Deciding Knowledge in Security Protocols for Monoidal Equational Theories
Deciding Knowledge in Security Protocols for Monoidal Equational Theories. Véronique Cortier and Stéphanie Delaune. In Proceedings of the 14th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR'07), pp. 196–210, Lecture Notes in Artificial Intelligence 4790, Springer, Yerevan, Armenia, October 2007.
Download
Abstract
In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, ...). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually used: deducibility and indistinguishability. Only few results have been obtained (in an ad-hoc way) for equational theories with associative and commutative properties, especially in the case of static equivalence. The main contribution of this paper is to propose a general setting for solving deducibility and indistinguishability for an important class (called monoidal) of these theories. Our setting relies on the correspondence between a monoidal theory \(E\) and a semiring \(S_E\) which allows us to give an algebraic characterization of the deducibility and indistinguishability problems. As a consequence we recover easily existing decidability results and obtain several new ones.
BibTeX
@inproceedings{CortierDelaune-LPAR07-monoidal,
address = {Yerevan, Armenia},
author = {Cortier, V{\'e}ronique and Delaune, St{\'e}phanie},
booktitle = {{P}roceedings of the 14th {I}nternational
{C}onference on {L}ogic for {P}rogramming,
{A}rtificial {I}ntelligence, and {R}easoning
({LPAR}'07)},
editor = {Dershowitz, Nachum and Voronkov, Andrei},
month = oct,
pages = {196-210},
publisher = {Springer},
series = {Lecture Notes in Artificial Intelligence},
title = {Deciding Knowledge in Security Protocols for Monoidal
Equational Theories},
volume = {4790},
year = {2007},
abstract = {In formal approaches, messages sent over a network
are usually modeled by terms together with an
equational theory, axiomatizing the properties of the
cryptographic functions (encryption, exclusive
or,~...). The~analysis of cryptographic protocols
requires a precise understanding of the attacker
knowledge. Two standard notions are usually used:
deducibility and indistinguishability. Only few
results have been obtained (in~an ad-hoc~way) for
equational theories with associative and commutative
properties, especially in the case of static
equivalence. The~main contribution of this paper is
to propose a general setting for solving deducibility
and indistinguishability for an important class
(called monoidal) of these theories. Our~setting
relies on the correspondence between a monoidal
theory~{\(E\)} and a semiring~{\(S_E\)} which allows
us to give an algebraic characterization of the
deducibility and indistinguishability problems. As~a
consequence we recover easily existing decidability
results and obtain several new ones.},
doi = {10.1007/978-3-540-75560-9_16},
}