近年來，網際網路的日益普及促使了電子商務的快速成長，有越來越多的商業行為必須仰賴網路的便捷性才能順利完成。但也由於網路的便捷，使得交易參與者之間可能並非熟識或者互相信賴，因此，確保交易之間的公平議題也就顯得越來越重要。

並存簽章系統 (Concurrent Signature Schemes) 的概念首先是由陳等人在2004年的歐洲密碼會議上所提出，這個概念希望藉由一種較為可行的方式以達到等同於早期公平電子交易協定的成果，但卻不用仰賴公正的第三方協助或是假設交易雙方擁有相同計算能力等級的設備。在提出這個只適用於兩個人使用的並存簽章系統之後，原作者們也很好奇這個新的概念是否可以被延伸到允許更多人一起使用。

Tonien 等人首先嘗試回答這個問題，但他們提出的系統卻隨即被謝等人指出並不符合並存簽章所需要的要件，謝等人也發表他們的系統。不幸的是，謝等人的系統也被黃等人發現有缺陷存在，黃等人更進一步的認為設計一個適用於多方參與的並存簽章是不太可能的 (Infecundity)。雖然謝等人的系統不是那麼的完善，但對我們的研究來說，仍然非常具有參考價值。在本論文中，我們重新審視了現有的系統並重新思考了適用於多方參與的相關要件。之後，我們根據謝等人的設計加以修改以提出能夠達到真正的公平性之系統，這也同時代表了設計適用於多方參與的並存簽章仍然是可行的。

最後，我們的系統不僅保留了謝等人系統的特性，也克服了黃等人所發現的缺陷。而且我們的系統不只可以達到更好的效能與公平性，同時也是我們認為目前最有效率的系統。

The increasing popularity of the Internet promotes the quick growth of electronic commerce in the recently years. More and more business transactions are accomplished through the Internet because of its convenience and efficiency. Therefore, issues of guaranteeing transactions fairness becomes important, especially when the transactors are mutually distrustful.

The concept of concurrent signatures aims to provide a practical solution to the fair exchange problem without relying on a trusted third party or the assumption of the same computing power between two transactors. After proposed the first concurrent signature, the authors were questioned about whether their notion can be extended to multi-party setting. Tonien et al. were the first ones who tried to answer the question. But Tonien et al.'s scheme was pointed out by Shieh et al. that it failed to achieve the concurrent notion and an alternative scheme was proposed. Unfortunately, a defect of Shieh et al.'s scheme was pointed out by Huang et al. by providing a strong while unproven claim of the infecundity of designing a multi-party concurrent signature.

Although Shieh et al.'s scheme is insufficient to be truly fair in the multi-party setting, it is still a good lesson to be learned for our research. This thesis analyses underlying schemes and reconsiders the design of multi-party concurrent signatures. After that, we proposed an improved scheme based on Shieh et al.'s design to achieve the required fairness requirement, which means that there is still possibility to design a concurrent signature for the multi-party setting. Our improved scheme is not only secure against the defect pointed out by Huang et al. but it also keeps all the features of Shieh et al.'s scheme. Furthermore, the proposed scheme achieves better performance and fairness. As a result, our scheme seems to be the most efficient concurrent signature scheme so far as we know.

Bibliography
[1] O. Goldreich, "A Simple Protocol for Signing Contracts," Advances in Cryptology - CRYPTO 1983, pp. 133-136, 1983.
[2] S. Even, O. Goldreich, and A. Lempel, "A Randomized Protocol for Signing Contracts," Communications of the ACM, Vol. 28, pp. 637-647, 1985.
[3] E.F. Brickell, D. Chaum, I.B. Damgard, and J. Graaf, "Gradual and Veriable Release of a Secret," Advances in Cryptology - CRYPTO 1987, Lecture Notes in Computer Science Vol. 293, pp. 156-166, 1988.
[4] R. Cleve, "Controlled Gradual Disclosure Schemes for Random Bits and Their Applications," Advances in Cryptology - CRYPTO 1989, Lecture Notes in Computer Science Vol. 435, pp.573-588, 1990.
[5] I.B. Damgard, "Practical and Provably Secure Release of a Secret and Exchange of Signatures," Advances in Cryptology - EUROCRYPT 1993, Lecture Notes in Computer Science Vol.765, pp. 200-217, 1994.
[6] D. Boneh and M. Naor, "Timed Commitments (Extended Abstract)," Advances in Cryptology - CRYPTO 2000, Lecture Notes in Computer Science Vol. 1880, pp. 236-254, 2000.
[7] M.K. Franklin and M.K. Reiter, "Fair Exchange with a Semi-trusted Third Party," Proc. of the 4th ACM Conference on Computer and Communications Security, pp. 1-5, 1997.
[8] M. Franklin and G. Tsudik, "Secure Group Barter: Multi-party Fair Exchange with Semi-trusted Neutral Parties," Financial Cryptography, Lecture Notes in Computer Science Vol. 1465, pp. 90-102, 1998.
[9] M. Abadi, N. Glew, B. Horne, and B. Pinkas, "Certied E-mail with a Light on-line Trusted Third Party: Design and Implementation," Proc. of the 11th International World Wide Web Conference, pp. 387-395, 2002.
[10] N. Asokan, V. Shoup, and M. Waidner, "Optimistic Fair Exchange of Digital Signatures," Advances in Cryptology - EUROCRYPT 1998, Lecture Notes in Computer Science Vol. 1403, pp.591-606, 1998.
[11] B. Ptzmann, M. Schunter, and M. Waidner, "Optimal Efficiency of Optimistic Contract Signing," Proc. of the 17th Annual ACM Symposium on Principles of Distributed Computing, pp. 113-122, 1998.
[12] J.A. Garay, M. Jakobsson, and P. MacKenzie, "Abuse-free Optimistic Contract Signing," Advances in Cryptology - CRYPTO 1999, Lecture Notes in Computer Science Vol. 1666, pp. 449-466, 1999.
[13] B. Baum-Waidner and M.Waidner, "Round-optimal and Abuse Free Optimistic Multi-party Contract Signing," Automata, Languages and Programming, Lecture Notes in Computer Science Vol. 1853, pp. 524-535, 2000.
[14] Y. Dodis and L. Reyzin, "Breaking and Repairing Optimistic Fair Exchange from PODC 2003," Proc. of the 3rd ACM Workshop on Digital Rights Management, pp. 47-54, 2003.
[15] J.M. Park, E.K.P. Chong, and H.J. Siegel, "Constructing Fair Exchange Protocols for E-commerce via Distributed Computation of RSA Signatures," Proc. of the 22nd Annual Symposium on Principles of Distributed Computing, pp. 172-181, 2003.
[16] L. Chen, C. Kudla, and K.G. Paterson, "Concurrent Signatures," Advances in Cryptology - EUROCRYPT 2004, Lecture Notes in Computer Science Vol. 3027, pp. 287-305, 2004.
[17] W. Susilo, Y. Mu, and F. Zhang, "Perfect Concurrent Signature Schemes," Information and Communications Security, Lecture Notes in Computer Science Vol. 3269, pp. 14-26, 2004.
[18] G. Wang, F. Bao, and J. Zhou, "The Fairness of Perfect Concurrent Signatures," Information and Communications Security, Lecture Notes in Computer Science Vol. 4307, pp. 435-451, 2006.
[19] Y. Li, D. He, and X. Lu, "Accountability of Perfect Concurrent Signature," 2008 International Conference on Computer and Electrical Engineering, pp.773-777, 2008
[20] K. Nguyen, "Asymmetric Concurrent Signatures," Information and Communications Security, Lecture Notes in Computer Science Vol. 3783, pp. 181-193, 2005.
[21] W. Susilo and Y. Mu, "Tripartite Concurrent Signatures," Security and Privacy in the Age of Ubiquitous Computing, IFIP Advances in Information and Communication Technology Vol. 181, pp. 425-441, 2005.
[22] D. Tonien, W. Susilo, and R. Safavi-Naini, "Multi-party Concurrent Signatures," Information Security, Lecture Notes in Computer Science Vol. 4176, pp.131-145, 2006.
[23] R.L. Rivest, A. Shamir, and Y. Tauman, "How to Leak a Secret," Advances in Cryptology - ASIACRYPT 2001, Lecture Notes in Computer Science Vol. 2248, pp. 552-565, 2001.
[24] M. Abe, M. Ohkubo, and K. Suzuki, "1-out-of-n Signatures from a Variety of Keys," Advances in Cryptology - ASIACRYPT 2002, Lecture Notes in Computer Science Vol. 2501, pp. 415-432, 2002.
[25] M. Jakobsson, K. Sako, and R. Impagliazzo, "Designated Verier Proofs and Their Applications," Advances in Cryptology - EUROCRYPT 1996, Lecture Notes in Computer Science Vol. 1070, pp. 143-154, 1996.
[26] H. Ge, Y. Sun, L. Gu, S. Zheng, and Y. Yang, "Improved Tripartite Concurrent Signature," 2010 2nd International Conference on Computer Technology and Development, pp. 586-590, 2010.
[27] Y.C. Chen and S.M. Yen, "Balanced Concurrent Signature," Proc. Information Security Conference 2006, pp. 25-32, 2006
[28] M. Klonowski, M. Kuty lowski, A. Lauks, and F. Zagorski, "Conditional Digital Signatures," Trust, Privacy, and Security in Digital Business, Lecture Notes in Computer Science Vol. 3592, pp. 206-215, 2005.
[29] H. Huang, H.C. Lin, and S.M. Yen, "On the Possibility of Constructing a Concurrent Signature Scheme from a Conditional Signature Scheme," Proc. Cryptology and Information Security Conference 2008, pp. 97-107, 2008.
[30] C.T. Shieh, H.C. Lin, and S.M. Yen, "Fair Multi-party Concurrent Signatures," Proc. Cryptology and Information Security Conference 2008, pp. 108-118, 2008.
[31] R.L. Rivest, A. Shamir, and L.M. Adleman, "A Method for Obtaining Digital Signatures and Public-key Cryptosystems," Communications of the ACM, Vol. 21, pp. 120-126, 1978.
[32] C.P. Schnorr, "Efficient Identication and Signatures for Smart Cards," Advances in Cryptology - CRYPTO 1989, Lecture Notes in Computer Science Vol. 435, pp. 239-252, 1990.
[33] H. Huang, H.C. Lin, and S.M. Yen, "On the Infecundity of Designing a Multi-party Concurrent Signature Scheme," Proc. Cryptology and Information Security Conference 2009, 2009.
[34] J. Camenisch, "Efficient and Generalized Group Signatures," Advances in Cryptology - EUROCRYPT 1997, Lecture Notes in Computer Science Vol. 1233, pp.465-479, 1998.
[35] T.H. Yuen, D.S. Wong, W. Susilo, and Q. Huang, "Concurrent Signatures with Fully Negotiable Binding Control," Provable Security, Lecture Notes in Computer Science Vol. 6980, pp. 170-187, 2011.
[36] X. Tan, Q. Huang, and D.S. Wong, "Extending Concurrent Signature to Multiple Parties," Theoretical Computer Science, Vol. 548, pp.54-67, 2014.
[37] G. Ateniese, "Efficient Veriable Encryption (and Fair Exchange) of Digital Signatures," Proc. of the 6th ACM Conference on Computer and Communications Security, pp. 138-146, 1999.