Skip to Main Content
Micali proposed a simple and practical optimistic fair exchange protocol, called ECS1, for contract signing. Bao et al. found some message replay attacks in both the original ECS1 and a modified ECS1 where the latter aims to solve an ambiguity in the former. Furthermore, Bao et al. proposed an improved ECS1 which aims to prevent all those attacks. In this paper, we present a systematic method to analyze the security of Micali's ECS1 by using Coloured Petri Nets (CPN). By using CPN, we found two new attacks in the original protocol, five new attacks in Bao's modified protocol and surprisingly one new attack in Bao's improved protocol. All these new attacks occur when multiple sessions of protocol execution are performed concurrently.