Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Deciding knowledge in security protocols under equational theories

Summary: Deciding knowledge in security protocols
under equational theories
Mart´in Abadi a,b,1
and V´eronique Cortier c,2
aComputer Science Department University of California at Santa Cruz, USA
bMicrosoft Research, Silicon Valley, USA
cLoria/CNRS & INRIA Lorraine project Cassis, Nancy, France
The analysis of security protocols requires precise formulations of the knowledge of pro-
tocol participants and attackers. In formal approaches, this knowledge is often treated in
terms of message deducibility and indistinguishability relations. In this paper we study the
decidability of these two relations. The messages in question may employ functions (en-
cryption, decryption, etc.) axiomatized in an equational theory. One of our main positive
results says that deducibility and indistinguishability are both decidable in polynomial time
for a large class of equational theories. This class of equational theories is defined syntacti-
cally and includes, for example, theories for encryption, decryption, and digital signatures.
We also establish general decidability theorems for an even larger class of theories. These
theorems require only loose, abstract conditions, and apply to many other useful theo-
ries, for example with blind digital signatures, homomorphic encryption, XOR, and other
associative-commutative functions.


Source: Abadi, Martín - Department of Computer Science, University of California at Santa Cruz


Collections: Computer Technologies and Information Sciences