Analysis and improvement of fair certified e-mail delivery protocol

摘要

Recently, Nenadic et al. proposed a novel fair exchange protocol RSA-CEMD [A. Nenadi6, N. Zhang, S. Barton. Fair certified e-mail delivery, Proceedings of the 9th ACM Symposium on Applied Computing (SAC 2004)-Computer Security Track, Nicosia, Cyprus, pp. 391-396, 2004] for certified e-mail delivery with an off-line and transparent trusted third party. The protocol provides non-repudiation of origin and non-repudiation of receipt security service to protect communicating parties from each other's false denials that the e-mail has been sent and received. In this paper, we show that Nenadic's protocol cannot achieve the claimed fairness. In the exchange protocol, the receiver can cheat the sender successfully by sending an invalid verifiable and recoverable encryption of signature (VRES) which can pass all the sender's verifications, as the VRES scheme proposed in [A. Nenadi6, N. Zhang, S. Barton. Fair certified e-mail delivery, Proceedings of the 9th ACM Symposium on Applied Computing (SAC 2004)-Computer Security Track, Nicosia, Cyprus, pp. 391-396, 2004] is inherently unrecoverable in some situations. In other words, there is always that the receiver can get the sender's e-mail message while the sender cannot obtain receiver's receipt. Furthermore, we propose a revised version of certified e-mail delivery protocol that preserves strong fairness while remaining optimistic.