A bound on attacks on payment protocols

Abstract

Electronic payment protocols are designed to work correctly in the presence of an adversary that can prompt honest principals to engage in an unbounded number of concurrent instances of the protocol. This paper establishes an upper bound on the number of protocol instances needed to attack a large class of protocols, which contains versions of some well-known electronic payment protocols, including SET and 1KP. Such bounds clarify the nature of attacks on and provide a rigorous basis for automated verification of payment protocols.