Analysis of a Multi-party Fair Exchange Protocol and Formal Proof of Correctness in the Strand Space Model

  • Aybek Mukhamedov
  • Steve Kremer
  • Eike Ritter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3570)


A multi-party fair exchange protocol is a cryptographic protocol allowing several parties to exchange commodities in such a way that everyone gives an item away if and only if it receives an item in return. In this paper we discuss a multi-party fair exchange protocol originally proposed by Franklin and Tsudik, and subsequently shown to have flaws and fixed by González and Markowitch. We identify flaws in the fixed version of the protocol, propose a corrected version, and give a formal proof of correctness in the strand space model.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asokan, N., Baum-Waidner, B., Schunter, M., Waidner, M.: Optimistic synchronous multi-party contract signing. Research Report RZ 3089, IBM Research Division (December 1998)Google Scholar
  2. 2.
    Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for multi-party fair exchange. Research Report RZ 2892 (# 90840), IBM Research (December 1996)Google Scholar
  3. 3.
    Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland, April 1997. ACM Press, New York (1997)Google Scholar
  4. 4.
    Bao, F., Deng, R.H., Nguyen, K.Q., Varadharajan, V.: Multi-party fair exchange with an off-line trusted neutral party. In: DEXA 1999 Workshop on Electronic Commerce and Security, Florence, Italy, (September 1999)Google Scholar
  5. 5.
    Baum-Waidner, B.: Optimistic asynchronous multi-party contract signing with reduced number of rounds. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 898–911. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Baum-Waidner, B., Waidner, M.: Round-optimal and abuse free optimistic multi-party contract signing. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 524–535. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Bürk, H., Pfitzmann, A.: Value exchange systems enabling security and unobservability. Computers and Security 9(8), 715–721 (1990)CrossRefGoogle Scholar
  8. 8.
    Chadha, R., Kanovich, M., Scedrov, A.: Inductive methods and contract-signing protocols. In: 8th ACM Conference on Computer and Communications Security, Philadelphia, PA, USA, November 2001. ACM Press, New York (2001)Google Scholar
  9. 9.
    Chadha, R., Kremer, S., Scedrov, A.: Formal analysis of multi-party fair exchange protocols. In: Focardi, R. (ed.) 17th IEEE Computer Security Foundations Workshop, Asilomar, CA, USA, June 2004, pp. 266–279. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  10. 10.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Even, S., Yacobi, Y.: Relations among public key signature systems. Technical Report 175, Technion, Haifa, Israel (March 1980)Google Scholar
  12. 12.
    Franklin, M.K., Tsudik, G.: Secure group barter: Multi-party fair exchange with semi-trusted neutral parties. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 90–102. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  13. 13.
    Garay, J.A., MacKenzie, P.D.: Abuse-free multi-party contract signing. In: Jayanti, P. (ed.) DISC 1999. LNCS, vol. 1693, pp. 151–166. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    González-Deleito, N., Markowitch, O.: Exclusion-freeness in multi-party exchange protocols. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 200–209. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Kremer, S., Markowitch, O.: Fair multi-party non-repudiation. International Journal on Information Security 1(4), 223–235 (2003)CrossRefGoogle Scholar
  16. 16.
    Kremer, S., Raskin, J.-F.: A game-based verification of non-repudiation and fair exchange protocols. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 551–565. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Onieva, J., Zhou, J., Carbonell, M., Lopez, J.: A multi-party non-repudiation protocol for exchange of different messages. In: 18th IFIP International Information Security Conference, Athens, Greece, May 2003. Kluwer, Dordrecht (2003)Google Scholar
  18. 18.
    Pereira, O., Quisquater, J.-J.: Generic insecurity of cliques-type authenticated group key agreement protocols. In: Focardi, R. (ed.) 17th IEEE Computer Security Foundations Workshop, Asilomar, CA, USA, June 2004, pp. 16–29. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  19. 19.
    Schneider, S.A.: Formal analysis of a non-repudiation protocol. In: 11th IEEE Computer Security Foundations Workshop, Washington, Brussels, Tokyo, June 1998, pp. 54–65. IEEE, Los Alamitos (1998)Google Scholar
  20. 20.
    Shmatikov, V., Mitchell, J.: Finite-state analysis of two contract signing protocols. Theoretical Computer Science, special issue on Theoretical Foundations of Security Analysis and Design 283(2), 419–450 (2002)MATHMathSciNetGoogle Scholar
  21. 21.
    Javier Thayer Fabrega, F., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2/3), 191–230 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Aybek Mukhamedov
    • 1
  • Steve Kremer
    • 2
  • Eike Ritter
    • 1
  1. 1.School of Computer ScienceUniversity of BirminghamUK
  2. 2.Laboratoire Spécification et VérificationCNRS UMR 8643 & INRIA Futurs projet SECSI & ENS CachanFrance

Personalised recommendations