Probabilistic polynomial-time process calculus and security protocol analysis

Abstract

Abstract: We describe properties of a process calculus that has been developed for the purpose of analyzing security protocols. The process calculus is a restricted form of p-calculus, with bounded replication and probabilistic polynomial-time expressions allowed in messages and boolean tests. To avoid problems expressing security in the presence of nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation may be completed in probabilistic polynomial time and develop properties of a form of asymptotic protocol equivalence that allows security to be speci£ed using observational equivalence, a standard relation from programming language theory that involves quantifying over possible environments that might interact with the protocol. We also relate process equivalence to cryptographic concepts such as pseudorandom number generators and polynomial-time statistical tests.