On Name Generation and Set-Based Analysis in the Dolev-Yao Model

  • Roberto M. Amadio
  • Witold Charatonik
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2421)


We study the control reachability problem in the Dolev-Yao model of cryptographic protocols when principals are represented by tail recursive processes with generated names. We propose a conservative approximation of the problem by reduction to a non-standard collapsed operational semantics and we introduce checkable syntactic conditions entailing the equivalence of the standard and the collapsed semantics. Then we introduce a conservative and decidable set-based analysis of the collapsed operational semantics and we characterize a situation where the analysis is exact.


cryptographic protocols name generation verification set constraints 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ALV01]
    R. Amadio, D. Lugiez, and V. Vanackere. On the symbolic reduction of processes with cryptographic functions. Theoretical Computer Science (to appear). Also RR 4147, INRIA.Google Scholar
  2. [AC02]
    R. Amadio, W. Charatonik. On name generation and set-based analysis in the Dolev-Yao model. RR-INRIA 4379, January 2002.Google Scholar
  3. [AM01]
    R. Amadio, C. Meyssonnier. On the decidability of fragments of the asynchronous π-calculus. Journal of Nordic Computing (to appear). Also RRINRIA 4241.Google Scholar
  4. [CP97]
    W. Charatonik and A. Podelski. Set constraints with intersection. In Proc. 12th IEEE LICS, 1997.Google Scholar
  5. [CPT00]
    W. Charatonik, A. Podelski, and J.-M. Talbot. Paths vs. trees in set-based program analysis. In Proc. 27th Annual ACM POPL, 2000.Google Scholar
  6. [CCM01]
    H. Comon, V. Cortier, and J. Mitchell. Tree automata with one memory, set constraints, and ping-pong protocols. In Proc. ICALP, Springer Lecture Notes in Comp. Sci. 2076, 2001.Google Scholar
  7. [CJ97]
    J. Clark and J. Jacob. A survey of authentication protocol literature: Version 1.0. Available at papers/, 1997.
  8. [DEK82]
    D. Dolev, S. Even, and R. Karp. On the security of ping-pong protocols. Information and Control, 55:57–68, 1982.zbMATHCrossRefMathSciNetGoogle Scholar
  9. [DLMS99]
    N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Undecidability of bounded security protocols. In Proc. Formal methods and security protocols, FLOC Workshop, Trento, 1999.Google Scholar
  10. [DY83]
    D. Dolev and A. Yao. On the security of public key protocols. IEEE Trans. on Information Theory, 29(2):198–208, 1983.zbMATHCrossRefMathSciNetGoogle Scholar
  11. [GK00]
    T. Genet and F. Klay. Rewriting for cryptographic protocol verification. In Proc. CADE, Springer Lecture Notes in Comp. Sci. 1831, 2000.Google Scholar
  12. [Gou00]
    J. Goubault. A method for automatic cryptographic protocol verification. In Proc. FMPPTA, Springer-Verlag, 2000.Google Scholar
  13. [HJ90]
    N. Heintze and J. Jaffar. A decision procedure for a class of set constraints (extended abstract). In Proc. 5th IEEE LICS, 1990.Google Scholar
  14. [HJ94]
    N. Heintze and J. Jaffar. Set constraints and set-based analysis. In Proc. Workshop on Principles and Practice of Constraint Programming, Springer Lecture Notes in Comp. Sci. 874, 1994.Google Scholar
  15. [Mon99]
    D. Monniaux. Abstracting cryptographic protocols with tree automata. In Proc. Static Analysis Symposium, Springer Lect. Notes in Comp. Sci., 1999.Google Scholar
  16. [RT01]
    M. Rusinowitch and M. Turuani Protocol insecurity with finite number of sessions is NP-complete. RR INRIA 4134, March 2001.Google Scholar
  17. [Sto99]
    S. Stoller. A bound on attacks on authentication protocols. TR 526, Indiana University, CS Dept., july 1999.Google Scholar
  18. [TDT00]
    J.-M. Talbot, Ph. Devienne, and S. Tison. Generalized definite set constraints. Constraints: An International Journal, 5(1–2):161–202, January 2000.zbMATHCrossRefMathSciNetGoogle Scholar
  19. [Wei99]
    C. Weidenbach. Towards an automatic analysis of security protocols in first-order logic. In Proc. CADE 99.Springer Lect. Notes in Comp. Sci. (LNAI) 1632, 1999.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Roberto M. Amadio
    • 1
  • Witold Charatonik
    • 2
    • 3
  1. 1.Laboratoire d’Informatique FondamentaleMarseille
  2. 2.Max-Planck-Institut für InformatikSaarbrücken
  3. 3.Uniwersytet WrocławskiWrocław

Personalised recommendations