Complete Lax Logical Relations for Cryptographic Lambda-Calculi

  • Jean Goubault-Larrecq
  • Sławomir Lasota
  • David Nowak
  • Yu Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3210)


Security properties are profitably expressed using notions of contextual equivalence, and logical relations are a powerful proof technique to establish contextual equivalence in typed lambda calculi, see e.g. Sumii and Pierce’s logical relation for a cryptographic lambda-calculus. We clarify Sumii and Pierce’s approach, showing that the right tool is prelogical relations, or lax logical relations in general: relations should be lax at encryption types, notably. To explore the difficult aspect of fresh name creation, we use Moggi’s monadic lambda-calculus with constants for cryptographic primitives, and Stark’s name creation monad. We define logical relations which are lax at encryption and function types but strict (non-lax) at various other types, and show that they are sound and complete for contextual equivalence at all types.


Logical relations Monads Cryptographic lambda-calculus Subscone 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. In: Proc. 4th ACM Conference on Computer and Communications Security, CCS 1997 (1997)Google Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A bisimulation method for cryptographic protocols. Nordic Journal of Computing 5(4) (1998)Google Scholar
  3. 3.
    Alimohamed, M.: A characterization of lambda definability in categorical models of implicit polymorphism. Theoretical Computer Science 146(1–2) (1995)Google Scholar
  4. 4.
    Boreale, M., de Nicola, R., Pugliese, R.: Proof techniques for cryptographic processes. In: Proc. LICS 1999. IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  5. 5.
    Borgström, J., Nestmann, U.: On bisimulations for the spi calculus. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Comon, H., Shmatikov, V.: Is it possible to decide whether a cryptographic protocol is secure or not? J. of Telecommunications and Information Technology 4 (2002)Google Scholar
  7. 7.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory, IT 29(2) (1983)Google Scholar
  8. 8.
    Goubault-Larrecq, J., Lasota, S., Nowak, D.: Logical relations for monadic types. In: Bradfield, J.C. (ed.) CSL 2002 and EACSL 2002. LNCS, vol. 2471, p. 553. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. 9.
    Goubault-Larrecq, J., Lasota, S., Nowak, D., Zhang, Y.: Complete lax logical relations for cryptographic lambda-calculi. Research Report, LSV, ENS de Cachan (2004)Google Scholar
  10. 10.
    Honsell, F., Sannella, D.: Pre-logical relations. In: Flum, J., Rodríguez-Artalejo, M. (eds.) CSL 1999. LNCS, vol. 1683. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Lambek, J., Scott, P.J.: Introduction to Higher Order Categorical Logic. Cambridge Studies in Advanced Mathematics, vol. 7. Cambridge University Press, Cambridge (1986)MATHGoogle Scholar
  12. 12.
    Mitchell, J.C.: Foundations for Programming Languages. MIT Press, Cambridge (1985)Google Scholar
  13. 13.
    Mitchell, J.C., Scedrov, A.: Notes on sconing and relators. In: Martini, S., Börger, E., Kleine Büning, H., Jäger, G., Richter, M.M. (eds.) CSL 1992. LNCS, vol. 702. Springer, Heidelberg (1993)Google Scholar
  14. 14.
    Moggi, E.: Notions of computation and monads. Information and Computation 93 (1991)Google Scholar
  15. 15.
    Pitts, A., Stark, I.: Observable properties of higher order functions that dynamically create local names, or: What’s. In: Borzyszkowski, A.M., Sokolowski, S. (eds.) MFCS 1993. LNCS, vol. 711. Springer, Heidelberg (1993)Google Scholar
  16. 16.
    Plotkin, G.D., Power, J., Sannella, D., Tennent, R.D.: Lax logical relations. In: Welzl, E., Montanari, U., Rolim, J.D.P. (eds.) ICALP 2000. LNCS, vol. 1853. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    Stark, I.: Categorical models for local names. Lisp and Symbolic Computation 9(1) (1996)Google Scholar
  18. 18.
    Sumii, E., Pierce, B.C.: Logical relations for encryption. In: Proc. CSFW-14. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  19. 19.
    Zhang, Y., Nowak, D.: Logical relations for dynamic name creation. In: Baaz, M., Makowsky, J.A. (eds.) CSL 2003. LNCS, vol. 2803. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Jean Goubault-Larrecq
    • 1
  • Sławomir Lasota
    • 2
  • David Nowak
    • 1
  • Yu Zhang
    • 1
  1. 1.LSV/CNRS & INRIA Futurs & ENS CachanCachanFrance
  2. 2.Institute of InformaticsWarsaw UniversityWarszawaPoland

Personalised recommendations