{"title":"随机安全协议的验证","authors":"Rohit Chadha, A. Sistla, Mahesh Viswanathan","doi":"10.1109/LICS.2017.8005126","DOIUrl":null,"url":null,"abstract":"We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here — secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 − p; and indistinguishability, which asks if the probability observing any sequence 0̄ in P1 is the same as that of observing 0̄ in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.","PeriodicalId":313950,"journal":{"name":"2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)","volume":"711 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Verification of randomized security protocols\",\"authors\":\"Rohit Chadha, A. Sistla, Mahesh Viswanathan\",\"doi\":\"10.1109/LICS.2017.8005126\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here — secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 − p; and indistinguishability, which asks if the probability observing any sequence 0̄ in P1 is the same as that of observing 0̄ in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.\",\"PeriodicalId\":313950,\"journal\":{\"name\":\"2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)\",\"volume\":\"711 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/LICS.2017.8005126\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/LICS.2017.8005126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here — secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 − p; and indistinguishability, which asks if the probability observing any sequence 0̄ in P1 is the same as that of observing 0̄ in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
