Skip to main content
SpringerLink
Log in

Analysis of Probabilistic Contract Signing

  • Conference paper
Formal Aspects of Security (FASec 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2629))

Included in the following conference series:

Abstract

We consider the probabilistic contract signing protocol of Ben-Or, Goldreich, Micali, and Rivest as a case study in formal verification of probabilistic security protocols. Using the probabilistic model checker PRISM, we analyse the probabilistic fairness guarantees the protocol is intended to provide. Our study demonstrates the difficulty of combining fairness with timeliness in the context of probabilistic contract signing. If, as required by timeliness, the judge responds to participants’ messages immediately upon receiving them, then there exists a strategy for a misbehaving participant that brings the protocol to an unfair state with arbitrarily high probability, unless unusually strong assumptions are made about the quality of the communication channels between the judge and honest participants. We quantify the tradeoffs involved in the attack strategy, and discuss possible modifications of the protocol that ensure both fairness and timeliness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aldini, A., Gorrieri, R.: Security analysis of a probabilistic non-repudiation protocol. In: Hermanns, H., Segala, R. (eds.) PROBMIV 2002, PAPM-PROBMIV 2002, and PAPM 2002. LNCS, vol. 2399, pp. 17–36. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Alur, R., Henzinger, T.: Reactive modules. Formal Methods in System Design 15, 7–48 (1999)

    Article  Google Scholar 

  3. Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: Proc. 4th ACM Conference on Computer and Communications Security, pp. 7–17 (1997)

    Google Scholar 

  4. Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Selected Areas in Communications 18(4), 593–610 (2000)

    Article  Google Scholar 

  5. Baier, C., Kwiatkowska, M.: Model checking for a probabilistic branching time logic with fairness. Distributed Computing 11(3), 125–155 (1998)

    Article  Google Scholar 

  6. Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.: A fair protocol for signing contracts. IEEE Transactions on Information Theory 36(1), 40–46 (1990)

    Article  Google Scholar 

  7. Bianco, A., de Alfaro, L.: Model checking of probabilistic and nondeterministic systems. In: Thiagarajan, P.S. (ed.) FSTTCS 1995. LNCS, vol. 1026, pp. 499–513. Springer, Heidelberg (1995)

    Google Scholar 

  8. Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  9. Buttyán, L., Hubaux, J.-P.: Toward a formal model of fair exchange — a game theoretic approach. Technical Report SSC/1999/39, Swiss Federal Institute of Technology (EPFL), Lausanne, Switzerland (1999)

    Google Scholar 

  10. Buttyán, L., Hubaux, J.-P., Čapkun, S.: A formal analysis of Syverson’s rational exchange protocol. In: Proc. 15th IEEE Computer Security Foundations Workshop, pp. 193–205 (2002)

    Google Scholar 

  11. Chadha, R., Kanovich, M., Scedrov, A.: Inductive methods and contract-signing protocols. In: Proc. 8th ACM Conference on Computer and Communications Security, pp. 176–185 (2001)

    Google Scholar 

  12. Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. J. Cryptology 8(4), 201–222 (1995)

    Article  MATH  Google Scholar 

  13. Derman, C.: Finite-State Markovian Decision Processes. Academic Press, New York (1970)

    MATH  Google Scholar 

  14. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  15. Even, S.: A protocol for signing contracts. Technical Report 231, Computer Science Dept., Technion, Israel (1982)

    Google Scholar 

  16. Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)

    Article  MathSciNet  Google Scholar 

  17. Even, S., Yacobi, Y.: Relations among public key signature schemes. Technical Report 175, Computer Science Dept., Technion, Israel (1980)

    Google Scholar 

  18. Garay, J., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999)

    Google Scholar 

  19. Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)

    Article  MathSciNet  Google Scholar 

  20. Gray, J.: Toward a mathematical foundation for information flow security. J. Computer Security 1(3), 255–294 (1992)

    Google Scholar 

  21. Hansson, H., Jonsson, B.: A logic for reasoning about time and probability. Formal Aspects of Computing 6(5), 512–535 (1994)

    Article  MATH  Google Scholar 

  22. Kremer, S., Raskin, J.-F.: A game-based verification of non-repudiation and fair exchange protocols. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 551–565. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  23. Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: Proc. 15th IEEE Computer Security Foundations Workshop, pp. 206–220 (2002)

    Google Scholar 

  24. Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic symbolic model checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)

    Google Scholar 

  25. Lincoln, P., Mitchell, J., Mitchell, M., Scedrov, A.: Probabilistic polynomial-time equivalence and security analysis. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 776–793. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  26. Markowitch, O., Roggeman, Y.: Probabilistic non-repudiation without trusted third party. In: Proc. 2nd Conference on Security in Communication Networks (1999)

    Google Scholar 

  27. Micali, S.: Certified e-mail with invisible post offices. Presented at RSA Security Conference (1997)

    Google Scholar 

  28. PRISM web page, http://www.cs.bham.ac.uk/~dxp/prism/

  29. Shmatikov, V., Mitchell, J.: Finite-state analysis of two contract signing protocols. Theoretical Computer Science 283(2), 419–450 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  30. Syverson, P., Gray, J.: The epistemic representation of information flow security in probabilistic systems. In: Proc. 8th IEEE Computer Security Foundations Workshop, pp. 152–166 (1995)

    Google Scholar 

  31. Volpano, D., Smith, G.: Probabilistic non-interference in a concurrent language. In: Proc. 11th IEEE Computer Security Foundations Workshop, pp. 34–43 (1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science, University of Birmingham, Birmingham, B15 2TT, U.K.

    Gethin Norman

  2. SRI International, 333 Ravenswood Avenue, Menlo Park, CA, 94025, USA

    Vitaly Shmatikov

Authors
  1. Gethin Norman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vitaly Shmatikov
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of BCIM, Institute for Computing Research, London South Bank University, 103 Borough Road, SE1 0AA, London, UK

    Ali E. Abdallah

  2. University of Newcastle, UK

    Peter Ryan

  3. Department of Computing, University of Surrey,  

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Norman, G., Shmatikov, V. (2003). Analysis of Probabilistic Contract Signing. In: Abdallah, A.E., Ryan, P., Schneider, S. (eds) Formal Aspects of Security. FASec 2002. Lecture Notes in Computer Science, vol 2629. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40981-6_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-40981-6_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20693-4

  • Online ISBN: 978-3-540-40981-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation