Cryptanalysis of Syverson's Rational Exchange Protocol

The notion of rational exchange introduced by Syverson

in 1998 is a particularly interesting alternative when an

e?cient scheme for fair exchange is required but the existence of a trusted third party simply cannot be assumed.

A rational exchange protocol cannot provide true fairness,

but it ensures that rational –i.e. self-interested– parties

would have no reason to deviate from the protocol. In

this paper, we identify some weaknesses in Syverson’s rational exchange protocol which were neither detected by

the original author nor by subsequent analysis. After presenting some attacks, we indicate how the scheme should

be modi?ed to overcome these vulnerabilities. We also

provide a formal analysis of our enhancement using BAN

logic.