Abstract
Smart contracts are protocols that can automatically execute a transaction including an electronic contract when a condition is satisfied without a trusted third party. In a representative use-case, a smart contract is executed when multiple parties fairly trade on a blockchain asset. On blockchain systems, a smart contract can be regarded as a system participant, responding to the information received, receiving and storing values, and sending information and values outwards. Also, a smart contract can temporarily keep assets, and always perform operations in accordance with prior rules. Many cryptocurrencies have implemented smart contracts. At POST2018, Atzei et al. give formulations of seven fair exchange protocols using smart contract on Bitcoin: oracle, escrow, intermediated payment, timed commitment, micropayment channels, fair lotteries, and contingent payment. However, they only give an informal discussion on security.
In this paper, we verify the fairness of their seven protocols by using the formal verification tool ProVerif. As a result, we show that five protocols (the oracle, intermediated payment, timed commitment, micropayment channels and fair lotteries protocols) satisfy fairness, which were not proved formally. Also, we re-find known attacks to break fairness of two protocols (the escrow and contingent payment protocols). For the escrow protocol, we formalize the two-party scheme and the three-party scheme with an arbitrator, and show that the two-party scheme does not satisfy fairness as Atzei et al. showed. For the contingent payment protocol, we formalize the protocol with the non-interactive zero-knowledge proof (NIZK), and re-find the attack shown by Campanelli et al. at CCS 2017. Also, we show that a countermeasure with subversion NIZK against the attack works properly while it is not formally proved.
C. Shi—Presently with Panasonic Corporation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
CrowdFundDAO. https://live.ether.camp/account/9b37508b5f859682382d8cb6467a5c7fc5d02e9c/contract
DiceRoll. https://ropsten.etherscan.io/address/0xb95bbe8ee98a21b5ef7778ec1bb5910ea843f8f7
ISO/IEC 11770-2:2018 - IT Security techniques - Key management - Part 2: Mechanisms using symmetric techniques. https://www.iso.org/standard/73207.html
ISO/IEC 11770-3:2015 - Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques. https://www.iso.org/standard/60237.html
ProVerif 2.00. http://prosecco.gforge.inria.fr/personal/bblanche/proverif
StandardToken. https://git.io/vFAlg
Wallet. https://etherscan.io/address/0xab7c74abc0c4d48d1bdad5dcb26153fc8780f83e
Ammayappan, K.: Seamless interoperation of LTE-UMTS-GSM requires flawless UMTS and GSM. In: International Conference on Advanced Computing, Networking and Security, pp. 169–174 (2013)
Asadi, S., Shahhoseini, H.S.: Formal security analysis of authentication in SNMPv3 protocol by an automated tool. In: IST 2012, pp. 306–313 (2012)
Atzei, N., Bartoletti, M., Cimoli, T., Lande, S., Zunino, R.: SoK: unraveling bitcoin smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 217–242. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_9
Atzei, N., Bartoletti, M., Lande, S., Zunino, R.: A formal model of Bitcoin transactions. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 541–560. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_29
Backes, M., Dreier, J., Kremer, S., Künnemann, R.: A novel approach for reasoning about liveness in cryptographic protocols and its application to fair exchange. In: Euro S&P 2017, pp. 76–91 (2017)
Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. J. Comput. Secur. 21(6), 817–846 (2013)
Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26
Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: IEEE Symposium on Security and Privacy 2017, pp. 483–502 (2017)
Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: PLAS@CCS 2016, pp. 91–96 (2016)
Blanchet, B.: CryptoVerif: cryptographic protocol verifier in the computational model. https://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/
Bowe, S.: Pay-to-sudoku (2016). https://github.com/zcash/pay-to-sudoku
Bresciani, R., Butterfield, A.: ProVerif analysis of the ZRTP protocol. Int. J. Infonom. (IJI) 3(3), 1060–1064 (2010)
Campanelli, M., Gennaro, R., Goldfeder, S., Nizzardo, L.: Zero-knowledge contingent payments revisited: attacks and payments for services. In: ACM Conference on Computer and Communications Security 2017, pp. 229–243 (2017)
Cremers, C.: The Scyther Tool. https://people.cispa.io/cas.cremers/scyther/
Cremers, C.: Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_18
Cremers, C., Dehnel-Wild, M.: Component-based formal analysis of 5G-AKA: channel assumptions and session confusion. In: NDSS 2019 (2019)
Cremers, C., Dehnel-Wild, M., Milner, K.: Secure authentication in the grid: a formal analysis of DNP3: SAv5. J. Comput. Secur. 27(2), 203–232 (2019)
Cremers, C., Horvat, M.: Improving the ISO/IEC 11770 standard for key management techniques. Int. J. Inf. Secur. 15(6), 659–673 (2015). https://doi.org/10.1007/s10207-015-0306-9
Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: CCS 2017, pp. 1773–1788 (2017)
Garbinato, B., Rickebusch, I.: Impossibility results on fair exchange. In: IICS 2010, pp. 507–518 (2010)
Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)
Ben Henda, N., Norrman, K.: Formal analysis of security procedures in LTE - a feasibility study. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 341–361. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_17
Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS 2018 (2018)
Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: Euro S&P 2017, pp. 435–450 (2017)
Lu, J., Zhang, J., Li, J., Wan, Z., Meng, B.: Automatic verification of security of OpenID connect protocol with ProVerif. 3PGCIC 2016. LNDECT, vol. 1, pp. 209–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49109-7_20
Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: ACM Conference on Computer and Communications Security 2016, pp. 254–269 (2016)
Maxwell, G.: Zero knowledge contingent payment (2011). https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment
Sakurada, H., Yoneyama, K., Hanatani, Y., Yoshida, M.: Analyzing and fixing the QACCE security of QUIC. In: Chen, L., McGrew, D., Mitchell, C. (eds.) SSR 2016. LNCS, vol. 10074, pp. 1–31. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49100-4_1
Schmidt, B., Meier, S., Cremers, C., Basin, D.: Tamarin prover. http://tamarin-prover.github.io/
Szabo, N.: Formalizing and securing relationships on public networks. First Monday, 1 September (1997). http://firstmonday.org/ojs/index.php/fm/article/view/548/469
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Shi, C., Yoneyama, K. (2020). Formal Verification of Fair Exchange Based on Bitcoin Smart Contracts. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds) Progress in Cryptology – INDOCRYPT 2020. INDOCRYPT 2020. Lecture Notes in Computer Science(), vol 12578. Springer, Cham. https://doi.org/10.1007/978-3-030-65277-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-65277-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65276-0
Online ISBN: 978-3-030-65277-7
eBook Packages: Computer ScienceComputer Science (R0)