Topic
Trusted third party
About: Trusted third party is a research topic. Over the lifetime, 2919 publications have been published within this topic receiving 60935 citations.
Papers published on a yearly basis
Papers
More filters
Patent•
28 Aug 1995TL;DR: In this article, a process for using a trusted third party to create an electronic certificate for an electronic file that can be used to establish the file and verify the identity of the creator of the file is described.
Abstract: A process for using a trusted third party to create an electronic certificate for an electronic file that can be used to establish the file and verify the identity of the creator of the file. The process is composed of two phases, a registration phase and an electronic file distribution phase. In the registration phase, a trusted third party receives information about an author, including the author's public key and affirmatively verifies the accuracy of this information. In the file distribution phase, an author sends to the trusted third party a signed message containing the hash of the file the author wants to distribute. The trusted third party creates an electronic certificate, signed by the trusted third party, containing the hash of the file sent by the author. A user desiring to receive the file, retrieves the file with the certificate an uses the certificate to verifies, first, that the certificate was created by the trusted third party, and, second, that the hash of the file in the certificate is the same as the hash that is computed from the retrieved file. If these two hash's match, then the user is assured that the file did originate with the author and is uncorrupted.
248 citations
20 Mar 2018
TL;DR: Several common security patterns are elaborated, which can be applied by Solidity developers to mitigate typical attack scenarios and describe solutions to typical security issues.
Abstract: Smart contracts that build up on blockchain technologies are receiving great attention in new business applications and the scientific community, because they allow untrusted parties to manifest contract terms in program code and thus eliminate the need for a trusted third party. The creation process of writing well performing and secure contracts in Ethereum, which is today’s most prominent smart contract platform, is a difficult task. Research on this topic has only recently started in industry and science. Based on an analysis of collected data with Grounded Theory techniques, we have elaborated several common security patterns, which we describe in detail on the basis of Solidity, the dominating programming language for Ethereum. The presented patterns describe solutions to typical security issues and can be applied by Solidity developers to mitigate typical attack scenarios.
244 citations
16 Apr 2018
TL;DR: The first complete small-step semantics of EVM bytecode is presented, which is formalized in the F* proof assistant, obtaining executable code that is successfully validate against the official Ethereum test suite.
Abstract: Smart contracts are programs running on cryptocurrency (e.g., Ethereum) blockchains, whose popularity stem from the possibility to perform financial transactions, such as payments and auctions, in a distributed environment without need for any trusted third party. Given their financial nature, bugs or vulnerabilities in these programs may lead to catastrophic consequences, as witnessed by recent attacks. Unfortunately, programming smart contracts is a delicate task that requires strong expertise: Ethereum smart contracts are written in Solidity, a dedicated language resembling JavaScript, and shipped over the blockchain in the EVM bytecode format. In order to rigorously verify the security of smart contracts, it is of paramount importance to formalize their semantics as well as the security properties of interest, in particular at the level of the bytecode being executed.
236 citations
Patent•
29 Jul 2003TL;DR: In this article, a system for conducting an agreement between two parties relying on a trusted third party is presented, where a first party generates a first view of the agreement and transmits the first view to the third party.
Abstract: A system for conducting an agreement between two parties relying on a trusted a third party includes a first party generating a first view of the agreement and transmitting the first view of the agreement to the third party, a second party independently generating a second view of the agreement and transmitting the second view of the agreement to the third party, a wireless network connecting the first party and the second party, and a wired or wireless network connecting the second party to the third party. The trusted third party, receives the first view of the agreement and the second view of the agreement, verifies conditions including that the identities of the parties that transmitted the agreements and that the independent views of the agreement are consistent with each other, and takes action to execute the agreement if the conditions are satisfied.
235 citations
13 Jul 2004
TL;DR: This paper provides a generic secure construction of a certificateless signature and presents an extended construction whose trust level is the same as that of a traditional public key signature scheme.
Abstract: To provide the binding between a user and his public key, traditional digital signature schemes use certificates that are signed by a trusted third party. While Shamir’s identity-based signature scheme can dispense with certificates, the key escrow of a user’s private key is inherent in the identity-based signature scheme. In Asiacrypt 2003, a new digital signature paradigm called the certificateless signature was introduced. The certificateless signature eliminates the need for certificates and does not suffer from the inherent key escrow problem. In this paper, we provide a generic secure construction of a certificateless signature. We also present an extended construction whose trust level is the same as that of a traditional public key signature scheme.
229 citations