Notions of Knowledge in Combinations of Theories Sharing Constructors

  • Serdar Erbatur
  • Andrew M. Marshall
  • Christophe RingeissenEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10395)


One of the most effective methods developed for the analysis of security protocols is an approach based on equational reasoning and unification. In this approach, it is important to have the capability to reason about the knowledge of an intruder. Two important measures of this knowledge, defined modulo equational theories, are deducibility and static equivalence. We present new combination techniques for the study of deducibility and static equivalence in unions of equational theories sharing constructors. Thanks to these techniques, we obtain new modularity results for the decidability of deducibility and static equivalence. In turn, this should allow for the analysis of protocols involving combined equational theories which previous disjoint combination methods could not address due to their non-disjoint axiomatization.



We would like to thank Véronique Cortier and Steve Kremer for the thoughtful comments and discussions.


  1. 1.
    Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoret. Comput. Sci. 367(1–2), 2–32 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2001, pp. 104–115. ACM, New York (2001)Google Scholar
  3. 3.
    Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005). doi: 10.1007/11513988_27 CrossRefGoogle Scholar
  4. 4.
    Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, New York (1998)CrossRefzbMATHGoogle Scholar
  5. 5.
    Baader, F., Schulz, K.U.: Unification in the union of disjoint equational theories: combining decision procedures. J. Symb. Comput. 21(2), 211–243 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Baader, F., Tinelli, C.: Deciding the word problem in the union of equational theories. Inf. Comput. 178(2), 346–390 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Baudet, M., Cortier, V., Delaune, S.: YAPA: a generic tool for computing intruder knowledge. ACM Trans. Comput. Log. 14(1), 4 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14 2001), 11–13 June 2001, Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  9. 9.
    Chadha, R., Cheval, V., Ciobâcă, Ş., Kremer, S.: Automated verification of equivalence properties of cryptographic protocols. ACM Trans. Comput. Log. 17(4), 23:1–23:32 (2016). MathSciNetCrossRefGoogle Scholar
  10. 10.
    Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. Inf. Comput. 206(2–4), 352–377 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Comon-Lundh, H., Treinen, R.: Easy intruder deductions. In: Dershowitz, N. (ed.) Verification: Theory and Practice. LNCS, vol. 2772, pp. 225–242. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-39910-0_10 CrossRefGoogle Scholar
  12. 12.
    Conchinha, B., Basin, D.A., Caleiro, C.: FAST: an efficient decision procedure for deduction and static equivalence. In: Schmidt-Schauß, M. (ed.) Proceedings of RTA 2011, Novi Sad, Serbia. LIPIcs, vol. 10, pp. 11–20. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2011)Google Scholar
  13. 13.
    Cortier, V., Delaune, S.: Decidability and combination results for two notions of knowledge in security protocols. J. Autom. Reason. 48(4), 441–487 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Cremers, C.J.F.: The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70545-1_38 CrossRefGoogle Scholar
  15. 15.
    Ciobâcă, Ş., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories. J. Autom. Reason. 48(2), 219–262 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Dolev, D., Yao, A.C.: On the security of public key protocols (extended abstract). In: 22nd Annual Symposium on Foundations of Computer Science, 28–30 October 1981, Nashville, Tennessee, USA, pp. 350–357. IEEE Computer Society (1981)Google Scholar
  17. 17.
    Domenjoud, E., Klay, F., Ringeissen, C.: Combination techniques for non-disjoint equational theories. In: Bundy, A. (ed.) CADE 1994. LNCS, vol. 814, pp. 267–281. Springer, Heidelberg (1994). doi: 10.1007/3-540-58156-1_19 CrossRefGoogle Scholar
  18. 18.
    Erbatur, S., Kapur, D., Marshall, A.M., Narendran, P., Ringeissen, C.: Hierarchical combination. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 249–266. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-38574-2_17 CrossRefGoogle Scholar
  19. 19.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007–2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03829-7_1 CrossRefGoogle Scholar
  20. 20.
    Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, CCS 2001, pp. 166–175. ACM, New York (2001)Google Scholar
  21. 21.
    Mödersheim, S., Viganò, L.: The open-source fixed-point model checker for symbolic analysis of security protocols. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007–2009. LNCS, vol. 5705, pp. 166–194. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-03829-7_6 CrossRefGoogle Scholar
  22. 22.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Comput. Secur. 6, 85–128 (1998)CrossRefGoogle Scholar
  23. 23.
    Schmidt, B., Meier, S., Cremers, C.J.F., Basin, D.A.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Chong, S. (ed.) 25th IEEE Computer Security Foundations Symposium, CSF 2012, 25–27 June 2012, Cambridge, MA, USA, pp. 78–94. IEEE Computer Society (2012)Google Scholar
  24. 24.
    Schmidt-Schauß, M.: Unification in a combination of arbitrary disjoint equational theories. J. Symb. Comput. 8, 51–99 (1989)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Tiu, A., Goré, R., Dawson, J.E.: A proof theoretic analysis of intruder theories. Log. Methods Comput. Sci. 6(3:12), 1–37 (2010)MathSciNetzbMATHGoogle Scholar
  26. 26.
    Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006). doi: 10.1007/11805618_21 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Serdar Erbatur
    • 1
  • Andrew M. Marshall
    • 2
  • Christophe Ringeissen
    • 3
    Email author
  1. 1.Ludwig-Maximilians-UniversitätMünchenGermany
  2. 2.University of Mary WashingtonFredericksburgUSA
  3. 3.LORIA – INRIA Nancy-Grand EstVillers-lès-NancyFrance

Personalised recommendations