Aug. 2006, Volume 3, No.8 (Serial No.

21)

Journal of Communication and Computer, ISSN1548-7709, USA

Modeling Electronic Payment Systems Based on Dynamic Game*

Ling Zhang1, Jianping Yin2, Mengjun Li3
(1,2,3 School of Computer Science, National University of Defense Technology, Changsha 410073, China)
Abstract: A dynamic game-based model of electronic payment
systems is proposed, which is used to analyze formally security
property of electronic payment protocols. Compared with
previous work, the main contributions are as follows. Firstly,
using strategic games to model channels in three kinds of
qualities and participants of dishonest behaviors makes it able
to analyze cooperative and adversarial behaviors. Secondly,
modeling process and channel failures helps to analyze security
properties of a protocol in failed environment.
Key words: Dynamic Game; Electronic Payment; Channel;
Failures*

1. Introduction
The electronic Payment Systems Observatory
(ePSO)[1] defines that electronic payment is the
transfer of an electronic means of payment from the
payer to the payee through an electronic payment
instrument. An electronic payment system contains a
customer, a merchant and a bank. There are three
payment protocol models: Cash, Cheque and Card.
Cash is the token that can be authenticated
independently by the issuer such as Digital-cash and
Payword; Cheque is payment instruments whose
validity requires reference to the issuer such as
NetBill; Card is a payment method through existing
credit card mechanism such as SET. For electronic
payment prevails as a definitive alternative to
* *
Acknowledgements: This work is supported by the National
Natural Science Foundation of China (No. 60473057, No.
90104026), the National High Technology Research and
Development Program of China (No. 2002AA144040).
1
Ling Zhang, PhD candidate; main research fields: formal
specification and verification of electronic commerce protocols.
2
Jinping Yin, male, professor; main research fields: artificial
intelligence, pattern recognition, algorithm and information
security.
3
Mengjun Li, male, PhD; main research fields: verification of
security protocols.

traditional physical commerce, nothing should happen

to undermine consumers confidence in the new
technology. Thus, electronic payment protocols
should satisfy a minimal set of requirements expected
by the users of electronic payment systems.
Note that these requirements are hard to meet
because of the characteristics of the electronic world.
Firstly, some intrinsic constraints of the physical
world are absent in the electronic world. For instance,
due to the resources and knowledge it takes to
counterfeit cash, spurious bills and coins are less
common in the physical world than what they would
be. In the electronic setting, however, where copying
data items is cheap, fast and easy to disguise, spurious
currency will likely to be much more common.
Secondly, participants of electronic commerce
transactions are often geographically distributed, and
informal mechanisms that require face-to-face
interactions and can help to bring transactions to
successful completion are now unavailable. Thirdly,
unlike certain other classes of protocols (e.g. key
distribution), where participants share a common goal
(e.g. obtaining a secret key for a secure
communication), here participants typically have
separate and often conflicting goals in mind. For
instance, while honest customers try to pay for goods
received, dishonest ones may cheat and try to obtain
goods for free. Similarly, while conscientious
merchants strive for customer satisfaction,
unscrupulous ones may not care whether goods are
delivered or not, or may deliver something else. In
cyberspace, where one is likely to interact with
complete strangers, the threat of cheating is real.

69

Modeling Electronic Payment Systems Based on Dynamic Game

Fig. 1

An Electronic Payment System Model

Note that there is no general formal model of

electronic payment systems, which makes it hard to
verify formal protocols. An electronic payment system
is inherently a parallel and distributed system, and it is
also extremely similar to a game. Customers and
merchants may misbehave, and may not follow the
protocol faithfully, in such a situation: (1) each
participant has choices at various stages during the
interaction with others (e.g. to quit the protocol or to
continue); (2) the decisions that the participants make
determine the outcome of their interaction; (3) in order
to achieve the most preferable outcome, a participant
may follow a plan that does not coincide with the
faithful execution of the exchange protocol. So a
system model using notations of Communication
Sequential Process (CSP)[2] and dynamic game
theory[3,4] is proposed in this paper. The advantages of
this model are as follows: (1) modeling channels in
three kinds of qualities and participants of dishonest
behaviors help to analyze cooperative and adversarial
behaviors; (2) modeling process and channel failures
makes it able to analyze the protocols security
properties in failed environment.
The rest of this paper is organized as follows. In
section 2, a dynamic game is introduced. Section 3
shows how an electronic payment system can be
modeled naturally and accurately as games. Finally,
section 4 concludes this paper.

2. Dynamic Game
The object of studying in game theory is the

70

game, which is a formal model of an interactive

situation. The formal definition lays out the players,
their preferences, their information, strategic
actions available to them, and how these influence
the outcome. When players interact by playing a
similar stage game numerous times, the game is
called as a dynamic game. Unlike simultaneous
games, players at least have some information about
the strategies chosen on others and thus may
contingent their play on past moves. This section
will consider the representation of dynamic games
and the predication of behaviors in dynamic games.
The extensive form is a complete description of
how the game is played over time. This includes the
order in which players take actions, the information
that players have at the time they must take those
actions, and the time at which any uncertainty in the
situation is resolved. In the subsection, a dynamic
game is represented in extensive form.
2.1 Dynamic game
A dynamic game is a tuple <N, Q, p, {i}iN,i >.
-N is a set of natural numbers, and represents a set
of players.
-Q is a set of action sequences that satisfies the
following properties:
1) The empty sequence is a member of Q.

(ak )

2) If

k =1

number),

(a k )

Q and 0<v<w (w is a natural

v
k =1

Q .

3) If an infinite action sequence

satisfies

(a k )

k =1

(a k )

v
k =1

(a k )

k =1

Q for every positive integer v,

Q .

An action sequence qQ is terminal if it is infinite

or there is not an available action a so that q.aQ. The
set of terminal action sequences is denoted by Z.
-p is a function that assigns a player in N to every
action sequence in Q\Z.
-Ii (iN) is an information partition of player iN.

Modeling Electronic Payment Systems Based on Dynamic Game

-I (iN) is a preference relation of player iN on

Z.

j N , s j S j . o( s j * , ( si* )iN \{ j} ) j o( s j , ( si* )iN \{ j} )

Iii is an information set obtained from an action

sequence by i. According to Ii after an action sequence
i selects the next available action that if it is his turn to
move. Suppose q1 and q2 are terminal action
sequences, ui(q1)(ui(q2)) is the payoff that i obtains
after q1(q2). Then q1iq2 iff ui(q1) ui(q2).
2.2 Strategy
In an extensive game, a strategy is a complete

A Nash equilibrium recommends a strategy to each

player that the player cannot improve upon
unilaterally, that is to say, given that the other players
follow the recommendation. Since the other players
are also rational, it is reasonable for each player to
expect his opponents to follow the recommendation as
well.

plan of choices for each decision point of the player.

Let A(Ii) denotes the set of available actions of
player i according to his current information set Ii

3. System Model

and

Ai = Ii I i A( I i )

denotes all the available

actions of i. A strategy of player iN is a function si

that assigns an action in A(q) to every non-terminal
action sequence qQ\Z so that p(q)=i and q is
consistent with the strategy. A non-terminal action
sequence

( ak ) k =1 Q \ Z
w

is consistent with the

strategy si of player i iff si (( a k ) vk =1 ) = a v +1 for every

0v<w so that p(( ak )vk =1 ) = i . Denote the set of all
strategies of player i by Si. A strategy profile is a
vector (si)iN of strategies, where each si is a
member of Si.
2.3 Nash equilibrium
A Nash equilibrium, also called strategic
equilibrium, is a list of strategies, one for each
player, which has the property that no player can
unilaterally change his strategy and get a better
payoff. Let o(( si )iN ) denote the resulting outcome

when the players follow the strategies in the

strategy profile ( si )iN . In other words, o(( si )iN ) is
the (possibly infinite) action sequence ( ak ) kw=1 Z
so that
v : 0 < v < w. sp( a

( k )vk=1 )

((ak )vk =1 ) = av+1 (av+1 Ap( a

( k )vk =1 )

*
A strategy profile (si )iN is a Nash equilibrium
iff

Electronic payment systems are inherently parallel

and distributed systems. A system consists of protocol
participants
and
communication
mediums.
Participants contain a customer, a merchant and a
bank. Actions of the processes of these interacting
occur in an arbitrary interleaving. And interactions
between participants and communication mediums
require simultaneous participation of them. The
illustration of the system is shown in Fig. 1. Nodei
(iN) represents a customer or a merchant, TTP
represents a bank, and NET represents communication
mediums. An edge represents a channel between a
participant and communication medium. Three classes
of communication channels: unreliable, resilient and
operational channels are considered. No assumptions
have to be made about unreliable channels: data may
be lost. A resilient channel delivers data after a finite,
but unknown amount of time. Data may be delayed,
but will eventually arrive. When using an operational
channel data arrive before a known, constant amount
of time. This paper considers NET as a special player
and model channels in different qualities, and
considers both process and channel failures in the
distributed environment. If a process fails, it
terminates abnormally. Connection failures due to
problems at remote processes are examples of remote
factors. A channel fails by losing or delaying some
messages.
A foundational assumption in economics is that

71

Modeling Electronic Payment Systems Based on Dynamic Game

protocol participants are rational. A participant is said

to be rational if he seeks to play in a manner which
maximizes his own payoff. Electronic payment
systems are extremely similar to games: (1) each
participant has choices at various stages during the
interaction with others (e.g. to quit the protocol or to
continue); (2) the decisions that the principals make
determine the outcome of their interaction; (3) in order
to achieve the most preferable outcome, a principal
may follow a plan that does not coincide with the
faithful execution of the exchange protocol.
Considering its striking similarity to games, it appears
to be a natural idea to model it with a game.
3.1 Preliminaries
An atomic message is a constant, a variable, a
natural number, or a fresh constant. The fresh
constants are used to model the creation of random
data, e.g. nonces, during a protocol session. Let AM
denotes a set of atomic messages. Messages in
electronic payment systems are atomic messages or
composed using paring or cryptographic functions
such as Hash, Signature, Asymmetric and Symmetric
Encryption. Let F denote a set of these functions.
Then define the message set M and the constructing
message operator |- as follows.
Definition 1 M. M(AMF)* is the smallest of
sets (AMF)* which satisfy:
(1) m if mAM; and
(2) m1m2 if m1, m2; and
(3) f(m1,,mn) if fF and mi (i=1,,n).
Definition 2 |-.m is constructible from M, M |- m,
if and only if:
(1) mM, or
(2) m=m1m2, M|-m1 and M|-m2 , or
(3) m=mi(i=1,2), and M|-m1m2, or
(4) m=f(m1,,mn), and i{1,,n}, M|-mi
3.2 Players
A player is an agent who makes decisions in a game.
First, model each protocol participant as a player. In
addition, model the communication network named
NET as a player too. Therefore, the player set N of the
72

game is defined as N={1,2,3,4}, where 1 and 2

represent the two main parties of a protocol, 3 stands
for the trusted third party, and 4 denotes the network.
And the set N\{4} is denoted by N.
TTP always behaves correctly, so it is restricted to
follow a particular strategy, whereas the players that
represent the potentially misbehaving main parties are
allowed to choose among several strategies.
Communication mediums are considered in three
kinds of qualities, which are unreliable, resilient and
operational. So NET is also allowed to choose several
strategies.
3.3 Information set
Each player iN has a local state i(q) that
represents all the information that i has obtained after
the action sequence q.i(q) is defined as a tuple
<Acti(q), Hi(q), MSi(q), Ri(q)>, where
Acti(q):

is 1 iff player i is still active (i.e. it has not

quitted the protocol) after action sequence q;

Hi(q):

is player is local history after action sequence

q, which contains the events that are generated
for i together with the round number of their
generation;

MSi(q):

is player is message sets consisting of three

parts: the initial knowledge, messages received
in the protocol, and the new messages generated
by i after action sequence q;

Ri(q):

is a positive integer that represents the round

number for player i after action sequence q.

3.4 Available actions

Consider now how the main player i{1,2} to
move after an action sequence. A special event named
quit.i is always available for i at any time; a trans.i.j.m
event means i can only send the messages he can
construct; a participant is always ready to receive
messages as long as he is active, which is represented
by a rec event; a message that has been received does
not mean it is able to be accepted, for instead a
received message is accepted only if it is validated
which is an acc event; a participants process may

Modeling Electronic Payment Systems Based on Dynamic Game

terminate abnormally, i.e. in a way not prescribed by

the protocol. Abnormal termination can be caused by
local or remote factors, which are represented by
faillocal and failremote events; an evidence event
occurred if participants present evidence to an arbiter
to originate a recovery sub-protocol. The available
actions of main players after an action sequence q are
listed in table 1, where the predicate validi(m,q,condm)
is true iff a validation condition condm of the received
message m of i becomes true after action sequence q.
For any action sequence q, if MSNET (q) is empty,
NET can do nothing but accept messages, and it is
always ready to accept any message; if it is not empty
then it can accept and deliver messages, which are
respectively modeled by the trans and rec events; The
Table 1

deleted event is used to model a unreliable channel

where messages may be lost; NET can buffer
messages and deliver them after a finite, but unknown
amount of time, thus it is able to model a resilient
channel. The available actions of NET after an action
sequence q are listed in table 2.
TTP must be impartial, and then it may not help one
or the other player. To make sure that TTP does not
have a strategy to help one of the executions of the
protocol to cheat, model TTP so that it is deterministic:
at each stage of the execution of the protocol, TTP
executes the action requested by the protocol. Suppose
TTP doesnt fail and quit. Then the available actions
of TTP after an action sequence q are listed in table 3.

Ai(i(q)) (i=1,2. jN. ij)

Guarded Conditions

aAi(i(q))

Updated States

trans.i.j.m

MSi(q) m
Acti(q)=1

i can only send

messages he can Hi(q.a):=Hi(q).trans.i.j.m
construct

i records the trans event

evidence.i.m

MSi(q) m
Acti(q)=1

i can construct the

Hi(q.a):=Hi(q).evidence.i.m
evidence m

i records the evidence event

rec.i.j.m

Acti(q)= 1

i is active

Hi(q.a)=Hi(q).rec.i.j.m

i records the rec event

acc.i.j.m

last(Hi(q)) = rec.i.j.m
i has received m
Acti(q)=1
i has verified m
validi(m,q,condm)1

Hi(q.a)=Hi(q).acc.i.j.m
MSi(q.a)=MSi(q){m}

i records the acc event and

adds m to its message set

quit.i

Acti(q)=1

i is active

Acti(q.a)= 0

i is inactive

faillocal.i

Acti(q)=1

i is active

failremote.i

Acti(q)=1

i is active
Table 2

aANET
(NET(q))

ANET(NET(q))

Guarded Conditions

Updated States

trans.i.j.m

i,jN, ij

NET is always ready to HNET(q.a)=HNET(q).trans.i.j.m

receive any message
MSNET(q.a)=MSNET(q){(i.j.m)}

NET records trans event

and restores (i.j.m)

rec.i.j.m

MSNET(q) (j.i.m) NET has (j,i,m) and i is HNET(q.a)=HNET(q).rec.i.j.m

active
MSNET(q.a)=MSNET(q)\{(j,i,m)}
i, jN, ij

NET records rec event

and deletes (i.j.m)

delete.i.j.m

MSNET(q) (i.j.m)
NET has (j,i,m)
i, jN, ij

NET
records
delete
event and deletes (i.j.m)

Table 3

HNET(q.a)=HNET(q). delete.i.j.m
MSNET(q.a)=MSNET(q)\{(i.j.m)}

ATTP(TTP(q))

73

Modeling Electronic Payment Systems Based on Dynamic Game

aATTP(TTP(q))

Guarded Conditions

trans.TTP.j.m

MSTTP(q) m
iN, ActTTP(q)=1

rec.TTP.i.m

iN, ActTTP(q)=1

TTP is active

HTTP(q.a)=HTTP(q).rec.TTP.i.m

TTP records rec

event

acc.TTP.i.m

ActTTP(q)=1
last(HTTP(q))=rec.TTP.i.m
validTTP(m,q,condm)=1)

TTP has (j,i,m) HTTP(q.a)=HTTP(q).acc.TTP.i.m

and validate m
MSTTP(q.a)=MSTTP(q){m}

TTP acc event

and
stores
(i.j.m)

3.5 Action sequences and player function

The game is played in repeated rounds, where each
round consists of the following two phases: (1) each
active player in N moves, one after the other, in order;
(2) the network moves. The game is not finished until
every player in N becomes inactive.
In order to make this precise, denote the set of
players that are still active after the action sequence q
and have an index larger than v by P(q,v). Formally,
P(q,v)={k|kN,Actk=1,k>v}. Furthermore, let kmin(q,v)
denote the smallest index in P(q,v), which is defined
as kmin(q,v)=mink p(q,v)k. Sending preference of a
message in MSNET(q) is a real vector (r,t) which means
the t-th message NET received in the r-th round, i.e.
the t-th trans event is generated in the r run. Use
MQNET(q) to specify a result message sequence of
sorting messages from MSNET(q) in descending order
by sending preference. In such a way for any
miMSNET(q) and ri , tiN (i=1,2), m1m2 iff 1)
r1=r2 and t1<t2 or 2) r1<r2.
Define the set Q of action sequences and the player
function p of the game together in an inductive
manner:
a: the empty sequence Q, P()=1.
b: let qQ, p(q)=v (vN), then
q.aQ for every aAv(v(q));

if P (q,v), then p(q.a)=kmin(q.a,v); else p(q.a)=NET.

c: let qQ, p(q)=NET, the initial value of variable m is set to
the first message of MQNET(q), then
c.1: if m is empty, then p(q)=kmin(q,0), Ri(q)=Ri(q)+1
(iN); else
c.2: NET selects an active event a from ANET(NET(q) for
the message m, then q.aQ, q=q.a, p(q)=NET, and the
value of m is set to the next element of MQNET(q), and the
head message of MQNET(q) is deleted; or NET does

74

Updated States

TTP can send only

messages he is HTTP(q.a)=HTTP(q).trans.TTP.i.m
able to construct.

TTP
records
trans event

nothing for m, and the value of m is set to the next

element of MQNET(q).
c.3: return to c.1.

3.6 Payoff
A payoff is a number, also called utility, which
reflects the desirability of an outcome to a player, for
whatever reasons. The expected payoff incorporates
the players attitude towards risk. Denote the items
exchanged in the protocol by i and j. Furthermore,
Denote the value that j is worth to i (i, j=1,2; ij) by
ri(j). Require only that r1(2)>r1(1)>0 and
r2(1)>r2(2)>0 hold. The payoff ui(q) for i assigned to
the terminal action sequence q is defined as Def.4.

ui+(q) is called the income and ui (q) is called the

expense of i, and define them as follows:
Definition 4 Payoff.
ui (q) = ui + (q) ui (q)
r ( ),
ui + (q) = i j
0,

i + (q) = true;
i + (q) = false.

r ( ),
ui (q) = i i
0,

i (q) = true;
i (q) = false.

i+(q) and i(q) are logical formulae. The exact

form of i+(q) and i (q) depends on the particular

exchange protocol being modeled, but the idea is that
i+(q)=true iff i gains access to j, and i(q)=true iff i
loses control over i in q.
Note that according to the above definition, the
payoff ui(q) of player i can take three kinds of possible
values: =0, <0 and >0. ui(q)=0 means i income is
equal to his expense; ui(q)>0 means i gains; ui(q)<0
means i loses. As TTP and NET dont expect any
profit, uTTP(q)=uNET(q)=0 holds for any terminal action
sequence q.

Modeling Electronic Payment Systems Based on Dynamic Game

4. Conclusions
This paper proposes a dynamic game-based model
using CSP[2] for an electronic payment system. The
system is modeled in terms of the events that they can
perform. Model channels in three kinds of qualities
and participants dishonest behaviors, which enable to
analyze cooperative and adversarial behaviors. And a
process and channel failure model is proposed, which
helps to analyze a protocols security properties in
failed environment. Self-interested property is
applicable to all electronic payment protocols. It is
able to represent a trade-off between complexity and
what they achieve. Self-interested property is
participant-centric and applicable widely to describe
participants private interests of protocols such as

anonymity. Finally it proves that fairness implies

self-interested under some conditions and the inverse
is not true.
References
[1] Electronic Payment Systems Observertory (ePSO),
http://www.e-pso.info/epso/index.html.
[2] C. A. R. Hoare, Communicating Sequential Processes,
Prentice Hall, 2004.
[3] L. Buttyan, J.-P. Hubaux, Rational ExchangeA Formal
Model Based on Game Theory, In Proceedings of the 2nd
International Workshop on Electronic Commerce
(WELCOM). LNCS, 2001: pp. 114-126.
[4] M. Osborne, A. Rubinstein, A Course in Game Theory.
MIT Press, 1994.

(Editors: Mark, Ivan, Susan)

75