Analysis of probabilistic contract signing

Authors:
Gethin Norman;Vitaly Shmatikov
Affiliations:
University of Birmingham, School of Computer Science, Birmingham B15 2TT, UK E-mail: G.Norman@cs.bham.ac.uk;Department of Computer Sciences, The University of Texas at Austin, Austin, TX 78712, USA E-mail: shmat@cs.utexas.edu
Venue:
Journal of Computer Security
Year:
2006

Citing 16
Cited 10

A randomized protocol for signing contracts

Communications of the ACM
How to construct random functions

Journal of the ACM (JACM)
Optimistic protocols for fair exchange

Proceedings of the 4th ACM conference on Computer and communications security
Reactive Modules

Formal Methods in System Design - Special issue on The First Federated Logic Conference (FLOC'96), part II
Inductive methods and contract-signing protocols

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Finite-state analysis of two contract signing protocols

Theoretical Computer Science
Finite State Markovian Decision Processes

Finite State Markovian Decision Processes
Security Analysis of a Probabilistic Non-repudiation Protocol

PAPM-PROBMIV '02 Proceedings of the Second Joint International Workshop on Process Algebra and Probabilistic Methods, Performance Modeling and Verification
Model Checking of Probabalistic and Nondeterministic Systems

Proceedings of the 15th Conference on Foundations of Software Technology and Theoretical Computer Science
The epistemic representation of information flow security in probabilistic systems

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Probabilistic Noninterference in a Concurrent Language

CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
A Formal Analysis of Syverson's Rational Exchange Protocol

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Game Analysis of Abuse-free Contract Signing

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Model checking for a probabilistic branching time logic with fairness

Distributed Computing
PRISM: a tool for automatic verification of probabilistic systems

TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Optimistic fair exchange of digital signatures

IEEE Journal on Selected Areas in Communications

A framework for analyzing probabilistic protocols and its application to the Partial Secrets Exchange

Theoretical Computer Science
Counterexample Generation for Discrete-Time Markov Chains Using Bounded Model Checking

VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Approximate Model Checking of PCTL Involving Unbounded Path Properties

ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Deciding strategy properties of contract-signing protocols

ACM Transactions on Computational Logic (TOCL)
Stochastic model checking

SFM'07 Proceedings of the 7th international conference on Formal methods for performance evaluation
How fast and fat is your probabilistic model checker? an experimental performance comparison

HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Symbolic model checking of probabilistic knowledge

Proceedings of the 13th Conference on Theoretical Aspects of Rationality and Knowledge
Counterexample generation for Markov chains using SMT-based bounded model checking

FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
A two-phase approximation for model checking probabilistic unbounded until properties of probabilistic systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
The COMICS tool: computing minimal counterexamples for DTMCs

ATVA'12 Proceedings of the 10th international conference on Automated Technology for Verification and Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present three case studies, investigating the use of probabilistic model checking to automatically analyse properties of probabilistic contract signing protocols. We use the probabilistic model checker PRISM to analyse three protocols: Rabin's probabilistic protocol for fair commitment exchange; the probabilistic contract signing protocol of Ben-Or, Goldreich, Micali, and Rivest; and a randomised protocol for signing contracts of Even, Goldreich, and Lempel. These case studies illustrate the general methodology for applying probabilistic model checking to formal verification of probabilistic security protocols. For the Ben-Or et al. protocol, we demonstrate the difficulty of combining fairness with timeliness. If, as required by timeliness, the judge responds to participants' messages immediately upon receiving them, then there exists a strategy for a misbehaving participant that brings the protocol to an unfair state with arbitrarily high probability, unless unusually strong assumptions are made about the quality of the communication channels between the judge and honest participants. We quantify the tradeoffs involved in the attack strategy, and discuss possible modifications of the protocol that ensure both fairness and timeliness. For the Even et al. protocol, we demonstrate that the responder enjoys a distinct advantage. With probability 1, the protocol reaches a state in which the responder possesses the initiator's commitment, but the initiator does not possess the responder's commitment. We then analyse several variants of the protocol, exploring the tradeoff between fairness and the number of messages that must be exchanged between participants.