Reducing Equational Theories for the Decision of Static Equivalence
Static equivalence is a well established notion of indistinguishability of sequences of terms which is useful in the symbolic analysis of cryptographic protocols. Static equivalence modulo equational theories allows a more accurate representation of cryptographic primitives by modelling properties of operators by equational axioms. We develop a method that allows in some cases to simplify the task of deciding static equivalence in a multi-sorted setting, by removing a symbol from the term signature and reducing the problem to several simpler equational theories. We illustrate our technique at hand of bilinear pairings.
Unable to display preview. Download preview PDF.
- 8.Common, H.: Inductionless induction. In: Handbook of Automated Reasoning, Elsevier, Amsterdam (2001)Google Scholar
- 9.Ricardo, C., Jeroen, D., Sandro, E.: Analysing password protocol security against off-line dictionary attacks. In: Proceedings of the 2nd International Workshop on Security Issues with Petri Nets and other Computational Models (WISP 2004). ENTCS, vol. 121, pp. 47–63. Elsevier, Amsterdam (2004)Google Scholar
- 10.Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)Google Scholar
- 14.Kremer, S., Mazaré, L.: Computationally sound analysis of protocols using bilinear pairings. Journal of Computer Security (to appear, 2009)Google Scholar
- 15.Kremer, S., Mercier, A., Treinen, R.: Reducing equational theories for the decision of static equivalence. Research Report LSV-09-19, LSV, ENS Cachan, France (May 2009)Google Scholar