Symbolic Bisimulation in the Spi Calculus

  • Johannes Borgström
  • Sébastien Briais
  • Uwe Nestmann
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3170)


The spi calculus is an executable model for the description and analysis of cryptographic protocols. Security objectives like secrecy and authenticity can be formulated as equations between spi calculus terms, where equality is interpreted as a contextual equivalence.

One problem with verifying contextual equivalences for messagepassing process calculi is the infinite branching on process input. In this paper, we propose a general symbolic semantics for the spi calculus, where an input prefix gives rise to only one transition.

To avoid infinite quantification over contexts, non-contextual concrete bisimulations approximating barbed equivalence have been defined. We propose a symbolic bisimulation that is sound with respect to barbed equivalence, and brings us closer to automated bisimulation checks.


Operational Semantic Security Protocol Cryptographic Protocol Process Pair Transition Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AF01]
    Abadi, M., Fournet, C.: Mobile Values, New Names, and Secure Communication. In: Proc. of POPL 2001, pp. 104–115 (2001)Google Scholar
  2. [AG98]
    Abadi, M., Gordon, A.D.: A Bisimulation Method for Cryptographic Protocols. Nordic Journal of Computing 5(4), 267–303 (1998)MathSciNetzbMATHGoogle Scholar
  3. [AG99]
    Abadi, M., Gordon, A.D.: A Calculus for Cryptographic Protocols: The Spi Calculus. Information and Computation 148(1), 1–70 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  4. [AL00]
    Amadio, R.M., Lugiez, D.: On the Reachability Problem in Cryptographic Protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 380–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. [BD96]
    Boreale, M., De Nicola, R.: A Symbolic Semantics for the π-Calculus. Information and Computation 126(1), 34–52 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  6. [BDP02]
    Boreale, M., De Nicola, R., Pugliese, R.: Proof Techniques for Cryptographic Processes. SIAM Journal on Computing 31(3), 947–986 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  7. [BN02]
    Borgström, J., Nestmann, U.: On Bisimulations for the π Calculus. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 287–303. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. [Bor01]
    Boreale, M.: Symbolic Trace Analysis of Cryptographic Protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. [Cor03]
    Cortier, V.: Vérification automatique des protocoles cryptographiques. PhD thesis, École Normale Supérieure de Cachan (2003)Google Scholar
  10. [CS02]
    Comon, H., Shmatikov, V.: Is it possible to decide whether a cryptographic protocol is secure or not? Journal of Telecommunications and Information Technology 4, 5–15 (2002)Google Scholar
  11. [DSV03]
    Durante, L., Sisto, R., Valenzano, A.: Automatic testing equivalence verification of π-calculus specifications. ACM Transactions on Software Engineering and Methodology 12(2), 222–284 (2003)CrossRefGoogle Scholar
  12. [FA01]
    Fiore, M., Abadi, M.: Computing Symbolic Models for Verifying Cryptographic Protocols. In: 14th IEEE Computer Security Foundations Workshop, pp. 160–173 (2001)Google Scholar
  13. [HL95]
    Hennessy, M., Lin, H.: Symbolic Bisimulations. Theoretical Computer Science 138(2), 353–389 (1995)MathSciNetCrossRefzbMATHGoogle Scholar
  14. [Hui99]
    Huima, A.: Efficient Infinite-State Analysis of Security Protocols. In: FLOC Workshop on Formal Methods and Security Protocols (1999)Google Scholar
  15. [Hüt02]
    Hüttel, H.: Deciding Framed Bisimilarity. In: Proc. of INFINITY (2002)Google Scholar
  16. [San96]
    Sangiorgi, D.: A Theory of Bisimulation for the π-calculus. Acta Informatica 33, 69–97 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  17. [VM94]
    Victor, B., Moller, F.: The Mobility Workbench — A Tool for the π-Calculus. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, pp. 428–440. Springer, Heidelberg (1994)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Johannes Borgström
    • 1
  • Sébastien Briais
    • 1
  • Uwe Nestmann
    • 1
  1. 1.School of Computer and Communication SciencesEPFL-I&CLausanneSwitzerland

Personalised recommendations