A Dolev-Yao-Based Definition of Abuse-Free Protocols

  • Detlef Kähler
  • Ralf Küsters
  • Thomas Wilke
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4052)


We propose a Dolev-Yao-based definition of abuse freeness for optimistic contract-signing protocols which, unlike other definitions, incorporates a rigorous notion of what it means for an outside party to be convinced by a dishonest party that it has the ability to determine the outcome of the protocol with an honest party, i.e., to determine whether it will obtain a valid contract itself or whether it will prevent the honest party from obtaining a valid contract. Our definition involves a new notion of test (inspired by static equivalence) which the outside party can perform. We show that an optimistic contract-signing protocol proposed by Asokan, Shoup, and Waidner is abusive and that a protocol by Garay, Jakobsson, and MacKenzie is abuse-free according to our definition. Our analysis is based on a synchronous concurrent model in which parties can receive several messages at the same time. This results in new vulnerabilities of the protocols depending on how a trusted third party reacts in case it receives abort and resolve requests at the same time.


Output Port Input Port Trusted Third Party Secure Channel External View 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 46–58. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile Values, New Names, and Secure Communication. In: POPL 2001, pp. 104–115. ACM Press, New York (2001)CrossRefGoogle Scholar
  3. 3.
    Asokan, N., Shoup, V., Waidner, M.: Asynchronous protocols for optimistic fair exchange. In: IEEE Symposium on Research in Security and Privacy, pp. 86–99 (1998)Google Scholar
  4. 4.
    Chadha, R., Kanovich, M.I., Scedrov, A.: Inductive methods and contract-signing protocols. In: CCS 2001, pp. 176–185. ACM Press, New York (2001)CrossRefGoogle Scholar
  5. 5.
    Chadha, R., Kremer, S., Scedrov, A.: Formal analysis of multi-party contract signing. In: CSFW 2004, pp. 266–279. IEEE Computer Society Press, Los Alamitos (2004)Google Scholar
  6. 6.
    Chadha, R., Mitchell, J.C., Scedrov, A., Shmatikov, V.: Contract Signing, Optimism, and Advantage. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 361–377. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Chevalier, Y., Rusinowitch, M.: Combining Intruder Theories. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 639–651. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Dolev, D., Yao, A.C.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Garay, J.A., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999)Google Scholar
  10. 10.
    Kähler, D., Küsters, R.: Th. In: Diekert, V., Durand, B. (eds.) STACS 2005. LNCS, vol. 3404, pp. 158–169. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Kähler, D., Küsters, R.: Th. Wilke. A Dolev-Yao-based Definition of Abus-free Protocols. Technical report, IFI 0607, CAU Kiel, Germany (2006), Available from
  12. 12.
    Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: CSFW 2002, pp. 206–220. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  13. 13.
    Shmatikov, V., Mitchell, J.C.: Finite-state analysis of two contract signing protocols. Theoretical Computer Science (TCS), special issue on Theoretical Foundations of Security Analysis and Design 283(2), 419–450 (2002)MATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Detlef Kähler
    • 1
  • Ralf Küsters
    • 1
  • Thomas Wilke
    • 1
  1. 1.Christian-Albrechts-Universität zu Kiel 

Personalised recommendations