Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Deciding knowledge in security protocols under equational theories

Summary: Deciding knowledge in security protocols
under equational theories
Mart´in Abadi1
and V´eronique Cortier2
Computer Science Department, University of California at Santa Cruz, USA
Loria, INRIA & CNRS, Nancy, France
Abstract. The analysis of security protocols requires precise formulations of
the knowledge of protocol participants and attackers. In formal approaches, this
knowledge is often treated in terms of message deducibility and indistinguisha-
bility relations. In this paper we study the decidability of these two relations. The
messages in question may employ functions (encryption, decryption, etc.) axiom-
atized in an equational theory. Our main positive results say that, for a large and
useful class of equational theories, deducibility and indistinguishability are both
decidable in polynomial time.
1 Introduction
Understanding security protocols often requires reasoning about the knowledge of le-
gitimate protocol participants and attackers. As a simple example, let us consider a
protocol in which A sends to B a message that consists of a secret s encrypted un-


Source: Abadi, Martín - Department of Computer Science, University of California at Santa Cruz


Collections: Computer Technologies and Information Sciences