Bisimulations for Verifying Strategic Abilities with an Application to ThreeBallot

We propose a notion of alternating bisimulation for strategic abilities under imperfect information. The bisimulation preserves formulas of ATL for both the objective and subjective variants of the state-based semantics with imperfect information, which are commonly used in the modeling and verification of multi-agent systems. Furthermore, we apply the theoretical result to the verification of coercion-resistance in the three-ballot voting system, a voting protocol that does not use cryptography. In particular, we show that natural simplifications of an initial model of the protocol are in fact bisimulations of the original model, and therefore satisfy the same ATL properties, including coercion-resistance. These simplifications allow the model-checking tool MCMAS to terminate on models with a larger number of voters and candidates, compared with the initial model.

[1]  Alessio Lomuscio,et al.  MCMAS: A Model Checker for the Verification of Multi-Agent Systems , 2009, CAV.

[2]  Wojciech Jamroga,et al.  Agents that Know How to Play , 2004, Fundam. Informaticae.

[3]  Ferucio Laurentiu Tiplea,et al.  Model-checking ATL under Imperfect Information and Perfect Recall Semantics is Undecidable , 2011, ArXiv.

[4]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[5]  Steve A. Schneider,et al.  Verifying anonymity in voting systems using CSP , 2012, Formal Aspects of Computing.

[6]  Matthijs Melissen,et al.  Game-theory and Logic for Non-repudiation Protocols and Attack Analysis , 2013 .

[7]  Rohit Chadha,et al.  Formal Analysis of Multiparty Contract Signing , 2005, Journal of Automated Reasoning.

[8]  Marc Pauly,et al.  A Modal Logic for Coalitional Power in Games , 2002, J. Log. Comput..

[9]  Joost-Pieter Katoen,et al.  Bisimulation and Logical Preservation for Continuous-Time Markov Decision Processes , 2007, CONCUR.

[10]  Wojciech Jamroga,et al.  Comparing Semantics of Logics for Multi-Agent Systems , 2004, Synthese.

[11]  Nicolas Markey,et al.  On the Expressiveness and Complexity of ATL , 2007, FoSSaCS.

[12]  Jonathan K. Millen,et al.  Modeling Group Communication Protocols Using Multiset Term Rewriting , 2004, WRLA.

[13]  Jürgen Dix,et al.  Model Checking Abilities under Incomplete Information Is Indeed Delta2-complete , 2006, EUMAS.

[14]  P. Ryan The Computer Ate My Vote , 2010 .

[15]  Ron van der Meyden,et al.  MCK: Model Checking the Logic of Knowledge , 2004, CAV.

[16]  Jian Wang,et al.  Verifying voting schemes , 2014, J. Inf. Secur. Appl..

[17]  Wojciech Penczek,et al.  Propositional Temporal Logics and Equivalences , 1992, CONCUR.

[18]  Jan van Eijck,et al.  Epistemic Verification of Anonymity , 2007, VODCA@FOSAD.

[19]  Wojciech Penczek,et al.  VerICS 2007 - a Model Checker for Knowledge and Real-Time , 2008, Fundam. Informaticae.

[20]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[21]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[22]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[23]  Charles Pecheur,et al.  Reasoning about memoryless strategies under partial observability and unconditional fairness constraints , 2015, Inf. Comput..

[24]  Wojciech Jamroga,et al.  Expressing Receipt-Freeness and Coercion-Resistance in Logics of Strategic Ability: Preliminary Attempt , 2016, PrAISe@ECAI.

[25]  R. Rivest The ThreeBallot Voting System , 2006 .

[26]  Wojciech Jamroga,et al.  Alternating-time temporal logics with irrevocable strategies , 2007, TARK '07.

[27]  Aniello Murano,et al.  Reasoning About Strategies: On the Model-Checking Problem , 2011, ArXiv.

[28]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[29]  W. Jamroga,et al.  Model Checking Abilities under Incomplete Information Is Indeed ∆ P 2-complete , 2006 .

[30]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[31]  Johan van Benthem,et al.  Reasoning about Strategies , 2013, Computation, Logic, Games, and Quantum Foundations.

[32]  J. Dix,et al.  Model Checking Logics of Strategic Ability: Complexity* , 2010 .

[33]  Peter Y. A. Ryan,et al.  End-to-End Verifiability in Voting Systems, from Theory to Practice , 2015, IEEE Security & Privacy.

[34]  Véronique Cortier Formal verification of e-voting: solutions and challenges , 2015, SIGL.

[35]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[36]  Wojciech Jamroga,et al.  Reasoning about strategies of multi-agent programs , 2010, AAMAS.

[37]  Steve A. Schneider,et al.  Automated anonymity verification of the ThreeBallot and VAV voting systems , 2016, Software & Systems Modeling.

[38]  Ralf Küsters,et al.  Verifiability, Privacy, and Coercion-Resistance: New Insights from a Case Study , 2011, 2011 IEEE Symposium on Security and Privacy.

[39]  Wojciech Jamroga,et al.  Comparing variants of strategic ability: how uncertainty and memory influence general properties of games , 2014, Autonomous Agents and Multi-Agent Systems.

[40]  Alessio Lomuscio,et al.  Automatic verification of epistemic specifications under convergent equational theories , 2012, AAMAS.

[41]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[42]  Krishnendu Chatterjee,et al.  Strategy logic , 2007, Inf. Comput..

[43]  Alessio Lomuscio,et al.  MCMAS: an open-source model checker for the verification of multi-agent systems , 2017, International Journal on Software Tools for Technology Transfer.

[44]  Thomas A. Henzinger,et al.  Alternating Refinement Relations , 1998, CONCUR.