair exchange) of digital signatures

New simple schemes for verifiable encryption of digital signatures for fair exchange protocols using a trusted third party but in an optimistic sense, i.e., the TTP takes part in the protocol only if one user cheats or simply crashes.

Zaps and their applications

  • C. DworkM. Naor
  • Computer Science, Mathematics
    Proceedings 41st Annual Symposium on Foundations of Computer Science
  • 2000
This work presents a zap for every language in NP, based on the existence of non-interactive zero-knowledge proofs in the shared random string model, and introduces and construct verifiable pseudo-random bit generators (VPRGs), and gives a complete existential characterization of both noninteractiveZero knowledge proofs and zaps in terms of approximate VPRGs.

Time-lock Puzzles and Timed-release Crypto

There are two natural approaches to implementing timed-release crypto: Use ``time-lock puzzles''--computational problems that can not be solved without running a computer continuously for at least a certain amount of time, and use trusted agents who promise not to reveal certain information until a specified date.

How to exchange (secret) keys

A protocol is presented whereby two adversaries may exchange secrets, although neither trusts the other, and it is shown how each of the two can prove, for each bit delivered, that the bit is good.