Journal of Automated Reasoning

, Volume 36, Issue 1–2, pp 39–83 | Cite as

Formal Analysis of Multiparty Contract Signing

Article

Abstract

We analyze the multiparty contract-signing protocols of Garay and MacKenzie (GM) and of Baum and Waidner (BW). We use a finite-state tool, Mocha, which allows specification of protocol properties in a branching-time temporal logic with game semantics. While our analysis does not reveal any errors in the BW protocol, in the GM protocol we discover serious problems with fairness for four signers and an oversight regarding abuse-freeness for three signers. We propose a complete revision of the GM subprotocols in order to restore fairness.

Key words

multiparty contract signing GM protocol 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alur, R., Henzinger, T. A. and Kupferman, O. (1997) Alternating-time temporal logic, in 38th Annual Symposium on Foundations of Computer Science (FOCS ’97), pp. 100–109.Google Scholar
  2. Asokan, N., Schunter, M. and Waidner, M. (1997) Optimistic protocols for fair exchange, in 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, pp. 7–17.Google Scholar
  3. Backes, M., Pfitzmann, B. and Waidner, M. (2003) Reactively secure signature schemes, in 6th Information Security Conference (ISC), Vol. 2851 of Lecture Notes in Computer Science, pp. 84–95.Google Scholar
  4. Baum-Waidner, B. and Waidner, M. (2000) Round-optimal and abuse free optimistic multi-party contract signing, in Automata, Languages and Programming – ICALP 2000, Vol. 1853 of Lecture Notes in Computer Science, Geneva, Switzerland, pp. 524–535.Google Scholar
  5. Burk, H. and Pfitzmann, A. (1990) Value exchange systems enabling security and unobservability, in Computers and Security, 9(8), 715–721.CrossRefGoogle Scholar
  6. Chadha, R., Kanovich, M. and Scedrov, A. (2001) Inductive methods and contractsigning protocols, in 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, USA, pp. 176–185.Google Scholar
  7. Chadha, R., Mitchell, J. C., Scedrov, A. and Shmatikov, V. (2003) Contract signing, optimism, and advantage, in R. M. Amadio and D. Lugiez (eds.) CONCUR 2003 – Concurrency Theory, Vol. 2761 of Lecture Notes in Computer Science, pp. 361–377.Google Scholar
  8. Chadha, R., Kremer, S. and Scedrov A. (2004a) Formal analysis of multi-party fair exchange protocols, in 17th IEEE Computer Security Foundations Workshop, Asilomar, California, USA, pp. 266–279.Google Scholar
  9. Chadha, R., Mitchell, J. C., Scedrov, A. and Shmatikov, V. (2005) Contract signing, optimism, and advantage, Journal of Logic and Algebraic Programming (Special issue on Modeling and Verification of Cryptographic Protocols) 64(2), 189–218.MATHMathSciNetGoogle Scholar
  10. Crow, J., Owre, S., Rushby, J., Shankar, N. and Srivas, M. (1995) A tutorial introduction to PVS, in Workshop on Industrial-Strength Formal Specification Techniques, Boca Raton, Florida.Google Scholar
  11. Das, S. and Dill, D. L. (2001) Successive approximation of abstract transition relations, in Sixteenth Annual IEEE Symposium on Logic in Computer Science (LICS 01), pp. 51–60.Google Scholar
  12. Even, S., and Yacobi, Y. (1980) Relations among Public Key Signature Systems, Technical Report 175, Technion, Haifa, Israel.Google Scholar
  13. Garay, J. A. and MacKenzie, P. D. (1999) Abuse-free multi-party contract signing, in P. Jayanti (ed.) International Symposium on Distributed Computing, Vol. 1693 of Lecture Notes in Computer Science, Bratislava, Slovak Republic, pp. 151–165.Google Scholar
  14. Garay, J. A., Jakobsson, M. and MacKenzie, P. D. (1999) Abuse-free optimistic contract signing, in M. J. Wiener (ed.) Advances in Cryptology – Crypto 1999, Vol. 1666 of Lecture Notes in Computer Science, pp. 449–466.Google Scholar
  15. Gürgens, S. and Rudolph, C. (2003) Security analysis of (un-)fair non-repudiation protocols, in A. E. Abdallah, P. Ryan, and S. A. Schneider (eds.) Formal Aspects of Security, Vol. 2629 of Lecture Notes in Computer Science, London, UK, pp. 97–114.Google Scholar
  16. Henzinger, T. A., Manjumdar, R., Mang, F. Y. and Raskin, J.-F. (2000) Abstract interpretation of game properties, in J. Palsberg (ed.), SAS 2000: International Symposium on Static Analysis, Vol. 1824 of Lecture Notes in Computer Science, Santa Barbara, California, USA, pp. 220–239.Google Scholar
  17. Kremer, S., and Raskin, J.-F. (2002) Game analysis of abuse-free contract signing, in 15th IEEE Computer Security Foundations Workshop, Cape Breton, Canada.Google Scholar
  18. Nipkow, T., Paulson, L. C. and Wenzel, M. (2002) Sabelle/HOL – A Proof Assistant for Higher-order Logic, Vol. 2283 of Lecture Notes in Computer Science, Springer.Google Scholar
  19. Shmatikov, V. and Mitchell, J. (2002) Finite-state analysis of two contract signing protocols, Theoretical Computer Science (Special Issue on Theoretical Foundations of Security Analysis and Design) 283(2), 419–450.MATHMathSciNetGoogle Scholar

Copyright information

© Springer Science+Business Media, Inc. 2006

Authors and Affiliations

  1. 1.University of SussexSussexUK
  2. 2.Laboratoire Spécification et VérificationCNRS, UMR 8643, INRIA Futurs Projet SECSI & École Normale Supérieure de CachanCachan CedexFrance
  3. 3.University of PennsylvaniaPhiladelphiaUSA

Personalised recommendations