Abstract
Some cryptographic tasks, such as contract signing and other related tasks, need to ensure complex, branching time security properties. When defining such properties one needs to deal with subtle problems regarding the scheduling of non-deterministic decisions, the delivery of messages sent on resilient (non-adversarially controlled) channels, fair executions (executions where no party, both honest and dishonest, is unreasonably precluded to perform its actions), and defining strategies of adversaries against all possible non-deterministic choices of parties and arbitrary delivery of messages via resilient channels. These problems are typically not addressed in cryptographic models and these models therefore do not suffice to formalize branching time properties, such as those required of contract signing protocols.
In this paper, we develop a cryptographic model that deals with all of the above problems. One central feature of our model is a general definition of fair scheduling which not only formalizes fair scheduling of resilient channels but also fair scheduling of actions of honest and dishonest principals. Based on this model and the notion of fair scheduling, we provide a definition of a prominent branching time property of contract signing protocols, namely balance, and give the first cryptographic proof that the Asokan-Shoup-Waidner two-party contract signing protocol is balanced.
The first and third author were partly supported by ACI Jeunes Chercheurs JC9005 and ARA SSIA Formacrypt. The second author was supported by the SNF under Grant 200021-116596/1. The work described in this paper has been supported in part by the European Commission through the IST Programme under Contract IST-2002-507932 ECRYPT. The information in this document reflects only the author’s views, is provided as is and no guarantee or warranty is given that the information is fit for any particular purpose. The user thereof uses the information at its sole risk and liability.
Download conference paper PDF
References
Asokan, N., Shoup, V., Waidner, M.: Asynchronous protocols for optimistic fair exchange. In: S&P 1998, pp. 86–99. IEEE Computer Society Press, Los Alamitos (1998)
Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Journal on Selected Areas in Communications 18(4), 593–610 (2000)
Backes, M., Pfitzmann, B.: Computational probabilistic non-interference. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 1–23. Springer, Heidelberg (2002)
Backes, M., Pfitzmann, B., Waidner, M.: Secure Asynchronous Reactive Systems. Technical Report 082, Cryptology ePrint Archive (2004)
Backes, M., Datta, A., Derek, A., Mitchell, J.C., Turuani, M.: Compositional analysis of contract signing protocols. In: CSFW 2005, Washington, DC, USA, pp. 94–110. IEEE Computer Society Press, Los Alamitos (2005)
Backes, M., Hofheinz, D., Müller-Quade, J., Unruh, D.: On fairness in simulatability-based cryptographic systems. In: FMSE 2005, Preprint on IACR ePrint 2005/294, pp. 13–22 (September 2005)
Backes, M., Pfitzmann, B., Steiner, M., Waidner, M.: Polynomial fairness and liveness. In: CSFW 2002, pp. 160–169. IEEE Computer Society Press, Los Alamitos (2002)
Baum-Waidner, B., Waidner, M.: Round-optimal and abuse free optimistic multi-party contract signing. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853, pp. 524–535. Springer, Heidelberg (2000)
Canetti, R.: Universally Composable Security: A New Paradigm for Cryptographic Protocols. Technical report, Cryptology ePrint Archive (December 2005), online available at http://eprint.iacr.org/2000/067.ps
Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Time-bounded Task-PIOAs: A Framework for Analyzing Security Protocols. In: Dolev, S. (ed.) DISC 2006. LNCS, vol. 4167, pp. 238–253. Springer, Heidelberg (2006)
Chadha, R., Kanovich, M.I., Scedrov, A.: Inductive methods and contract-signing protocols. In: Samarati, P. (ed.) CCS 2001, pp. 176–185. ACM Press, New York (2001)
Chadha, R., Mitchell, J.C., Scedrov, A., Shmatikov, V.: Contract Signing, Optimism, and Advantage. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 361–377. Springer, Heidelberg (2003)
Cortier, V., Küsters, R., Warinschi, B.: A Cryptographic Model For Branching Time Security Properties — the Case of Contract Signing Protocols. Technical Report 251, Cryptology ePrint Archive (2007)
Datta, A., Küsters, R., Mitchell, J.C., Ramanathan, A.: On the Relationships Between Notions of Simulation-Based Security. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 476–494. Springer, Heidelberg (2005)
Garay, J.A., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999)
Hofheinz, D., Müller-Quade, J.: A synchronous model for multi-party computation and the incompleteness of oblivious transfer. In: FCS 2004 (2004)
Hofheinz, D., Müller-Quade, J., Unruh, D.: Polynomial Runtime in Simulatability Definitions. In: CSFW 2005, pp. 156–169. IEEE Computer Society Press, Los Alamitos (2005)
Hofheinz, D., Müller-Quade, J., Unruh, D.: A simple model of polynomial time UC. In: The ECRYPT Workshop on Models for Cryptographic Protocols – MCP 2006 (2006)
Kähler, D., Küsters, R.: Constraint Solving for Contract-Signing Protocols. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 233–247. Springer, Heidelberg (2005)
Kähler, D., Küsters, R., Wilke, T.: Deciding Properties of Contract-Signing Protocols. In: Diekert, V., Durand, B. (eds.) STACS 2005. LNCS, vol. 3404, pp. 158–169. Springer, Heidelberg (2005)
Kähler, D., Küsters, R., Wilke, T.: A Dolev-Yao-based Definition of Abuse-free Protocols. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 95–106. Springer, Heidelberg (2006)
Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: CSFW 2002, pp. 206–220. IEEE Computer Society Press, Los Alamitos (2002)
Kremer, S., Raskin, J.-F.: A game-based verification of non-repudiation and fair exchange protocols. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 551–565. Springer, Heidelberg (2001)
Küsters, R.: Simulation-Based Security with Inexhaustible Interactive Turing Machines. In: CSFW 2006, pp. 309–320. IEEE Computer Society Press, Los Alamitos (2006)
Shmatikov, V., Mitchell, J.C.: Finite-state analysis of two contract signing protocols. TCS 283(2), 419–450 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cortier, V., Küsters, R., Warinschi, B. (2007). A Cryptographic Model for Branching Time Security Properties – The Case of Contract Signing Protocols. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)