RSA-based Verifiable and Recoverable Encryption of Signatures and its application in certified e-mail delivery

This paper presents two variant protocols RSA-CEMD1 and RDA-CEMD2 for certified e-mail delivery with RSA receipts. The protocols provide non-repudiation of origin and non-repudiation of receipt security services to protect communicating parties from each other's false denials that the e-mail message has been sent and received. The protocols also provide strong fairness to ensure that the recipient receives the e-mail if and only if the sender receives the receipt. Services of an off-line and transparent third party are invoked in the protocols only in exceptional circumstances, i.e., when the communicating parties fail to complete the e-mail for receipt exchange due to a network failure or a party's misbehaviour. Protocol RSA-CEMD1 also offers confidentiality protection for the e-mail message and the corresponding receipt from the third party, achieved at the cost of some additional computations. The protocols are based on a cryptographic primitive called Verifiable and Recoverable Encryption of a Signature (VRES). The novel design of the VRES allows efficiency improvements in comparison with the related certified e-mail delivery protocols based on similar primitives.