Probabilistic Polynomial-Time Semantics for a Protocol Security Logic

  • Anupam Datta
  • Ante Derek
  • John C. Mitchell
  • Vitaly Shmatikov
  • Mathieu Turuani
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3580)


We describe a cryptographically sound formal logic for proving protocol security properties without explicitly reasoning about probability, asymptotic complexity, or the actions of a malicious attacker. The approach rests on a new probabilistic, polynomial-time semantics for an existing protocol security logic, replacing an earlier semantics that uses nondeterministic symbolic evaluation. While the basic form of the protocol logic remains unchanged from previous work, there are some interesting technical problems involving the difference between efficiently recognizing and efficiently producing a value, and involving a reinterpretation of standard logical connectives that seems necessary to support certain forms of reasoning.


Proof System Security Parameter Modal Formula Cryptographic Primitive Protocol Execution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)zbMATHMathSciNetGoogle Scholar
  2. 2.
    Backes, M., Datta, A., Derek, A., Mitchell, J.C., Turuani, M.: Compositional analysis of contract signing protocols. In: Proceedings of 18th IEEE Computer Security Foundations Workshop. IEEE, Los Alamitos (2005) (to appear)Google Scholar
  3. 3.
    Backes, M., Pfitzmann, B., Waidner, M.: A universally composable cryptographic library. Cryptology ePrint Archive, Report 2003/015 (2003)Google Scholar
  4. 4.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: Security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system for security protocols and its logical formalization. In: Proceedings of 16th IEEE Computer Security Foundations Workshop, pp. 109–125. IEEE, Los Alamitos (2003)CrossRefGoogle Scholar
  8. 8.
    Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. Journal of Computer Security (2005) (to appear)Google Scholar
  9. 9.
    Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Durgin, N., Mitchell, J.C., Pavlovic, D.: A compositional logic for proving security properties of protocols. Journal of Computer Security 11, 677–721 (2003)Google Scholar
  11. 11.
    Herzog, J.: The Diffie-Hellman key-agreement scheme in the strand-space model. In: Proceedings of 16th IEEE Computer Security Foundations Workshop, pp. 234–247 (2003)Google Scholar
  12. 12.
    Herzog, J.: Computational Soundness for Standard Assumptions of Formal Cryptography. PhD thesis, MIT (2004)Google Scholar
  13. 13.
    Impagliazzo, R., Kapron, B.M.: Logics for reasoning about cryptographic constructions. In: Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science (FOCS 2003), pp. 372–383. IEEE, Los Alamitos (2003)CrossRefGoogle Scholar
  14. 14.
    Janvier, R., Mazare, L., Lakhnech, Y.: Completing the picture: Soundness of formal encryption in the presence of active adversaries. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 172–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Nilsson, N.J.: Probabilistic logic. Artificial Intelligence 28(1), 71–87 (1986)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Shoup, V.: On formal models for secure key exchange (version 4). Technical Report RZ 3120, IBM Research (1999)Google Scholar
  18. 18.
    Warinschi, B.: A computational analysis of the Needham-Schroeder(-Lowe) protocol. In: Proceedings of 16th Computer Science Foundation Workshop, pp. 248–262. ACM Press, New York (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Anupam Datta
    • 1
  • Ante Derek
    • 1
  • John C. Mitchell
    • 1
  • Vitaly Shmatikov
    • 2
  • Mathieu Turuani
    • 3
  1. 1.Dept. Computer ScienceStanford UniversityStanford
  2. 2.Dept. Computer ScienceUniversity of TexasAustin
  3. 3.LORIA-INRIA NancyFrance

Personalised recommendations