Author's personal copy Contract signature in e-commerce q Lein Harn a,⇑ , Chu-Hsing Lin b a Department of Computer Science Electrical Engineering, University of Missouri-Kansas City, United States b Department of Computer Science, Tunghai University, Taiwan article info Article history: Available online 19 February 2011 abstract In this paper, we propose a notion of contract signature used in e-commerce applications. We propose a contract signature scheme based on the discrete logarithm assumption. The contract signature scheme adopts a digital multi-signature scheme in public-key cryptog- raphy to facilitate fair signature exchange over network. This proposed solution allows multiple signers of a contract signature to exchange their partial signatures which are fully ambiguous for any third party (i.e., 1 out of 1 ambiguity) to construct a valid contract sig- nature. In case any signer releases the partial signature to others, the signer does not bind to the contract. Ó 2011 Elsevier Ltd. All rights reserved. 1. Introduction As we are rapidly heading into an era of computer communications, cryptographic protocols are pressingly needed to facilitate secure communication. Cryptographic digital signatures have been used to provide non-repudiation services, such as signing business contract. One category of multi-party protocols in the future can be the exchange of digital signatures. One of the most important concerns in exchange signatures is the unfair exchange, which occurs when one party obtains the signature of another party without giving out his own. The notion of fairness is well established in a traditional secret exchange, in which all parties involved obtain secrets simultaneously. However, in network environment, secrets are exchanged over a network that does not provide simulta- neously exchange of messages, and, therefore, adequate cryptographic protocols are needed to facilitate secrets exchange and guarantee fairness to all parties involved. Fair secret exchange protocols go as early as 1980s [1,2]. Earlier protocols are based on gradually exchange their secret bit-by-bit in an interleaving manner. This process continues until both of them have received and released all the bits; but only at the end of the protocol, both parties can discover that the received bits are real secrets and are not gibberish. In this paper, we propose a fair protocol to let multiple parties to interact with each other over network to construct a contract signature (i.e., we will define this term in Section 3). Our scheme adopts the digital multi-signature [3] in public- key cryptography to facilitate fair signature exchange. A contract signature is a special form of digital multi-signature that involves multiple signers. A protocol allows multiple parties to produce and exchange their ambiguous signatures which are fully ambiguous (i.e., 1 out of 1 ambiguity). The combination of these ambiguous signatures forms the contract signature. There is no ‘‘keystone’’ (i.e., a secret key used in the concurrent signature). In case anyone releases the contract signature to a verifier, all signers bind to the contract signature. 0045-7906/$ - see front matter Ó 2011 Elsevier Ltd. All rights reserved. doi:10.1016/j.compeleceng.2011.02.001 q Reviews processed and proposed for publication by Associate Editor Pro. N. Sklavos. ⇑ Corresponding author. Address: University of Missouri-Kansas City, Computer Science Electrical Engineering, 5100 Rockhill Rd., Kansas City, MO 64110, United States. Tel.: +1 816 235 2358; fax: +1 816 235 5159. E-mail address: harnl@umkc.edu (L. Harn). Computers and Electrical Engineering 37 (2011) 169–173 Contents lists available at ScienceDirect Computers and Electrical Engineering journal homepage: www.elsevier.com/locate/compeleceng