Proof techniques for cryptographic processes

Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158) Pub Date : 1999-07-02 DOI:10.1109/LICS.1999.782608

Michele Boreale, R. Nicola, R. Pugliese

{"title":"Proof techniques for cryptographic processes","authors":"Michele Boreale, R. Nicola, R. Pugliese","doi":"10.1109/LICS.1999.782608","DOIUrl":null,"url":null,"abstract":"Contextual equivalences for cryptographic process calculi can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, may-testing and barbed equivalence, and investigate tractable proof methods for them. To this aim, we develop an 'environment-sensitive' labelled transition system, where transitions are constrained by the knowledge the environment has of names and keys. On top of the new transition system, a trace equivalence and a co-inductive weak bisimulation equivalence are defined, both of which avoid quantification over contexts. Our main results are soundness of trace semantics and of weak bisimulation with respect to may-testing and barbed equivalence, respectively. This leads to more direct proof methods for equivalence checking. The use of such methods is illustrated via a few examples concerning implementation of secure channels by means of encrypted public channels. We also consider a variant of the labelled transition system that gives completeness, but is less handy to use.","PeriodicalId":352531,"journal":{"name":"Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158)","volume":"5 3","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1999-07-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"142","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LICS.1999.782608","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 142

Abstract

Contextual equivalences for cryptographic process calculi can be used to reason about correctness of protocols, but their definition suffers from quantification over all possible contexts. Here, we focus on two such equivalences, may-testing and barbed equivalence, and investigate tractable proof methods for them. To this aim, we develop an 'environment-sensitive' labelled transition system, where transitions are constrained by the knowledge the environment has of names and keys. On top of the new transition system, a trace equivalence and a co-inductive weak bisimulation equivalence are defined, both of which avoid quantification over contexts. Our main results are soundness of trace semantics and of weak bisimulation with respect to may-testing and barbed equivalence, respectively. This leads to more direct proof methods for equivalence checking. The use of such methods is illustrated via a few examples concerning implementation of secure channels by means of encrypted public channels. We also consider a variant of the labelled transition system that gives completeness, but is less handy to use.

查看原文本刊更多论文

密码过程的证明技术

密码过程演算的上下文等价可用于推断协议的正确性，但它们的定义在所有可能的上下文中都存在量化问题。在这里，我们重点讨论了两种等价，即may-testing和barbed equivalence，并研究了它们的可处理证明方法。为此，我们开发了一个“环境敏感”的标签转换系统，其中转换受环境中名称和键的知识的约束。在新跃迁系统的基础上，定义了迹等效和共归纳弱双模拟等效，两者都避免了对上下文的量化。我们的主要结果是迹语义和弱双模拟分别相对于五月测试和倒钩等价的合理性。这就产生了更直接的等价性检验证明方法。通过几个有关通过加密的公共通道实现安全通道的示例来说明这种方法的使用。我们还考虑了标记转换系统的一种变体，它提供了完整性，但使用起来不太方便。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158)

自引率

0.00%

发文量