Optimistic protocols for fair exchange
Proceedings of the 4th ACM conference on Computer and communications security
Optimal efficiency of optimistic contract signing
PODC '98 Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Logic in Computer Science: Modelling and Reasoning about Systems
Logic in Computer Science: Modelling and Reasoning about Systems
Formal Analysis of Multi-Party Contract Signing
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Resolve-Impossibility for a Contract-Signing Protocol
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
A dolev-yao-based definition of abuse-free protocols
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
An agent-mediated fair exchange protocol
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Game-based verification of multi-party contract signing protocols
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Game-based verification of contract signing protocols with minimal messages
Innovations in Systems and Software Engineering
Fairness in non-repudiation protocols
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Hi-index | 0.00 |
A multi-party contract signing protocol allows a set of participants to exchange messages with each other with a view to arriving in a state in which each of them has a pre-agreed contract text signed by all the others. Garay and Mackenzie (GM) proposed such protocol based on private contract signatures, but it was later shown to be flawed by Chadha, Kremer and Scedrov (CKS); the authors CKS also provided a fix to the GM protocol by revising one of its sub-protocols. We show an attack on the revised GM protocol for any number (n4) of signers. Furthermore, we argue that our attack shows that the message exchange structure of GM's main protocol is flawed: whatever the trusted party does will result in unfairness for some signer. This means that it is impossible to define a trusted party protocol for Garay and MacKenzie's main protocol; we call this ''resolve-impossibility''. We propose a new optimistic multi-party contract signing protocol, also based on private contract signatures. We present a proof that our protocol satisfies fairness as well as its formal analysis in NuSMV model checker for the case of five signers. The protocol requires n(n-1)(@?n/2@?+1) messages to be sent in the optimistic execution, which is about half the number of messages required by the state-of-the-art Baum-Waidner and Waidner protocol, and in contrast with Baum-Waidner and Waidner, it does not use a non-standard notion of a signed contract.