Pattern-Matching Spi-Calculus

  • Christian Haack
  • Alan Jeffrey
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 173)


Cryptographic protocols often make use of nested cryptographic primitives, for example signed message digests, or encrypted signed messages. Gordon and Jeffrey's prior work on types for authenticity did not allow for such nested cryptography. In this work, we present the pattern-matching spi-calculus, which is an obvious extension of the spi-calculus to include pattern-matching as primitive. The novelty of the language is in the accompanying type system, which uses the same language of patterns to describe complex data dependencies which cannot be described using prior type systems. We show that any appropriately typed process is guaranteed to satisfy a strong robust safety property.


Type System Authentication Protocol Security Protocol Cryptographic Protocol Type Annotation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. [1]
    M. Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749–786, September 1999.zbMATHMathSciNetCrossRefGoogle Scholar
  2. [2]
    M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. In Foundations of Software Science and Computation Structures, volume 2030 of Lecture Notes in Computer Science, pages 25–41. Springer, 2001.MathSciNetGoogle Scholar
  3. [3]
    M. Abadi and A.D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148:1–70, 1999.MathSciNetCrossRefzbMATHGoogle Scholar
  4. [4]
    C. Bodei, M. Buchholtz, P. Degano, F. Nielson, and H. Riis Nielson. Automatic validation of protocol narration. In Proc. CSFW03, pages 126–140. IEEE Press, 2003.Google Scholar
  5. [5]
    D. Bolignano. An approach to the formal verification of cryptographic protocols. In Third ACM Conference on Computer and Communications Security, pages 106–118, 1996.Google Scholar
  6. [6]
    M. Burrows, M. Abadi, and R.M. Needham. A logic of authentication. Proceedings of the Royal Society of London A, 426:233–271, 1989.MathSciNetCrossRefzbMATHGoogle Scholar
  7. [7]
    I. Cervesato. Typed MSR: Syntax and examples. In First International Workshop on Mathematical Methods, Models and Architectures for Computer Network Security, volume 2052 of Lecture Notes in Computer Science, pages 159–177. Springer, 2001.zbMATHGoogle Scholar
  8. [8]
    I. Cervesato, N. A. Durgin, P. D. Lincoln, J. C. Mitchell, and A. Scedrov. A meta-notation for protocol analysis. In Proc. IEEE Computer Security Foundations Workshop, pages 55–69, 1999.Google Scholar
  9. [9]
    E. Cohen. TAPS: A first-order verifier for cryptographic protocols. In 13th IEEE Computer Security Foundations Workshop, pages 144–158. IEEE Computer Society Press, 2000.Google Scholar
  10. [10]
    D. Dolev and A.C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, IT-29(2): 198–208, 1983.MathSciNetCrossRefGoogle Scholar
  11. [11]
    A. D. Gordon and A. S. A. Jeffrey. Typing one-to-one and one-to-many correspondences in security protocols. In Proc. Int. Software Security Symp., volume 2609 of Lecture Notes in Computer Science, pages 263–282. Springer-Verlag, 2002.Google Scholar
  12. [12]
    A.D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. In 14th IEEE Computer Security Foundations Workshop, pages 145–159. IEEE Computer Society Press, 2001.Google Scholar
  13. [13]
    A.D. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. In 15th IEEE Computer Security Foundations Workshop, pages 77–91. IEEE Computer Society Press, 2002.Google Scholar
  14. [14]
    C. Haack and A. S. A. Jeffrey. Pattern-matching spi-calculus (longer draft). Available from, 2004.Google Scholar
  15. [15]
    J. Heather. 'Oh!…Is it really you?’ Using rank functions to verify authentication protocols. PhD thesis, Royal Holloway, University of London, 2000.Google Scholar
  16. [16]
    J. Heather and S. Schneider. Towards automatic verification of authentication protocols on an unbounded network. In 13th IEEE Computer Security Foundations Workshop, pages 132–143. IEEE Computer Society Press, 2000.Google Scholar
  17. [17]
    G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using CSP and FDR. In Tools and Algorithms for the Construction and Analysis of Systems, volume 1055 of Lecture Notes in Computer Science, pages 147–166. Springer, 1996.Google Scholar
  18. [18]
    W. Marrero, E.M. Clarke, and S. Jha. Model checking for security protocols. In DIMACS Workshop on Design and Formal Verification of Security Protocols, 1997. Preliminary version appears as Technical Report TR-CMU-CS-97-139, Carnegie Mellon University, May 1997.Google Scholar
  19. [19]
    L.C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–128, 1998.Google Scholar
  20. [20]
    A.W. Roscoe. Modelling and verifying key-exchange protocols using CSP and FDR. In 8th IEEE Computer Security Foundations Workshop, pages 98–107. IEEE Computer Society Press, 1995.Google Scholar
  21. [21]
    S.A. Schneider. Verifying authentication protocols in CSP. IEEE Transactions on Software Engineering, 24(9):741–758, 1998.CrossRefGoogle Scholar
  22. [22]
    F.J. Thayer Fábrega, J.C. Herzog, and J.D. Guttman. Strand spaces: Why is a security protocol correct? In IEEE Computer Society Symposium on Research in Security and Privacy, pages 160–171, 1998.Google Scholar
  23. [23]
    T.Y.C. Woo and S.S. Lam. A semantic model for authentication protocols. In IEEE Computer Society Symposium on Research in Security and Privacy, pages 178–194, 1993.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Christian Haack
    • 1
  • Alan Jeffrey
    • 2
  1. 1.DePaul UniversityUSA
  2. 2.Bell LabsLucent Technologies and DePaul UniversityUSA

Personalised recommendations