A Dolev-Yao Model for Zero Knowledge

  • Anguraj Baskar
  • R. Ramanujam
  • S. P. Suresh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5913)


We propose an extension of the standard Dolev-Yao model of cryptographic protocols to facilitate symbolic reasoning about zero-knowledge proofs. This is accomplished by communicating typed terms, and providing a proof amounts to certifying that a term is of a particular type. We present a proof system for term derivability, which is employed to yield a decision procedure for checking whether a given protocol meets its zero knowledge specification.


Proof System Security Protocol Computer Security Cryptographic Protocol Typing Judgement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AR02]
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). Journal of Cryptology 15(2), 103–127 (2002)zbMATHMathSciNetGoogle Scholar
  2. [Bau05]
    Baudet, M.: Deciding security of protocols against off-line guessing attacks. In: CCS 2005: Proceedings of the 12th ACM conference on Computer and communications security, pp. 16–25. ACM Press, New York (2005)CrossRefGoogle Scholar
  3. [BHM08]
    Backes, M., Hritcu, C., Maffei, M.: Type-checking zero-knowledge. In: ACM Conference on Computer and Communications Security, pp. 357–370 (2008)Google Scholar
  4. [BMU08]
    Backes, M., Maffei, M., Unruh, D.: Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol. In: IEEE Symposium on Security and Privacy, pp. 202–215 (2008)Google Scholar
  5. [BRS09]
    Baskar, A., Ramanujam, R., Suresh, S.P.: A Dolev-Yao model for Zero Knowledge. CMI Technical Report (2009),
  6. [BU08]
    Backes, M., Unruh, D.: Computational Soundness of Symbolic Zero-Knowledge Proofs Against Active Attackers. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, pp. 255–269 (2008)Google Scholar
  7. [CDL06]
    Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)Google Scholar
  8. [CKKW06]
    Cortier, V., Kremer, S., Küsters, R., Warinschi, B.: Computationally sound symbolic secrecy in the presence of hash functions. In: Arun-Kumar, S., Garg, N. (eds.) FSTTCS 2006. LNCS, vol. 4337, pp. 176–187. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. [Cla]
    Clausen, A.: Logical composition of zero-knowledge proofs,
  10. [CLS03]
    Comon-Lundh, H., Shmatikov, V.: Intruder Deductions, Constraint Solving and Insecurity Decisions in Presence of Exclusive or. In: Proceedings of the 18th IEEE Synposium on Logic in Computer Science (LICS), June 2003, pp. 271–280 (2003)Google Scholar
  11. [Cre08]
    Cremers, C.J.F.: The Scyther Tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. [DKR09]
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)Google Scholar
  13. [GLT89]
    Girard, J.-Y., Lafont, Y., Taylor, P.: Proofs and Types. Cambridge Tracts in Theoretical Computer Science, vol. 7. Cambridge University Press, Cambridge (1989)zbMATHGoogle Scholar
  14. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal of Computing 18(1), 186–208 (1989)zbMATHCrossRefMathSciNetGoogle Scholar
  15. [Her05]
    Herzog, J.: A computational interpretation of dolev-yao adversaries. Theoretical Computer Science 340(1), 57–81 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  16. [Low96]
    Lowe, G.: Breaking and fixing the Needham-Schroeder public key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  17. [MS01]
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: ACM Conference on Computer and Communications Security, pp. 166–175 (2001)Google Scholar
  18. [RS05]
    Ramanujam, R., Suresh, S.P.: Decidability of context-explicit security protocols. Journal of Computer Security 13(1), 135–165 (2005)Google Scholar
  19. [RS06]
    Ramanujam, R., Suresh, S.P.: A (restricted) quantifier elimination for security protocols. Theoretical Computer Science 367, 228–256 (2006)zbMATHCrossRefMathSciNetGoogle Scholar
  20. [RT03]
    Rusinowitch, M., Turuani, M.: Protocol Insecurity with Finite Number of Sessions and Composed Keys is NP-complete. Theoretical Computer Science 299, 451–475 (2003)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Anguraj Baskar
    • 1
  • R. Ramanujam
    • 2
  • S. P. Suresh
    • 1
  1. 1.Chennai Mathematical InstituteChennai
  2. 2.Institute of Mathematical SciencesChennai

Personalised recommendations