Skip to main content
SpringerLink
Log in

Formal Verification of Fair Exchange Based on Bitcoin Smart Contracts

  • Conference paper
  • First Online:
Progress in Cryptology – INDOCRYPT 2020 (INDOCRYPT 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12578))

Included in the following conference series:

Abstract

Smart contracts are protocols that can automatically execute a transaction including an electronic contract when a condition is satisfied without a trusted third party. In a representative use-case, a smart contract is executed when multiple parties fairly trade on a blockchain asset. On blockchain systems, a smart contract can be regarded as a system participant, responding to the information received, receiving and storing values, and sending information and values outwards. Also, a smart contract can temporarily keep assets, and always perform operations in accordance with prior rules. Many cryptocurrencies have implemented smart contracts. At POST2018, Atzei et al. give formulations of seven fair exchange protocols using smart contract on Bitcoin: oracle, escrow, intermediated payment, timed commitment, micropayment channels, fair lotteries, and contingent payment. However, they only give an informal discussion on security.

In this paper, we verify the fairness of their seven protocols by using the formal verification tool ProVerif. As a result, we show that five protocols (the oracle, intermediated payment, timed commitment, micropayment channels and fair lotteries protocols) satisfy fairness, which were not proved formally. Also, we re-find known attacks to break fairness of two protocols (the escrow and contingent payment protocols). For the escrow protocol, we formalize the two-party scheme and the three-party scheme with an arbitrator, and show that the two-party scheme does not satisfy fairness as Atzei et al. showed. For the contingent payment protocol, we formalize the protocol with the non-interactive zero-knowledge proof (NIZK), and re-find the attack shown by Campanelli et al. at CCS 2017. Also, we show that a countermeasure with subversion NIZK against the attack works properly while it is not formally proved.

C. Shi—Presently with Panasonic Corporation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. CrowdFundDAO. https://live.ether.camp/account/9b37508b5f859682382d8cb6467a5c7fc5d02e9c/contract

  2. DiceRoll. https://ropsten.etherscan.io/address/0xb95bbe8ee98a21b5ef7778ec1bb5910ea843f8f7

  3. ISO/IEC 11770-2:2018 - IT Security techniques - Key management - Part 2: Mechanisms using symmetric techniques. https://www.iso.org/standard/73207.html

  4. ISO/IEC 11770-3:2015 - Information technology - Security techniques - Key management - Part 3: Mechanisms using asymmetric techniques. https://www.iso.org/standard/60237.html

  5. ProVerif 2.00. http://prosecco.gforge.inria.fr/personal/bblanche/proverif

  6. StandardToken. https://git.io/vFAlg

  7. Wallet. https://etherscan.io/address/0xab7c74abc0c4d48d1bdad5dcb26153fc8780f83e

  8. Ammayappan, K.: Seamless interoperation of LTE-UMTS-GSM requires flawless UMTS and GSM. In: International Conference on Advanced Computing, Networking and Security, pp. 169–174 (2013)

    Google Scholar 

  9. Asadi, S., Shahhoseini, H.S.: Formal security analysis of authentication in SNMPv3 protocol by an automated tool. In: IST 2012, pp. 306–313 (2012)

    Google Scholar 

  10. Atzei, N., Bartoletti, M., Cimoli, T., Lande, S., Zunino, R.: SoK: unraveling bitcoin smart contracts. In: Bauer, L., Küsters, R. (eds.) POST 2018. LNCS, vol. 10804, pp. 217–242. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89722-6_9

    Chapter  Google Scholar 

  11. Atzei, N., Bartoletti, M., Lande, S., Zunino, R.: A formal model of Bitcoin transactions. In: Meiklejohn, S., Sako, K. (eds.) FC 2018. LNCS, vol. 10957, pp. 541–560. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-58387-6_29

    Chapter  Google Scholar 

  12. Backes, M., Dreier, J., Kremer, S., Künnemann, R.: A novel approach for reasoning about liveness in cryptographic protocols and its application to fair exchange. In: Euro S&P 2017, pp. 76–91 (2017)

    Google Scholar 

  13. Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. J. Comput. Secur. 21(6), 817–846 (2013)

    Article  Google Scholar 

  14. Bellare, M., Fuchsbauer, G., Scafuro, A.: NIZKs with an untrusted CRS: security in the face of parameter subversion. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 777–804. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_26

    Chapter  MATH  Google Scholar 

  15. Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: IEEE Symposium on Security and Privacy 2017, pp. 483–502 (2017)

    Google Scholar 

  16. Bhargavan, K., et al.: Formal verification of smart contracts: short paper. In: PLAS@CCS 2016, pp. 91–96 (2016)

    Google Scholar 

  17. Blanchet, B.: CryptoVerif: cryptographic protocol verifier in the computational model. https://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/

  18. Bowe, S.: Pay-to-sudoku (2016). https://github.com/zcash/pay-to-sudoku

  19. Bresciani, R., Butterfield, A.: ProVerif analysis of the ZRTP protocol. Int. J. Infonom. (IJI) 3(3), 1060–1064 (2010)

    Google Scholar 

  20. Campanelli, M., Gennaro, R., Goldfeder, S., Nizzardo, L.: Zero-knowledge contingent payments revisited: attacks and payments for services. In: ACM Conference on Computer and Communications Security 2017, pp. 229–243 (2017)

    Google Scholar 

  21. Cremers, C.: The Scyther Tool. https://people.cispa.io/cas.cremers/scyther/

  22. Cremers, C.: Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2_18

    Chapter  Google Scholar 

  23. Cremers, C., Dehnel-Wild, M.: Component-based formal analysis of 5G-AKA: channel assumptions and session confusion. In: NDSS 2019 (2019)

    Google Scholar 

  24. Cremers, C., Dehnel-Wild, M., Milner, K.: Secure authentication in the grid: a formal analysis of DNP3: SAv5. J. Comput. Secur. 27(2), 203–232 (2019)

    Article  Google Scholar 

  25. Cremers, C., Horvat, M.: Improving the ISO/IEC 11770 standard for key management techniques. Int. J. Inf. Secur. 15(6), 659–673 (2015). https://doi.org/10.1007/s10207-015-0306-9

    Article  Google Scholar 

  26. Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: CCS 2017, pp. 1773–1788 (2017)

    Google Scholar 

  27. Garbinato, B., Rickebusch, I.: Impossibility results on fair exchange. In: IICS 2010, pp. 507–518 (2010)

    Google Scholar 

  28. Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. J. Cryptol. 7(1), 1–32 (1994)

    Article  MathSciNet  Google Scholar 

  29. Ben Henda, N., Norrman, K.: Formal analysis of security procedures in LTE - a feasibility study. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 341–361. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_17

    Chapter  Google Scholar 

  30. Kalra, S., Goel, S., Dhawan, M., Sharma, S.: ZEUS: analyzing safety of smart contracts. In: NDSS 2018 (2018)

    Google Scholar 

  31. Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: Euro S&P 2017, pp. 435–450 (2017)

    Google Scholar 

  32. Lu, J., Zhang, J., Li, J., Wan, Z., Meng, B.: Automatic verification of security of OpenID connect protocol with ProVerif. 3PGCIC 2016. LNDECT, vol. 1, pp. 209–220. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-49109-7_20

    Chapter  Google Scholar 

  33. Luu, L., Chu, D.H., Olickel, H., Saxena, P., Hobor, A.: Making smart contracts smarter. In: ACM Conference on Computer and Communications Security 2016, pp. 254–269 (2016)

    Google Scholar 

  34. Maxwell, G.: Zero knowledge contingent payment (2011). https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment

  35. Sakurada, H., Yoneyama, K., Hanatani, Y., Yoshida, M.: Analyzing and fixing the QACCE security of QUIC. In: Chen, L., McGrew, D., Mitchell, C. (eds.) SSR 2016. LNCS, vol. 10074, pp. 1–31. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49100-4_1

    Chapter  Google Scholar 

  36. Schmidt, B., Meier, S., Cremers, C., Basin, D.: Tamarin prover. http://tamarin-prover.github.io/

  37. Szabo, N.: Formalizing and securing relationships on public networks. First Monday, 1 September (1997). http://firstmonday.org/ojs/index.php/fm/article/view/548/469

Download references

Author information

Authors and Affiliations

  1. Ibaraki University, 4-12-1, Nakanarusawa, Hitachi-shi, Ibaraki, Japan

    Cheng Shi & Kazuki Yoneyama

Authors
  1. Cheng Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kazuki Yoneyama
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kazuki Yoneyama .

Editor information

Editors and Affiliations

  1. Inria Paris, Paris, France

    Karthikeyan Bhargavan

  2. University of Klagenfurt, Klagenfurt, Austria

    Elisabeth Oswald

  3. Department of Computer Science and Engineering, Indian Institute of Technology Bombay, Mumbai, Maharashtra, India

    Manoj Prabhakaran

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shi, C., Yoneyama, K. (2020). Formal Verification of Fair Exchange Based on Bitcoin Smart Contracts. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds) Progress in Cryptology – INDOCRYPT 2020. INDOCRYPT 2020. Lecture Notes in Computer Science(), vol 12578. Springer, Cham. https://doi.org/10.1007/978-3-030-65277-7_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-65277-7_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-65276-0

  • Online ISBN: 978-3-030-65277-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation