Skip to main content

Formal Analysis of Multiparty Contract Signing

Journal of Automated Reasoning volume 36pages 39–83 (2006)Cite this article

Abstract

We analyze the multiparty contract-signing protocols of Garay and MacKenzie (GM) and of Baum and Waidner (BW). We use a finite-state tool, Mocha, which allows specification of protocol properties in a branching-time temporal logic with game semantics. While our analysis does not reveal any errors in the BW protocol, in the GM protocol we discover serious problems with fairness for four signers and an oversight regarding abuse-freeness for three signers. We propose a complete revision of the GM subprotocols in order to restore fairness.

This is a preview of subscription content, access via your institution.

Access options

Buy single article

Instant access to the full article PDF.

USD 39.95

Price includes VAT (USA)
Tax calculation will be finalised during checkout.

References

  • Alur, R., Henzinger, T. A. and Kupferman, O. (1997) Alternating-time temporal logic, in 38th Annual Symposium on Foundations of Computer Science (FOCS ’97), pp. 100–109.

  • Asokan, N., Schunter, M. and Waidner, M. (1997) Optimistic protocols for fair exchange, in 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, pp. 7–17.

  • Backes, M., Pfitzmann, B. and Waidner, M. (2003) Reactively secure signature schemes, in 6th Information Security Conference (ISC), Vol. 2851 of Lecture Notes in Computer Science, pp. 84–95.

  • Baum-Waidner, B. and Waidner, M. (2000) Round-optimal and abuse free optimistic multi-party contract signing, in Automata, Languages and Programming – ICALP 2000, Vol. 1853 of Lecture Notes in Computer Science, Geneva, Switzerland, pp. 524–535.

  • Burk, H. and Pfitzmann, A. (1990) Value exchange systems enabling security and unobservability, in Computers and Security, 9(8), 715–721.

    Article  Google Scholar 

  • Chadha, R., Kanovich, M. and Scedrov, A. (2001) Inductive methods and contractsigning protocols, in 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, USA, pp. 176–185.

  • Chadha, R., Mitchell, J. C., Scedrov, A. and Shmatikov, V. (2003) Contract signing, optimism, and advantage, in R. M. Amadio and D. Lugiez (eds.) CONCUR 2003 – Concurrency Theory, Vol. 2761 of Lecture Notes in Computer Science, pp. 361–377.

  • Chadha, R., Kremer, S. and Scedrov A. (2004a) Formal analysis of multi-party fair exchange protocols, in 17th IEEE Computer Security Foundations Workshop, Asilomar, California, USA, pp. 266–279.

  • Chadha, R., Mitchell, J. C., Scedrov, A. and Shmatikov, V. (2005) Contract signing, optimism, and advantage, Journal of Logic and Algebraic Programming (Special issue on Modeling and Verification of Cryptographic Protocols) 64(2), 189–218.

    MATH  MathSciNet  Google Scholar 

  • Crow, J., Owre, S., Rushby, J., Shankar, N. and Srivas, M. (1995) A tutorial introduction to PVS, in Workshop on Industrial-Strength Formal Specification Techniques, Boca Raton, Florida.

  • Das, S. and Dill, D. L. (2001) Successive approximation of abstract transition relations, in Sixteenth Annual IEEE Symposium on Logic in Computer Science (LICS 01), pp. 51–60.

  • Even, S., and Yacobi, Y. (1980) Relations among Public Key Signature Systems, Technical Report 175, Technion, Haifa, Israel.

    Google Scholar 

  • Garay, J. A. and MacKenzie, P. D. (1999) Abuse-free multi-party contract signing, in P. Jayanti (ed.) International Symposium on Distributed Computing, Vol. 1693 of Lecture Notes in Computer Science, Bratislava, Slovak Republic, pp. 151–165.

    Google Scholar 

  • Garay, J. A., Jakobsson, M. and MacKenzie, P. D. (1999) Abuse-free optimistic contract signing, in M. J. Wiener (ed.) Advances in Cryptology – Crypto 1999, Vol. 1666 of Lecture Notes in Computer Science, pp. 449–466.

  • Gürgens, S. and Rudolph, C. (2003) Security analysis of (un-)fair non-repudiation protocols, in A. E. Abdallah, P. Ryan, and S. A. Schneider (eds.) Formal Aspects of Security, Vol. 2629 of Lecture Notes in Computer Science, London, UK, pp. 97–114.

  • Henzinger, T. A., Manjumdar, R., Mang, F. Y. and Raskin, J.-F. (2000) Abstract interpretation of game properties, in J. Palsberg (ed.), SAS 2000: International Symposium on Static Analysis, Vol. 1824 of Lecture Notes in Computer Science, Santa Barbara, California, USA, pp. 220–239.

  • Kremer, S., and Raskin, J.-F. (2002) Game analysis of abuse-free contract signing, in 15th IEEE Computer Security Foundations Workshop, Cape Breton, Canada.

    Google Scholar 

  • Nipkow, T., Paulson, L. C. and Wenzel, M. (2002) Sabelle/HOL – A Proof Assistant for Higher-order Logic, Vol. 2283 of Lecture Notes in Computer Science, Springer.

  • Shmatikov, V. and Mitchell, J. (2002) Finite-state analysis of two contract signing protocols, Theoretical Computer Science (Special Issue on Theoretical Foundations of Security Analysis and Design) 283(2), 419–450.

    MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Sussex, Sussex, UK

    Rohit Chadha

  2. Laboratoire Spécification et Vérification, CNRS, UMR 8643, INRIA Futurs Projet SECSI & École Normale Supérieure de Cachan, 61, avenue du Président Wilson, 94235, Cachan Cedex, France

    Steve Kremer

  3. University of Pennsylvania, Philadelphia, PA, USA

    Andre Scedrov

Authors
  1. Rohit Chadha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steve Kremer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andre Scedrov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steve Kremer.

Additional information

*Partially supported by the ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and by the NSF Grant CCR-0098096 and the EU Global Computing project “MIKADO”.

**This research was partially carried out while the author stayed at the University of Pennsylvania funded by the “Communauté Française de Belgique”. Partially supported by the ACI-SI Rossignol, the ACI JC 9005, and the RNTL project PROUVÉ 03V360.

†Partially supported by OSD/ONR CIP/SW URI “Software Quality and Infrastructure Protection for Diffuse Computing” through ONR Grant N00014-01-1-0795 and OSD/ONR CIP/SW URI “Trustworthy Infrastructure, Mechanisms, and Experimentation for Diffuse Computing” through ONR Grant N00014-04-1-0725. Additional support from NSF Grants CCR-0098096 and CNS-0429689.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Chadha, R., Kremer, S. & Scedrov, A. Formal Analysis of Multiparty Contract Signing. J Autom Reasoning 36, 39–83 (2006). https://doi.org/10.1007/s10817-005-9019-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-005-9019-5

Key words

  • multiparty contract signing
  • GM protocol