Deciding Knowledge in Security Protocols for Monoidal Equational Theories
Deciding Knowledge in Security Protocols for Monoidal Equational Theories. Véronique Cortier and Stéphanie Delaune. In Proceedings of the 14th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR'07), pp. 196–210, Lecture Notes in Artificial Intelligence 4790, Springer, Yerevan, Armenia, October 2007.
Download
Abstract
In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, ...). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually used: deducibility and indistinguishability. Only few results have been obtained (in an ad-hoc way) for equational theories with associative and commutative properties, especially in the case of static equivalence. The main contribution of this paper is to propose a general setting for solving deducibility and indistinguishability for an important class (called monoidal) of these theories. Our setting relies on the correspondence between a monoidal theory \(E\) and a semiring \(S_E\) which allows us to give an algebraic characterization of the deducibility and indistinguishability problems. As a consequence we recover easily existing decidability results and obtain several new ones.
BibTeX
@inproceedings{CortierDelaune-LPAR07-monoidal, address = {Yerevan, Armenia}, author = {Cortier, V{\'e}ronique and Delaune, St{\'e}phanie}, booktitle = {{P}roceedings of the 14th {I}nternational {C}onference on {L}ogic for {P}rogramming, {A}rtificial {I}ntelligence, and {R}easoning ({LPAR}'07)}, editor = {Dershowitz, Nachum and Voronkov, Andrei}, month = oct, pages = {196-210}, publisher = {Springer}, series = {Lecture Notes in Artificial Intelligence}, title = {Deciding Knowledge in Security Protocols for Monoidal Equational Theories}, volume = {4790}, year = {2007}, abstract = {In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or,~...). The~analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually used: deducibility and indistinguishability. Only few results have been obtained (in~an ad-hoc~way) for equational theories with associative and commutative properties, especially in the case of static equivalence. The~main contribution of this paper is to propose a general setting for solving deducibility and indistinguishability for an important class (called monoidal) of these theories. Our~setting relies on the correspondence between a monoidal theory~{\(E\)} and a semiring~{\(S_E\)} which allows us to give an algebraic characterization of the deducibility and indistinguishability problems. As~a consequence we recover easily existing decidability results and obtain several new ones.}, doi = {10.1007/978-3-540-75560-9_16}, }