Constraint Solving for Contract-Signing Protocols

  • Detlef Kähler
  • Ralf Küsters
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3653)


Research on the automatic analysis of cryptographic protocols has so far mainly concentrated on reachability properties, such as secrecy and authentication. Only recently it was shown that certain game-theoretic security properties, such as balance for contract-signing protocols, are decidable in a Dolev-Yao style model with a bounded number of sessions but unbounded message size. However, this result does not provide a practical algorithm as it merely bounds the size of attacks. In this paper, we prove that game-theoretic security properties can be decided based on standard constraint solving procedures. In the past, these procedures have successfully been employed in implementations and tools for reachability properties. Our results thus pave the way for extending these tools and implementations to deal with game-theoretic security properties.


Constraint System Secure Channel Constraint Solver Symbolic State Symbolic Transition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amadio, R.M., Lugiez, D., Vanackere, V.: On the symbolic reduction of processes with cryptographic functions. Theoretical Computer Science 290(1), 695–740 (2002)CrossRefMathSciNetGoogle Scholar
  2. 2.
    Armando, A., Basin, D., Bouallagui, M., Chevalier, Y., Compagna, L., Mödersheim, S., Rusinowitch, M., Turuani, M., Viganò, L., Vigneron, L.: The AVISS Security Protocol Analysis Tool. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 349–353. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Asokan, N., Shoup, V., Waidner, M.: Asynchronous protocols for optimistic fair exchange. In: Security&Privacy 2002, pp. 86–99 (1998)Google Scholar
  4. 4.
    Basin, D., Mödersheim, S., Viganò, L.: An On-The-Fly Model-Checker for Security Protocol Analysis. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 253–270. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Chadha, R., Kanovich, M.I., Scedrov, A.: Inductive methods and contract-signing protocols. In: CCS 2001, pp. 176–185. ACM Press, New York (2001)CrossRefGoogle Scholar
  6. 6.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP Decision Procedure for Protocol Insecurity with XOR. In: LICS 2003, pp. 261–270. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  7. 7.
    Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: ASE 2001, pp. 373–376. IEEE CS Press, Los Alamitos (2001)Google Scholar
  8. 8.
    Drielsma, P.H., Mödersheim, S.: The ASW Protocol Revisited: A Unified View. In: ARSPA (2004)Google Scholar
  9. 9.
    Garay, J.A., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Kähler, D., Küsters, R.: A Constraint-Based Algorithm for Contract-Signing Protocols. Technical report, IFI 0503, CAU Kiel, Germany (2005), Available from:
  11. 11.
    Kähler, D., Küsters, R., Wilke, T.: Deciding Properties of Contract-Signing Protocols. In: Diekert, V., Durand, B. (eds.) STACS 2005. LNCS, vol. 3404, pp. 158–169. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: CSFW 2002, pp. 206–220. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  13. 13.
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: CCS 2001, pp. 166–175. ACM Press, New York (2001)CrossRefGoogle Scholar
  14. 14.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoretical Computer Science 299(1-3), 451–475 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Shmatikov, V., Mitchell, J.C.: Finite-state analysis of two contract signing protocols. Theoretical Computer Science 283(2), 419–450 (2002)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Detlef Kähler
    • 1
  • Ralf Küsters
    • 1
  1. 1.Institut für Informatik und Praktische MathematikChristian-Albrechts-Universität zu KielKielGermany

Personalised recommendations