Rational Exchange - A Formal Model Based on Game Theory
WELCOM '01 Proceedings of the Second International Workshop on Electronic Commerce
Weakly Secret Bit Commitment: Applications to Lotteries and Fair Exchange
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
A Formal Analysis of Syverson's Rational Exchange Protocol
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A formal model of rational exchange and its application to the analysis of Syverson's protocol
Journal of Computer Security - Special issue on CSFW15
Ripping coins for a fair exchange
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
An intensive survey of fair non-repudiation protocols
Computer Communications
The changing environment for security protocols
IEEE Network: The Magazine of Global Internetworking
Towards Automated Design of Multi-party Rational Exchange Security Protocols
WI-IATW '07 Proceedings of the 2007 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Workshops
Hi-index | 0.00 |
The notion of rational exchange introduced by Syverson in 1998 is a particularly interesting alternative when an efficient scheme for fair exchange is required but the use of a trusted third party is not allowed. A rational exchange protocol cannot provide fairness, but it ensures that rational (i.e. self-interested) parties would have no reason to deviate from the protocol. Buttyán et al (2003) have recently pointed out how rationality in exchange protocols can be formalized and studied within the framework provided by Game Theory. In this paper, we identify some vulnerabilities in Syverson's protocol which were not detected by Buttyán et al's analysis. These motivate us to extend the model to consider new aspects, never formalized before when analyzing security protocols. These aspects are related to participants' reputation, protocol's robustness, and the impact that scenarios where the protocol is executed repeatedly have on the outcome of the protocol execution.