Abstract
Many cryptographic protocols are intended to coordinate state changes among principals. Exchange protocols, for instance, coordinate delivery of new values to the participants, i.e. additions to the set of values they possess. An exchange protocol is fair if it ensures that delivery of new values is balanced: If one participant obtains a new possession via the protocol, then all other participants will, too. Understanding this balanced coordination of different principals in a distributed system requires relating (long-term) state to (short-term) protocol activities. Fair exchange also requires progress assumptions. In this paper we adapt the strand space framework to protocols, such as fair exchange, that coordinate state changes. We regard the state as a multiset of facts, and we allow protocol actions to cause local changes in this state via multiset rewriting. Second, progress assumptions stipulate that some channels are resilient—and guaranteed to deliver messages—and some principals will not stop at critical steps. Our proofs of correctness cleanly separate protocol properties, such as authentication and confidentiality, from properties about progress and state evolution. G. Wang’s recent fair exchange protocol illustrates the approach.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE J. Sel. Areas Commun. 18(4), 593–610 (2000)
Ateniese, G.: Efficient verifiable encryption (and fair exchange) of digital signatures. In: CCS ’99: Proceedings of the 6th ACM Conference on Computer and Communications Security, pp. 138–146. ACM, New York (1999)
Cederquist, J., Dashti, M.T., Mauw, S.: A certified email protocol using key chains. In: Advanced Information Networking and Applications Workshops/Symposia (AINA’07). Symposium on Security in Networks and Distributed Systems (SSNDS07), vol. 1, pp. 525–530. IEEE CS Press (2007)
Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: Proceedings, 12th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press (1999)
Chadha, R., Mitchell, J.C., Scedrov, A., Shmatikov, V.: Contract signing, optimism, and advantage. In: Concur—Concurrency Theory. LNCS, pp. 366–382. Springer (2003)
Dashti, M.T.: Keeping fairness alive. PhD thesis, Vrije Universiteit, Amsterdam (2007)
Doghmi, S.F., Guttman, J.D., Thayer, F.J.: Searching for shapes in cryptographic protocols. In: Tools and Algorithms for Construction and Analysis of Systems (TACAS). LNCS, no. 4424, pp. 523–538. Springer (2007)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12(2), 247–311 (2004). (Initial version appeared in Workshop on Formal Methods and Security Protocols, 1999)
Even, S., Yacobi, Y.: Relations among public key signature systems. Technical Report 175, Computer Science Department, Technion (1980)
Farmer, W.M., Guttman, J.D., Thayer, F.J.: imps: an interactive mathematical proof system. J. Autom. Reason. 11, 213–248 (1993)
Garay, J.A., Jakobsson, M., MacKenzie, P.D.: Abuse-free optimistic contract signing. In: CRYPTO ’99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology, pp. 449–466. Springer, London (1999)
Guttman, J.D.: Cryptographic protocol composition via the authentication tests. In: de Alfaro, L. (ed.) Foundations of Software Science and Computation Structures (FOSSACS). LNCS, no. 5504, pp. 303–317. Springer (2009)
Guttman, J.D.: Security theorems via model theory. In: Fröschle, S., Gorla, D. (eds.) EXPRESS: Expressiveness in Concurrency. Electronic Proceedings in Theoretical Computer Science (EPTCS), vol. 8.5 (2009). http://cgi.cse.unsw.edu.au/~rvg/eptcs/content.cgi?EXPRESS2009.
Guttman, J.D., Herzog, J.C., Ramsdell, J.D., Sniffen, B.T.: Programming cryptographic protocols. In: De Nicola, R., Sangiorgi, D. (eds.) Trust in Global Computing. LNCS, no. 3705, pp. 116–145. Springer (2005)
Guttman, J.D., Thayer, F.J.: Authentication tests and the structure of bundles. Theor. Comp. Sci. 283(2), 333–380 (2002). (Conference version appeared in IEEE Symposium on Security and Privacy, May 2000)
Klay, F., Vigneron, L.: Automatic methods for analyzing non-repudiation protocols with an active intruder. In: Degano, P., Guttman, J.D., Martinelli, F. (eds.) Formal Aspects in Security and Trust, 5th International Workshop, FAST 2008, Malaga, Spain, 9–10 October 2008, Revised selected papers. Lecture Notes in Computer Science, vol. 5491, pp. 192–209. Springer (2009)
Pfitzmann, B., Schunter, M., Waidner, M.: Optimal efficiency of optimistic contract signing. In: Seventeenth Annual ACM Symposium on Principles of Distributed Computing, pp. 113–122. ACM, New York (1998)
Rabin, M.: How to exchange secrets by oblivious transfer. Technical report, Technical Report TR-81, Harvard Aiken Computation Laboratory (1981) Available at http://eprint.iacr.org/2005/187.
Segall, A., Guttman, J.: A strand space/multiset rewriting model of TPM commands. MTR 080181, The MITRE Corporation, Bedford, MA (2008)
Wang, G.: Generic non-repudiation protocols supporting transparent off-line TTP. J. Comput. Secur. 14(5), 441–467 (2006)
Author information
Authors and Affiliations
Corresponding author
Additional information
Funded in part by MITRE-Sponsored Research, and in part by National Science Foundation grant number CNS-0952287.
Rights and permissions
About this article
Cite this article
Guttman, J.D. State and Progress in Strand Spaces: Proving Fair Exchange. J Autom Reasoning 48, 159–195 (2012). https://doi.org/10.1007/s10817-010-9202-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-010-9202-1