Formal Analysis of a Fair Payment Protocol

  • Jan Cederquist
  • Muhammad Torabi Dashti
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 173)


We formally specify a payment protocol described in [Vogt et al., 2001]. This protocol is intended for fair exchange of time-sensitive data. Here the μCRL language is used to formalize the protocol. Fair exchange properties are expressed in the regular alternation-free μ-calculus. These properties are then verified using the finite state model checker from the CADP toolset. Proving fairness without resilient communication channels is impossible. We use the Dolev-Yao intruder, but since the conventional Dolev-Yao intruder violates this assumption, it is forced to comply to the resilient communication channel assumption.


Smart Card Label Transition System Liveness Property Fair Exchange Fairness Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [Asokan, 1998]
    Asokan, N. (1998). Fairness in electronic commerce. PhD thesis, University of Waterloo.Google Scholar
  2. [Bella and Paulson, 2001]
    Bella, G. and Paulson, L. C. (2001). Mechanical proofs about a non-repudiation protocol. In Boulton, R. J. and Jackson, P. B., editors, Theorem Proving in Higher Order Logics, 14th International Conference, TPHOLs 2001, volume 2152 of LNCS, pages 91–104. Springer-Verlag.Google Scholar
  3. [Blom et al., 2001]
    Blom, S., Fokkink, W., Groote, J. F., van Langevelde, I., Lisser, B., and van de Pol, J. (2001). μCRL: A toolset for analysing algebraic specifications. In Proceedings of the 13th International Conference on Computer Aided Verification, volume 2102 of LNCS, pages 250–254. Springer-Verlag.Google Scholar
  4. [Cederquist and Dashti, 2004]
    Cederquist, J. and Dashti, M. (2004). Formal analysis of a fair payment protocol. Technical Report SEN-R0410, Centrum voor Wiskunde en Informatica, Amsterdam, The Netherlands.Google Scholar
  5. [Cervesato, 2001]
    Cervesato, I. (2001). The Dolev-Yao Intruder is the Most Powerful Attacker. In Halpern, J., editor, 16th Annual Symposium on Logic in Computer Science-LICS'01, Boston, MA. IEEE Computer Society Press.Google Scholar
  6. [Dolev and Yao, 1983]
    Dolev, D. and Yao, A. C. (1983). On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2): 198–208.MathSciNetCrossRefGoogle Scholar
  7. [Fernandez et al., 1996]
    Fernandez, J.-C., Garavel, H., Kerbrat, A., Mateescu, R., Mounier, L., and Sighireanu, M. (1996). CADP: A protocol validation and verification toolbox. In Alur, R. and Henzinger, T. A., editors, Proceedings of the 8th Conference on Computer-Aided Verification, volume 1102 of LNCS, pages 437–440. Springer-Verlag.Google Scholar
  8. [Groote and Ponse, 1995]
    Groote, J. and Ponse, A. (1995). The syntax and semantics of μCRL. In Ponse, A., Verhoef, C., and van Vlijmen, S. F. M., editors, Algebra of Communicating Processes '94, Workshops in Computing Series, pages 26–62. Springer-Verlag.Google Scholar
  9. [Kremer and Raskin, 2001]
    Kremer, S. and Raskin, J. (2001). A game-based verification of non-repudiation and fair exchange protocols. In Larsen, K. and Nielsen, M., editors, Proceedings of the 12th International Conference on Concurrency Theory, volume 2154 of LNCS, pages 551–565. Springer-Verlag.Google Scholar
  10. [Mateescu, 2000]
    Mateescu, R. (2000). Efficient diagnostic generation for boolean equation systems. In Proceedings of 6th International Conference on Tools and Algorithms for the Construction and Analysis of Systems TACAS'2000, volume 1785 of LNCS, pages 251–265. Springer-Verlag.zbMATHGoogle Scholar
  11. [Pagnia and Gärtner, 1999]
    Pagnia, H. and Gärtner, F. C. (1999). On the impossibility of fair exchange without a trused third party. Technical Report TUD-BS-1999-02, Department of Computer Science, Darmstadt University of Technology.Google Scholar
  12. [Pagnia et al., 2003]
    Pagnia, H., Vogt, H., and Gärtner, F. C. (2003). Fair exchange. The Computer Journal, 46(1):55–7.CrossRefGoogle Scholar
  13. [Schneider, 1998]
    Schneider, S. (1998). Formal analysis of a non-repudiation protocol. In Proceedings of The 11th Computer Security Foundations Workshop, pages 54–65. IEEE Computer Society Press.Google Scholar
  14. [Shmatikov and Mitchell, 2002]
    Shmatikov, V. and Mitchell, J. C. (2002). Finitestate analysis of two contract signing protocols. Theoretical Computer Sciene, 283(2):419–450.MathSciNetCrossRefGoogle Scholar
  15. [Vogt et al., 2001]
    Vogt, H., Pagnia, H., and Gärtner, F. C. (2001). Using smart cards for fair exchange. In Electronic Commerce — WELCOM 2001, volume 2232 of LNCS, pages 101–113. Springer-Verlag.Google Scholar
  16. [Zhou and Gollmann, 1998]
    Zhou, J. and Gollmann, D. (1998). Towards verification of non-repudiation protocols. In International Refinement Workshop and Formal Methods Pacific '98: Proceedings of IRW/FMP '98, Discrete Mathematics and Theoretical Computer Science Series, pages 370–380. Springer-Verlag.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Jan Cederquist
    • 1
  • Muhammad Torabi Dashti
    • 1
  1. 1.CWIAmsterdamThe Netherlands

Personalised recommendations