Flat and One-Variable Clauses: Complexity of Verifying Cryptographic Protocols with Single Blind Copying

  • Helmut Seidl
  • Kumar Neeraj Verma
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3452)


Cryptographic protocols with single blind copying were defined and modeled by Comon and Cortier using the new class \(\mathcal C\) of first order clauses, which extends the Skolem class. They showed its satisfiability problem to be in 3-DEXPTIME. We improve this result by showing that satisfiability for this class is NEXPTIME-complete, using new resolution techniques. We show satisfiability to be DEXPTIME-complete if clauses are Horn, which is what is required for modeling cryptographic protocols. While translation to Horn clauses only gives a DEXPTIME upper bound for the secrecy problem for these protocols, we further show that this secrecy problem is actually DEXPTIME-complete.


Horn Clause Cryptographic Protocol Tree Automaton Replacement Rule Secrecy Problem 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aiken, A., Kozen, D., Vardi, M., Wimmers, E.: The complexity of set constraints. In: Meinke, K., Börger, E., Gurevich, Y. (eds.) CSL 1993. LNCS, vol. 832, pp. 1–17. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  2. 2.
    Bachmair, L., Ganzinger, H.: Resolution theorem proving. In: Handbook of Automated Reasoning, vol. I, ch. 2, pp. 19–99. North-Holland, Amsterdam (2001)Google Scholar
  3. 3.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSFW 2001, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  4. 4.
    Chandra, A.K., Kozen, D.C., Stockmeyer, L.J.: Alternation. Journal of the ACM 28(1) (1981)Google Scholar
  5. 5.
    Comon, H., Cortier, V.: Tree automata with one memory, set constraints and cryptographic protocols. Theoretical Computer Science (2004) (to appear)Google Scholar
  6. 6.
    Comon-Lundh, H., Cortier, V.: New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 148–164. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Comon-Lundh, H., Cortier, V.: Security properties: Two agents are sufficient. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 99–113. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Cortier, V.: Vérification Automatique des Protocoles Cryptographiques. PhD thesis, ENS Cachan, France (2003)Google Scholar
  9. 9.
    Durgin, N.A., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: FMSP 1999, Trento, Italy (1999)Google Scholar
  10. 10.
    Ganzinger, H., Korovin, K.: New directions in instantiation-based theorem proving. In: LICS 2001, pp. 55–64. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  11. 11.
    Goubault-Larrecq, J., Roger, M., Verma, K.N.: Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically. Journal of Logic and Algebraic Programming, 2004. Available as Research Report LSV-04-7, LSV, ENS Cachan (to Appear)Google Scholar
  12. 12.
    Monniaux, D.: Abstracting cryptographic protocols with tree automata. In: Cortesi, A., Filé, G. (eds.) SAS 1999. LNCS, vol. 1694, pp. 149–163. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Riazanov, A., Voronkov, A.: Splitting without backtracking. In: IJCAI 2001, pp. 611–617 (2001)Google Scholar
  14. 14.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NPcomplete. In: CSFW 2001, IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  15. 15.
    Weidenbach, C.: Towards an automatic analysis of security protocols. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 314–328. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Helmut Seidl
    • 1
  • Kumar Neeraj Verma
    • 1
  1. 1.Institut für InformatikTU MünchenGermany

Personalised recommendations