Abstract
We consider the probabilistic contract signing protocol of Ben-Or, Goldreich, Micali, and Rivest as a case study in formal verification of probabilistic security protocols. Using the probabilistic model checker PRISM, we analyse the probabilistic fairness guarantees the protocol is intended to provide. Our study demonstrates the difficulty of combining fairness with timeliness in the context of probabilistic contract signing. If, as required by timeliness, the judge responds to participants’ messages immediately upon receiving them, then there exists a strategy for a misbehaving participant that brings the protocol to an unfair state with arbitrarily high probability, unless unusually strong assumptions are made about the quality of the communication channels between the judge and honest participants. We quantify the tradeoffs involved in the attack strategy, and discuss possible modifications of the protocol that ensure both fairness and timeliness.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Aldini, A., Gorrieri, R.: Security analysis of a probabilistic non-repudiation protocol. In: Hermanns, H., Segala, R. (eds.) PROBMIV 2002, PAPM-PROBMIV 2002, and PAPM 2002. LNCS, vol. 2399, pp. 17–36. Springer, Heidelberg (2002)
Alur, R., Henzinger, T.: Reactive modules. Formal Methods in System Design 15, 7–48 (1999)
Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: Proc. 4th ACM Conference on Computer and Communications Security, pp. 7–17 (1997)
Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. IEEE Selected Areas in Communications 18(4), 593–610 (2000)
Baier, C., Kwiatkowska, M.: Model checking for a probabilistic branching time logic with fairness. Distributed Computing 11(3), 125–155 (1998)
Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.: A fair protocol for signing contracts. IEEE Transactions on Information Theory 36(1), 40–46 (1990)
Bianco, A., de Alfaro, L.: Model checking of probabilistic and nondeterministic systems. In: Thiagarajan, P.S. (ed.) FSTTCS 1995. LNCS, vol. 1026, pp. 499–513. Springer, Heidelberg (1995)
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)
Buttyán, L., Hubaux, J.-P.: Toward a formal model of fair exchange — a game theoretic approach. Technical Report SSC/1999/39, Swiss Federal Institute of Technology (EPFL), Lausanne, Switzerland (1999)
Buttyán, L., Hubaux, J.-P., Čapkun, S.: A formal analysis of Syverson’s rational exchange protocol. In: Proc. 15th IEEE Computer Security Foundations Workshop, pp. 193–205 (2002)
Chadha, R., Kanovich, M., Scedrov, A.: Inductive methods and contract-signing protocols. In: Proc. 8th ACM Conference on Computer and Communications Security, pp. 176–185 (2001)
Damgård, I.: Practical and provably secure release of a secret and exchange of signatures. J. Cryptology 8(4), 201–222 (1995)
Derman, C.: Finite-State Markovian Decision Processes. Academic Press, New York (1970)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Even, S.: A protocol for signing contracts. Technical Report 231, Computer Science Dept., Technion, Israel (1982)
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Communications of the ACM 28(6), 637–647 (1985)
Even, S., Yacobi, Y.: Relations among public key signature schemes. Technical Report 175, Computer Science Dept., Technion, Israel (1980)
Garay, J., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999)
Goldreich, O., Goldwasser, S., Micali, S.: How to construct random functions. J. ACM 33(4), 792–807 (1986)
Gray, J.: Toward a mathematical foundation for information flow security. J. Computer Security 1(3), 255–294 (1992)
Hansson, H., Jonsson, B.: A logic for reasoning about time and probability. Formal Aspects of Computing 6(5), 512–535 (1994)
Kremer, S., Raskin, J.-F.: A game-based verification of non-repudiation and fair exchange protocols. In: Larsen, K.G., Nielsen, M. (eds.) CONCUR 2001. LNCS, vol. 2154, pp. 551–565. Springer, Heidelberg (2001)
Kremer, S., Raskin, J.-F.: Game analysis of abuse-free contract signing. In: Proc. 15th IEEE Computer Security Foundations Workshop, pp. 206–220 (2002)
Kwiatkowska, M., Norman, G., Parker, D.: PRISM: Probabilistic symbolic model checker. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 200–204. Springer, Heidelberg (2002)
Lincoln, P., Mitchell, J., Mitchell, M., Scedrov, A.: Probabilistic polynomial-time equivalence and security analysis. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 776–793. Springer, Heidelberg (1999)
Markowitch, O., Roggeman, Y.: Probabilistic non-repudiation without trusted third party. In: Proc. 2nd Conference on Security in Communication Networks (1999)
Micali, S.: Certified e-mail with invisible post offices. Presented at RSA Security Conference (1997)
PRISM web page, http://www.cs.bham.ac.uk/~dxp/prism/
Shmatikov, V., Mitchell, J.: Finite-state analysis of two contract signing protocols. Theoretical Computer Science 283(2), 419–450 (2002)
Syverson, P., Gray, J.: The epistemic representation of information flow security in probabilistic systems. In: Proc. 8th IEEE Computer Security Foundations Workshop, pp. 152–166 (1995)
Volpano, D., Smith, G.: Probabilistic non-interference in a concurrent language. In: Proc. 11th IEEE Computer Security Foundations Workshop, pp. 34–43 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Norman, G., Shmatikov, V. (2003). Analysis of Probabilistic Contract Signing. In: Abdallah, A.E., Ryan, P., Schneider, S. (eds) Formal Aspects of Security. FASec 2002. Lecture Notes in Computer Science, vol 2629. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-40981-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-540-40981-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20693-4
Online ISBN: 978-3-540-40981-6
eBook Packages: Springer Book Archive