A Cryptographic Model for Branching Time Security Properties -- the Case of Contract Signing Protocols

A Cryptographic Model for Branching Time Security Properties -- the Case of Contract Signing Protocols. Véronique Cortier, Ralf Küsters, and Bogdan Warinschi. In Proceedings of the 12th European Symposium On Research In Computer Security (ESORICS'07), pp. 422–437, 4734, Springer, Dresden, Germany, September 2007.

Download

[PDF] [HTML] 

Abstract

Some cryptographic tasks, such as contract signing and other related tasks, need to ensure complex, branching time security properties. When defining such properties one needs to deal with subtle problems regarding the scheduling of non-deterministic decisions, the delivery of messages sent on resilient (non-adversarially controlled) channels, fair executions (executions where no party, both honest and dishonest, is unreasonably precluded to perform its actions), and defining strategies of adversaries against all possible non-deterministic choices of parties and arbitrary delivery of messages via resilient channels. These problems are typically not addressed in cryptographic models and these models therefore do not suffice to formalize branching time properties, such as those required of contract signing protocols.
In this paper, we develop a cryptographic model that deals with all of the above problems. One central feature of our model is a general definition of fair scheduling which not only formalizes fair scheduling of resilient channels but also fair scheduling of actions of honest and dishonest principals. Based on this model and the notion of fair scheduling, we provide a definition of a prominent branching time property of contract signing protocols, namely balance, and give the first cryptographic proof that the Asokan-Shoup-Waidner two-party contract signing protocol is balanced.

BibTeX

@InProceedings{CKW-ESORICS07,
  author = 	 {V\'eronique Cortier and Ralf K\"usters and Bogdan Warinschi},
  title = 	 {A Cryptographic Model for Branching Time Security Properties -- the Case of Contract Signing Protocols},
  booktitle = {Proceedings of the 12th European Symposium On Research In Computer Security (ESORICS'07)},
  pages = 	 {422-437},
  year = 	 {2007},
  volume = 	 {4734},
  address = 	 {Dresden, Germany},
  month = 	 {September},
  DOI = {10.1007/978-3-540-74835-9_28},
  abstract = {Some cryptographic tasks, such as contract signing and other related tasks, need to ensure complex, branching time security properties. When defining such properties one needs to deal with subtle problems regarding the scheduling of non-deterministic decisions, the delivery of messages sent on resilient (non-adversarially controlled) channels, fair executions (executions where no party, both honest and dishonest, is unreasonably precluded to perform its actions), and defining strategies of adversaries against all possible non-deterministic choices of parties and arbitrary delivery of messages via resilient channels. These problems are typically not addressed in cryptographic models and these models therefore do not suffice to formalize branching time properties, such as those required of contract signing protocols.
\par
In this paper, we develop a cryptographic model that deals with all of the above problems. One central feature of our model is a general definition of fair scheduling which not only formalizes fair scheduling of resilient channels but also fair scheduling of actions of honest and dishonest principals. Based on this model and the notion of fair scheduling, we provide a definition of a prominent branching time property of contract signing protocols, namely balance, and give the first cryptographic proof that the Asokan-Shoup-Waidner two-party contract signing protocol is balanced.},
  publisher = {Springer},
}