Exploring Fair Exchange Protocols Using Specification Animation

  • Colin Boyd
  • Peter Kearney
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1975)


Fair exchange protocols are a mechanism to ensure that items held by two parties are exchanged without one party gaining an advantage. Several such protocols have been proposed in recent years. We used the Possum animation tool to explore these protocols to examine whether they achieve their security goals. Our experiments revealed some new attacks and helped to gain other useful insights into various fair exchange protocols.


Security Protocol Generic Protocol Exchange Protocol Fair Exchange Insecure State 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    N. Asokan, Victor Shoup and Michael Waidner, “Asynchronous Protocols for Optimistic Fair Exchange”, IEEE Symposium on Security and Privacy, 1998, IEEE Computer Society Press, 1998. Corrected version available at
  2. 2.
    Holger Bürk and Andreas Pfitzmann, “Value Exchange Systems Enabling Security and Observability”, Computers and Security, 9, 8, pp.715–721, 1991.CrossRefGoogle Scholar
  3. 3.
    Josep Lluís Gomila, Llorenç Huguet i Rotger, “An Efficient Asynchronous Protocol for Optimistic Certified Electronic Mail”, CRYPTEC’99 Proceedings, City University of Hong Kong Press, 1999, pp.147–154.Google Scholar
  4. 4.
    Dan Hazel, Paul Strooper and Owen Traynor, “Possum: An animator for the Sum specification language”, Asia-Pacific Software Engineering Conference and International Computer Science Conference, IEEE Computer Society, 1997, pp.42–51.Google Scholar
  5. 5.
    Catherine Meadows,“Open Issues in Formal Methods for Cryptogra-phic Protocol Analysis”, Proceedings of DISCEX 2000, IEEE Computer Society Press, pp. 237–250, January, 2000. Also available at
  6. 6.
    B. Potter, J. Sinclair and D. Till, An Introduction to Formal Specification and Z, Prentice Hall, 1991.Google Scholar
  7. 7.
    S. Schneider, Formal Analysis of a Non-Repudiation Protocol, 11th IEEE Computer Security Foundations Workshop, 1998. Also available at
  8. 8.
    Owen Traynor, Peter Kearney, Ed Kazmierczak, Li Wang and Einar Karlsen, “Extending Z with Modules”, Australasian Computer Science Communications, 17, 1, pp.513–522, 1995.Google Scholar
  9. 9.
    J. Zhou and D. Gollman, “A Fair Non-Repudiation Protocol”, IEEE Symposium on Security and Privacy, pp.56–61, IEEE Computer Society Press, 1996.Google Scholar
  10. 10.
    J. Zhou and D. Gollman, “An Efficient Non-Repudiation Protocol”, IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, pp.126–132, 1997Google Scholar
  11. 11.
    J. Zhou and D. Gollmann, “Towards Verification of Non-repudiation Protocols”, Proceedings of 1998 International Refinement Workshop and Formal Methods Pacific, pp. 370–380, Canberra, Australia, September 1998, Springer. Also available at
  12. 12.
    Jianying Zhou, Robert Deng and Feng Bao, “Some Remarks on a Fair Exchange Protocol”, Public Key Cryptography 2000, Springer-Verlag, 2000, pp.46–57.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2000

Authors and Affiliations

  • Colin Boyd
    • 1
  • Peter Kearney
    • 2
  1. 1.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia
  2. 2.Software Verification Research CentreUniversity of QueenslandBrisbaneAustralia

Personalised recommendations