A P2P Market Place Based on Aggregate Signatures Dario Catalano 1 , Giancarlo Ruffo 2 , and Rossano Schifanella 2 1 ´ Ecole Normale Sup´ erieure, Paris, France 2 Dip. di Informatica - Universit` a di Torino, Italy Abstract. A peer-to-peer market place is likely to be based on some underlying micro-payment scheme where each user can act both as a customer and as a mer- chant. Such systems, even when designed for largely distributed domains, may be implemented according to hybrid topologies where trusted third intermedi- aries (e.g. the broker) are single points of failures. For this reason it is crucial that such central entities scale well w.r.t. the overall number of transactions. In this paper, we focus on PPay as a case study, to show how the broker would greatly benefit in terms of computational cost if aggregate signatures are adopted instead of RSA signatures. 1 Introduction Incentives and micro-payments can be used to stimulate the users [1] and to avoid the free-riding phenomenon [2], and they are largely used in practice, e.g., BitTorrent [3], EMule [4] and Mojo-Nation 1 . In particular, a micro-payment scheme is an interesting alternative to a differential service incentives, especially when a market place is layered on top of a p2p system. Current peer-to-peer micro-payment schemes use an hybrid topology, because some central units (e.g., the broker, the certification authority) are needed. For example, PPay [5] is based on the idea of “transferable coins”. Basically a tranferable coin allows a user to either cash it, by interacting with the broker, or to re-assign it to other peers. The second alternative has been introduced for fault toler- ance reasons, because when millions of transactions occur during a short time period, the broker is likely to be responsible of many concurrent, computationally expensive, operations (such as digital signature verifications and generations). Moreover, the bro- ker should be able to detect frauds (e.g. duplicate coins) and then it has to store all the information related to forged coins for future checkouts. For this reason coins should be kept on floating for a while, before the broker is asked to cash them. At the same time, digital coins should not (excessively) grow in size after each re-assignment. The choice of a coin re-assignment strategy that is scalable in terms of the overall number of transactions is thus of crucial importance: as the broker is a single point of failure, the best (in terms of both space and time) assigment strategy should be used in a practical market place. For example, FairPeers [6], a p2p application that allows profit and file sharing, uses PPay coins extensively, and the entire system would break down if the broker is overwhelmed by an inefficient strategy. 1 At the time of this writings the beta version of Mojo-Nation platform has been shut down by its creator Jim McCoy. He announced that another project will get the heritage. G. Chen et al. (Eds.): ISPA Workshops 2005, LNCS 3759, pp. 54–63, 2005. c  Springer-Verlag Berlin Heidelberg 2005