{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T03:41:08Z","timestamp":1769830868367,"version":"3.49.0"},"reference-count":44,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"1","license":[{"start":{"date-parts":[[2021,11,20]],"date-time":"2021-11-20T00:00:00Z","timestamp":1637366400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,1,1]]},"abstract":"Abstract<\/jats:title>Fair exchange protocols are among the most important cryptographic primitives in electronic commerce. A basic fair exchange protocol requires that two parties who want to exchange their digital items either receive what they have been promised, or lose nothing. Privacy of fair exchange requires that no one else (other than the two parties) learns anything about the items. Fairness and privacy have been considered as two distinct properties of an exchange protocol. In this paper, we show that subtle ways of leaking the exchange item to the third parties affect fairness in fair exchange protocols when the item is confidential. Our focus is on Fair-Swap, a recently proposed fair exchange protocol that uses a smart contract for dispute resolution, has proven security in UC (Universal Composability) framework, and provides privacy when both parties are honest. We demonstrate, however, that FairSwap\u2019s dispute resolution protocol leaks information to the public and this leakage provides opportunities for the dishonest parties to influence the protocol\u2019s fairness guarantee. We then propose an efficient privacy-enhanced version of Fair-Swap, prove its security and give an implementation and performance evaluation of our proposed system. Our privacy enhancement uses circuit randomization, and we prove its security and privacy in an extension of universal composability model for non-monolithic adversaries that would be of independent interest.<\/jats:p>","DOI":"10.2478\/popets-2022-0021","type":"journal-article","created":{"date-parts":[[2021,11,21]],"date-time":"2021-11-21T02:41:52Z","timestamp":1637462512000},"page":"417-439","source":"Crossref","is-referenced-by-count":5,"title":["Privacy-preserving FairSwap: Fairness and privacy interplay"],"prefix":"10.56553","volume":"2022","author":[{"given":"Sepideh","family":"Avizheh","sequence":"first","affiliation":[{"name":"University of Calgary , AB , Canada"}]},{"given":"Preston","family":"Haffey","sequence":"additional","affiliation":[{"name":"University of Calgary , AB , Canada"}]},{"given":"Reihaneh","family":"Safavi-Naini","sequence":"additional","affiliation":[{"name":"University of Calgary , AB , Canada"}]}],"member":"35752","published-online":{"date-parts":[[2021,11,20]]},"reference":[{"key":"2022062314363715477_j_popets-2022-0021_ref_001","unstructured":"[1] Allan Poe, E.: The raven. http:\/\/www.gutenberg.org\/cache\/epub\/17192\/pg17192.txt (1845)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_002","doi-asserted-by":"crossref","unstructured":"[2] Alper, H.K., K\u00fcp\u00e7\u00fc, A.: Optimally efficient multi-party fair exchange and fair secure multi-party computation. In: Cryptographers Track at the RSA Conference. pp. 330\u2013349. Springer (2015)10.1007\/978-3-319-16715-2_18","DOI":"10.1007\/978-3-319-16715-2_18"},{"key":"2022062314363715477_j_popets-2022-0021_ref_003","doi-asserted-by":"crossref","unstructured":"[3] Alper, H.K., K\u00fcp\u00e7\u00fc, A.: Coin-based multi-party fair exchange. In: International Conference on Applied Cryptography and Network Security. pp. 130\u2013160. Springer (2021)10.1007\/978-3-030-78372-3_6","DOI":"10.1007\/978-3-030-78372-3_6"},{"key":"2022062314363715477_j_popets-2022-0021_ref_004","doi-asserted-by":"crossref","unstructured":"[4] Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy. pp. 443\u2013458. IEEE (2014)10.1109\/SP.2014.35","DOI":"10.1109\/SP.2014.35"},{"key":"2022062314363715477_j_popets-2022-0021_ref_005","doi-asserted-by":"crossref","unstructured":"[5] Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for multi-party fair exchange (1996)10.1145\/266420.266426","DOI":"10.1145\/266420.266426"},{"key":"2022062314363715477_j_popets-2022-0021_ref_006","doi-asserted-by":"crossref","unstructured":"[6] Asokan, N., Shoup, V., Waidner, M.: Asynchronous protocols for optimistic fair exchange. In: Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No. 98CB36186). pp. 86\u201399. IEEE (1998)","DOI":"10.1109\/SECPRI.1998.674826"},{"key":"2022062314363715477_j_popets-2022-0021_ref_007","doi-asserted-by":"crossref","unstructured":"[7] Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. In: International Conference on the Theory and Applications of Cryptographic Techniques. pp. 591\u2013606. Springer (1998)10.1007\/BFb0054156","DOI":"10.1007\/BFb0054156"},{"key":"2022062314363715477_j_popets-2022-0021_ref_008","doi-asserted-by":"crossref","unstructured":"[8] Avoine, G., G\u00e4rtner, F., Guerraoui, R., Vukoli\u0107, M.: Gracefully degrading fair exchange with security modules. In: European Dependable Computing Conference. pp. 55\u201371. Springer (2005)10.1007\/11408901_5","DOI":"10.1007\/11408901_5"},{"key":"2022062314363715477_j_popets-2022-0021_ref_009","doi-asserted-by":"crossref","unstructured":"[9] Avoine, G., Vaudenay, S.: Fair exchange with guardian angels. In: International Workshop on Information Security Applications. pp. 188\u2013202. Springer (2003)10.1007\/978-3-540-24591-9_15","DOI":"10.1007\/978-3-540-24591-9_15"},{"key":"2022062314363715477_j_popets-2022-0021_ref_010","doi-asserted-by":"crossref","unstructured":"[10] Avoine, G., Vaudenay, S.: Optimistic fair exchange based on publicly verifiable secret sharing. In: Australasian Conference on Information Security and Privacy. pp. 74\u201385. Springer (2004)10.1007\/978-3-540-27800-9_7","DOI":"10.1007\/978-3-540-27800-9_7"},{"key":"2022062314363715477_j_popets-2022-0021_ref_011","doi-asserted-by":"crossref","unstructured":"[11] Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Transactions on Information Theory 36(1), 40\u201346 (1990)10.1109\/18.50372","DOI":"10.1109\/18.50372"},{"key":"2022062314363715477_j_popets-2022-0021_ref_012","doi-asserted-by":"crossref","unstructured":"[12] Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Annual Cryptology Conference. pp. 421\u2013439. Springer (2014)10.1007\/978-3-662-44381-1_24","DOI":"10.1007\/978-3-662-44381-1_24"},{"key":"2022062314363715477_j_popets-2022-0021_ref_013","doi-asserted-by":"crossref","unstructured":"[13] Brickell, E.F., Chaum, D., Damg\u00e5rd, I.B., van de Graaf, J.: Gradual and verifiable release of a secret. In: Conference on the Theory and Application of Cryptographic Techniques. pp. 156\u2013166. Springer (1987)10.1007\/3-540-48184-2_11","DOI":"10.1007\/3-540-48184-2_11"},{"key":"2022062314363715477_j_popets-2022-0021_ref_014","doi-asserted-by":"crossref","unstructured":"[14] Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Annual International Cryptology Conference. pp. 93\u2013111. Springer (2000)10.1007\/3-540-44598-6_6","DOI":"10.1007\/3-540-44598-6_6"},{"key":"2022062314363715477_j_popets-2022-0021_ref_015","doi-asserted-by":"crossref","unstructured":"[15] Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The wonderful world of global random oracles. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 280\u2013312. Springer (2018)10.1007\/978-3-319-78381-9_11","DOI":"10.1007\/978-3-319-78381-9_11"},{"key":"2022062314363715477_j_popets-2022-0021_ref_016","doi-asserted-by":"crossref","unstructured":"[16] Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science. pp. 136\u2013145. IEEE (2001)10.1109\/SFCS.2001.959888","DOI":"10.1109\/SFCS.2001.959888"},{"key":"2022062314363715477_j_popets-2022-0021_ref_017","doi-asserted-by":"crossref","unstructured":"[17] Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Theory of Cryptography Conference. pp. 61\u201385. Springer (2007)10.1007\/978-3-540-70936-7_4","DOI":"10.1007\/978-3-540-70936-7_4"},{"key":"2022062314363715477_j_popets-2022-0021_ref_018","doi-asserted-by":"crossref","unstructured":"[18] Carter, J.L., Wegman, M.N.: Universal classes of hash functions. Journal of computer and system sciences 18(2), 143\u2013154 (1979)10.1016\/0022-0000(79)90044-8","DOI":"10.1016\/0022-0000(79)90044-8"},{"key":"2022062314363715477_j_popets-2022-0021_ref_019","doi-asserted-by":"crossref","unstructured":"[19] Choudhuri, A.R., Green, M., Jain, A., Kaptchuk, G., Miers, I.: Fairness in an unfair world: Fair multiparty computation from public bulletin boards. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. pp. 719\u2013728 (2017)10.1145\/3133956.3134092","DOI":"10.1145\/3133956.3134092"},{"key":"2022062314363715477_j_popets-2022-0021_ref_020","doi-asserted-by":"crossref","unstructured":"[20] Cleve, R.: Limits on the security of coin flips when half the processors are faulty. In: Proceedings of the eighteenth annual ACM symposium on Theory of computing. pp. 364\u2013369 (1986)10.1145\/12130.12168","DOI":"10.1145\/12130.12168"},{"key":"2022062314363715477_j_popets-2022-0021_ref_021","doi-asserted-by":"crossref","unstructured":"[21] Cleve, R.: Controlled gradual disclosure schemes for random bits and their applications. In: Conference on the Theory and Application of Cryptology. pp. 573\u2013588. Springer (1989)10.1007\/0-387-34805-0_50","DOI":"10.1007\/0-387-34805-0_50"},{"key":"2022062314363715477_j_popets-2022-0021_ref_022","doi-asserted-by":"crossref","unstructured":"[22] Cummings, R., Gupta, V., Kimpara, D., Morgenstern, J.: On the compatibility of privacy and fairness. In: Adjunct Publication of the 27th Conference on User Modeling, Adaptation and Personalization. pp. 309\u2013315 (2019)10.1145\/3314183.3323847","DOI":"10.1145\/3314183.3323847"},{"key":"2022062314363715477_j_popets-2022-0021_ref_023","doi-asserted-by":"crossref","unstructured":"[23] Dwork, C., Hardt, M., Pitassi, T., Reingold, O., Zemel, R.: Fairness through awareness. In: Proceedings of the 3rd innovations in theoretical computer science conference. pp. 214\u2013226 (2012)10.1145\/2090236.2090255","DOI":"10.1145\/2090236.2090255"},{"key":"2022062314363715477_j_popets-2022-0021_ref_024","doi-asserted-by":"crossref","unstructured":"[24] Dziembowski, S., Eckey, L., Faust, S.: Fairswap: How to fairly exchange digital goods. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. pp. 967\u2013984. ACM (2018)10.1145\/3243734.3243857","DOI":"10.1145\/3243734.3243857"},{"key":"2022062314363715477_j_popets-2022-0021_ref_025","doi-asserted-by":"crossref","unstructured":"[25] Eckey, L., Faust, S., Schlosser, B.: Optiswap: Fast optimistic fair exchange. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security. pp. 543\u2013557 (2020)10.1145\/3320269.3384749","DOI":"10.1145\/3320269.3384749"},{"key":"2022062314363715477_j_popets-2022-0021_ref_026","unstructured":"[26] Ekstrand, M.D., Joshaghani, R., Mehrpouyan, H.: Privacy for all: Ensuring fair and equitable privacy protections. In: Conference on Fairness, Accountability and Transparency. pp. 35\u201347 (2018)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_027","doi-asserted-by":"crossref","unstructured":"[27] Garay, J.A., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Annual International Cryptology Conference. pp. 449\u2013466. Springer (1999)10.1007\/3-540-48405-1_29","DOI":"10.1007\/3-540-48405-1_29"},{"key":"2022062314363715477_j_popets-2022-0021_ref_028","doi-asserted-by":"crossref","unstructured":"[28] Garbinato, B., Rickebusch, I.: A modular solution to fair exchange for peer-to-peer middleware. In: workshop in Sintra. p. 51 (2006)","DOI":"10.1145\/1180367.1180375"},{"key":"2022062314363715477_j_popets-2022-0021_ref_029","unstructured":"[29] Garbinato, B., Rickebusch, I.: Impossibility results on fair exchange. 10th International Conferenceon Innovative Internet Community Systems (I2CS)\u2013Jubilee Edition 2010\u2013 (2010)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_030","unstructured":"[30] Garbinato, B., Rickebusch, I.: Secure multiparty computation vs. fair exchange-bridging the gap. In: SAFECOMP 2013-Workshop ASCoMS (Architecting Safety in Collaborative Mobile Systems) of the 32nd International Conference on Computer Safety, Reliability and Security. Matthieu Roy (2013)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_031","unstructured":"[31] Hearn, M.: msr-vc\/pinocchio. https:\/\/github.com\/corda\/msr-vc\/tree\/master\/pinocchio (2017)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_032","doi-asserted-by":"crossref","unstructured":"[32] Huang, Q., Wong, D.S., Susilo, W.: P 2 ofe: Privacy-preserving optimistic fair exchange of digital signatures. In: Cryptographers\u2019 Track at the RSA Conference. pp. 367\u2013384. Springer (2014)10.1007\/978-3-319-04852-9_19","DOI":"10.1007\/978-3-319-04852-9_19"},{"key":"2022062314363715477_j_popets-2022-0021_ref_033","doi-asserted-by":"crossref","unstructured":"[33] Huang, Q., Yang, G., Wong, D.S., Susilo, W.: Ambiguous optimistic fair exchange. In: International Conference on the Theory and Application of Cryptology and Information Security. pp. 74\u201389. Springer (2008)10.1007\/978-3-540-89255-7_6","DOI":"10.1007\/978-3-540-89255-7_6"},{"key":"2022062314363715477_j_popets-2022-0021_ref_034","doi-asserted-by":"crossref","unstructured":"[34] Ishai, Y., Sahai, A., Wagner, D.: Private circuits: Securing hardware against probing attacks. In: Annual International Cryptology Conference. pp. 463\u2013481. Springer (2003)10.1007\/978-3-540-45146-4_27","DOI":"10.1007\/978-3-540-45146-4_27"},{"key":"2022062314363715477_j_popets-2022-0021_ref_035","unstructured":"[35] Kamara, S., Mohassel, P., Raykova, M.: Outsourcing multi-party computation. IACR Cryptol. Eprint Arch. 2011, 272 (2011)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_036","doi-asserted-by":"crossref","unstructured":"[36] Kiayias, A., Zhou, H.S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques. pp. 705\u2013734. Springer (2016)10.1007\/978-3-662-49896-5_25","DOI":"10.1007\/978-3-662-49896-5_25"},{"key":"2022062314363715477_j_popets-2022-0021_ref_037","doi-asserted-by":"crossref","unstructured":"[37] Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE symposium on security and privacy (SP). pp. 839\u2013858. IEEE (2016)10.1109\/SP.2016.55","DOI":"10.1109\/SP.2016.55"},{"key":"2022062314363715477_j_popets-2022-0021_ref_038","doi-asserted-by":"crossref","unstructured":"[38] Kumaresan, R., Bentov, I.: Amortizing secure computation with penalties. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. pp. 418\u2013429 (2016)10.1145\/2976749.2978424","DOI":"10.1145\/2976749.2978424"},{"key":"2022062314363715477_j_popets-2022-0021_ref_039","doi-asserted-by":"crossref","unstructured":"[39] Kumaresan, R., Vaikuntanathan, V., Vasudevan, P.N.: Improvements to secure computation with penalties. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. pp. 406\u2013417 (2016)10.1145\/2976749.2978421","DOI":"10.1145\/2976749.2978421"},{"key":"2022062314363715477_j_popets-2022-0021_ref_040","doi-asserted-by":"crossref","unstructured":"[40] Liu, J., Li, W., Karame, G.O., Asokan, N.: Toward fairness of cryptocurrency payments. IEEE Security & Privacy 16(3), 81\u201389 (2018)10.1109\/MSP.2018.2701163","DOI":"10.1109\/MSP.2018.2701163"},{"key":"2022062314363715477_j_popets-2022-0021_ref_041","doi-asserted-by":"crossref","unstructured":"[41] Merkle, R.C.: One way hash functions and des. In: Bras-sard, G. (ed.) Advances in Cryptology \u2014 CRYPTO\u2019 89 Proceedings. pp. 428\u2013446. Springer New York, New York, NY (1990)10.1007\/0-387-34805-0_40","DOI":"10.1007\/0-387-34805-0_40"},{"key":"2022062314363715477_j_popets-2022-0021_ref_042","unstructured":"[42] Pagnia, H., G\u00e4rtner, F.C.: On the impossibility of fair exchange without a trusted third party. Tech. rep., Technical Report TUD-BS-1999-02, Darmstadt University of Technology (1999)"},{"key":"2022062314363715477_j_popets-2022-0021_ref_043","doi-asserted-by":"crossref","unstructured":"[43] Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: Nearly practical verifiable computation. In: 2013 IEEE Symposium on Security and Privacy. pp. 238\u2013252. IEEE (2013)10.1109\/SP.2013.47","DOI":"10.1109\/SP.2013.47"},{"key":"2022062314363715477_j_popets-2022-0021_ref_044","doi-asserted-by":"crossref","unstructured":"[44] Zhao, Y., Qin, Z.g.: An optimistic protocol for distributed fair exchange. In: 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing. pp. 395\u2013399. IEEE (2012)10.1109\/IMIS.2012.196","DOI":"10.1109\/IMIS.2012.196"}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2022-0021","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,12]],"date-time":"2024-09-12T19:15:10Z","timestamp":1726168510000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2022\/popets-2022-0021.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,11,20]]},"references-count":44,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2021,11,20]]},"published-print":{"date-parts":[[2022,1,1]]}},"alternative-id":["10.2478\/popets-2022-0021"],"URL":"https:\/\/doi.org\/10.2478\/popets-2022-0021","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,11,20]]}}}