This work initiates an analysis of several cryptographic protocols from a rational point of view using a game-theoretical approach, which allows us to represent not only the protocols but also possible misbehaviours of parties. Concretely, several concepts of two-person games and of two-party cryptographic protocols are here combined in order to model the latters as the formers. One of the main advantages of analysing a cryptographic protocol in the game-theory setting is the possibility of describing improved and stronger cryptographic solutions because possible adversarial behaviours may be taken into account directly. With those tools, protocols can be studied in a malicious model in order to find equilibrium conditions that make possible to protect honest parties against all possible strategies of adversaries.
Deep Dive into A Rational Approach to Cryptographic Protocols.
This work initiates an analysis of several cryptographic protocols from a rational point of view using a game-theoretical approach, which allows us to represent not only the protocols but also possible misbehaviours of parties. Concretely, several concepts of two-person games and of two-party cryptographic protocols are here combined in order to model the latters as the formers. One of the main advantages of analysing a cryptographic protocol in the game-theory setting is the possibility of describing improved and stronger cryptographic solutions because possible adversarial behaviours may be taken into account directly. With those tools, protocols can be studied in a malicious model in order to find equilibrium conditions that make possible to protect honest parties against all possible strategies of adversaries.
The verification of cryptographic protocols has become a subject of great importance with the development of communications and transactions on public channels like Internet. Since Cryptology may be seen as a continuous struggle between cryptographers and cryptanalysts, and Game Theory may be defined as the study of decision making in difficult situations, both fields seem to have certain common scenarios, so it is natural that tools from one area may be applied in the other. In fact, the main objective of this work is to model several two-party cryptographic protocols as two-person games in order to introduce the human factor in the analysis of cryptographic protocols so that it might be helpful to solve many security problems which are hard to deal with traditional security primitives.
One of the first approaches that analyses the relationship between cryptographic protocols and games may be found in [1], where an application of game theoretic techniques to the analysis of some multiparty cryptographic protocols for secret exchange was provided. Later, a solution to the problem of determining the existence of two-person games whose payoffs are comparable to those obtained when a Third Trusted Party intervenes was proposed in [2]. Another two recent applications of modern cryptography to game theory were presented respectively in [3], where it was proved that every correlated equilibrium of an original infinitely repeated game can be implemented through public communication only, and in [4], where cryptographic primitives were used to provide correctness and privacy in distributed mechanisms.
Several cryptographic proofs of protocols correctness based on basic fairness were provided in [5], whereas in [6] various formal definitions of different versions of fairness were given. The idea of using game theory as a formal tool to model specific cryptographic protocols such as Fair and Safe Exchange, and Contract Signing was explored in the recent works [7], [8] and [9]. The concept of rational exchange in terms of Nash equilibrium was defined in [10], where it was proved that fair exchange implies rational exchange but not the reverse. Another remarkable reference, [11], described a formal security model for fair signature exchange in terms of games where fairness was defined in a probabilistic way.
Finally, the work [12] should be singled out as the main starting point of this work since there the concept of rationality applied to exchange was introduced. Such a reference also showed the close relationship between the rationality concept and the stimulation for cooperation in ad-hoc networks.
This paper represents a preliminary step of a game-based analysis of general scenarios and different types of two-party cryptographic protocols. Concretely, here the modelling of incentives in the games and desirable conditions of the protocols are described. The structure of the present work is as follows. Section 2 introduces briefly notations and definitions of several game theoretic notions that are used throughout the paper. Then Section 3 provides a basic background on two-party cryptographic protocols. In Sections 4 and 5 a theoretic game model is used to describe and analyse respectively symmetric and asymmetric two-party protocols. Finally, conclusions of the work and comments on further investigation are drawn in Section 6.
If a group P of parties or players i agree to obey certain rules and to act individually or in coalition, the results of their joint action lead to certain situations called outcomes. In such conditions, a game G defines the set of rules that specify a sequence of actions aǫQ allowed to the parties.
Concretely, the rules of the game specify what amount of information about all the previous actions and the alternatives that have been chosen can be given to each party before making an specific choice. The game also specifies a termination when some specific sequences of choices are made and no more actions are allowed. Each termination produces an outcome in the form of scores or incomes y + , and payments or expenses y -for each party. It is assumed that each party i has a preference relation ≤ i over the outcomes reflected in his/her scores and payments.
A finite action sequence q is said to be terminal if it is infinite or if there is no action a such that q is followed by a. The set Z of terminal action sequences represents all the possible outcomes of the game. The real-valued function y(q) = (y i (q)) iǫP that assigns the payoffs for every party i after every terminal action sequence qǫZ is called outcome or payoff function. These payoff values may be negative, in which case they are interpreted as losses. Also these payoffs may verify that i∈P y i (q) = 0 for any q ∈ Z, in which case the game is called zero-sum.
The preference relations of the parties are often represented in terms of their payoffs in such a way that for any q, q ′ ǫZ and iǫP , q ≤ i q ′ iff y i (q) ≤ y i (q ′ )
…(Full text truncated)…
This content is AI-processed based on ArXiv data.
