Abstract
We analyze the multiparty contract-signing protocols of Garay and MacKenzie (GM) and of Baum and Waidner (BW). We use a finite-state tool, Mocha, which allows specification of protocol properties in a branching-time temporal logic with game semantics. While our analysis does not reveal any errors in the BW protocol, in the GM protocol we discover serious problems with fairness for four signers and an oversight regarding abuse-freeness for three signers. We propose a complete revision of the GM subprotocols in order to restore fairness.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Alur, R., Henzinger, T. A. and Kupferman, O. (1997) Alternating-time temporal logic, in 38th Annual Symposium on Foundations of Computer Science (FOCS ’97), pp. 100–109.
Asokan, N., Schunter, M. and Waidner, M. (1997) Optimistic protocols for fair exchange, in 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, pp. 7–17.
Backes, M., Pfitzmann, B. and Waidner, M. (2003) Reactively secure signature schemes, in 6th Information Security Conference (ISC), Vol. 2851 of Lecture Notes in Computer Science, pp. 84–95.
Baum-Waidner, B. and Waidner, M. (2000) Round-optimal and abuse free optimistic multi-party contract signing, in Automata, Languages and Programming – ICALP 2000, Vol. 1853 of Lecture Notes in Computer Science, Geneva, Switzerland, pp. 524–535.
Burk, H. and Pfitzmann, A. (1990) Value exchange systems enabling security and unobservability, in Computers and Security, 9(8), 715–721.
Chadha, R., Kanovich, M. and Scedrov, A. (2001) Inductive methods and contractsigning protocols, in 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, USA, pp. 176–185.
Chadha, R., Mitchell, J. C., Scedrov, A. and Shmatikov, V. (2003) Contract signing, optimism, and advantage, in R. M. Amadio and D. Lugiez (eds.) CONCUR 2003 – Concurrency Theory, Vol. 2761 of Lecture Notes in Computer Science, pp. 361–377.
Chadha, R., Kremer, S. and Scedrov A. (2004a) Formal analysis of multi-party fair exchange protocols, in 17th IEEE Computer Security Foundations Workshop, Asilomar, California, USA, pp. 266–279.
Chadha, R., Mitchell, J. C., Scedrov, A. and Shmatikov, V. (2005) Contract signing, optimism, and advantage, Journal of Logic and Algebraic Programming (Special issue on Modeling and Verification of Cryptographic Protocols) 64(2), 189–218.
Crow, J., Owre, S., Rushby, J., Shankar, N. and Srivas, M. (1995) A tutorial introduction to PVS, in Workshop on Industrial-Strength Formal Specification Techniques, Boca Raton, Florida.
Das, S. and Dill, D. L. (2001) Successive approximation of abstract transition relations, in Sixteenth Annual IEEE Symposium on Logic in Computer Science (LICS 01), pp. 51–60.
Even, S., and Yacobi, Y. (1980) Relations among Public Key Signature Systems, Technical Report 175, Technion, Haifa, Israel.
Garay, J. A. and MacKenzie, P. D. (1999) Abuse-free multi-party contract signing, in P. Jayanti (ed.) International Symposium on Distributed Computing, Vol. 1693 of Lecture Notes in Computer Science, Bratislava, Slovak Republic, pp. 151–165.
Garay, J. A., Jakobsson, M. and MacKenzie, P. D. (1999) Abuse-free optimistic contract signing, in M. J. Wiener (ed.) Advances in Cryptology – Crypto 1999, Vol. 1666 of Lecture Notes in Computer Science, pp. 449–466.
Gürgens, S. and Rudolph, C. (2003) Security analysis of (un-)fair non-repudiation protocols, in A. E. Abdallah, P. Ryan, and S. A. Schneider (eds.) Formal Aspects of Security, Vol. 2629 of Lecture Notes in Computer Science, London, UK, pp. 97–114.
Henzinger, T. A., Manjumdar, R., Mang, F. Y. and Raskin, J.-F. (2000) Abstract interpretation of game properties, in J. Palsberg (ed.), SAS 2000: International Symposium on Static Analysis, Vol. 1824 of Lecture Notes in Computer Science, Santa Barbara, California, USA, pp. 220–239.
Kremer, S., and Raskin, J.-F. (2002) Game analysis of abuse-free contract signing, in 15th IEEE Computer Security Foundations Workshop, Cape Breton, Canada.
Nipkow, T., Paulson, L. C. and Wenzel, M. (2002) Sabelle/HOL – A Proof Assistant for Higher-order Logic, Vol. 2283 of Lecture Notes in Computer Science, Springer.
Shmatikov, V. and Mitchell, J. (2002) Finite-state analysis of two contract signing protocols, Theoretical Computer Science (Special Issue on Theoretical Foundations of Security Analysis and Design) 283(2), 419–450.
Author information
Authors and Affiliations
Corresponding author
Additional information
*Partially supported by the ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and by the NSF Grant CCR-0098096 and the EU Global Computing project “MIKADO”.
**This research was partially carried out while the author stayed at the University of Pennsylvania funded by the “Communauté Française de Belgique”. Partially supported by the ACI-SI Rossignol, the ACI JC 9005, and the RNTL project PROUVÉ 03V360.
†Partially supported by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and OSD/ONR CIP/SW URI “Trustworthy Infrastructure, Mechanisms, and Experimentation for Diffuse Computing” through ONR Grant N00014-04-1-0725. Additional support from NSF Grants CCR-0098096 and CNS-0429689.
Rights and permissions
About this article
Cite this article
Chadha, R., Kremer, S. & Scedrov, A. Formal Analysis of Multiparty Contract Signing. J Autom Reasoning 36, 39–83 (2006). https://doi.org/10.1007/s10817-005-9019-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-005-9019-5