SPEC: An Equivalence Checker for Security Protocols

  • Alwen Tiu
  • Nam Nguyen
  • Ross HorneEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10017)


SPEC is an automated equivalence checker for security protocols specified in the spi-calculus, an extension of the pi-calculus with cryptographic primitives. The notion of equivalence considered is a variant of bisimulation, called open bisimulation, that identifies processes indistinguishable when executed in any context. SPEC produces compact and independently checkable bisimulations that are useful for automating the process of producing proof-certificates for security protocols. This paper gives an overview of SPEC and discusses techniques to reduce the size of bisimulations, utilising up-to techniques developed for the spi-calculus. SPEC is implemented in the Bedwyr logic programming language that we demonstrate can be adapted to tackle further protocol analysis problems not limited to bisimulation checking.


Authentication Protocol Security Protocol Message Authentication Code Homomorphic Encryption Encryption Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors receive support from MOE Tier 2 grant MOE2014-T2-2-076. The first author receives support from NTU Start Up grant M4081190.020.


  1. 1.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148(1), 1–70 (1999)MathSciNetzbMATHCrossRefGoogle Scholar
  2. 2.
    Baelde, D., Gacek, A., Miller, D., Nadathur, G., Tiu, A.F.: The Bedwyr system for model checking over syntactic expressions. In: Pfenning, F. (ed.) CADE 2007. LNCS (LNAI), vol. 4603, pp. 391–397. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Log. Algebr. Program. 75(1), 3–51 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  4. 4.
    Borgström, J.: Equivalences and calculi for formal verification of cryptographic protocols. Ph.D. thesis, École Polytechnique Fédérale de Lausanne (2008)Google Scholar
  5. 5.
    Borgström, J., Briais, S., Nestmann, U.: Symbolic bisimulation in the spi calculus. In: Gardner, P., Yoshida, N. (eds.) CONCUR 2004. LNCS, vol. 3170, pp. 161–176. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-28644-8_11 CrossRefGoogle Scholar
  6. 6.
    Chadha, R., Ciobâcă, V., Kremer, S.: Automated verification of equivalence properties of cryptographic protocols. In: Programming Languages and Systems, pp. 108–127 (2012)Google Scholar
  7. 7.
    Chaum, D.: Blind signature system. In: Advances in Cryptology, Proceedings of CRYPTO 1983, Santa Barbara, California, USA, 21–24 August 1983, p. 153. Plenum Press, New York (1984)Google Scholar
  8. 8.
    Cheval, V.: Automatic verification of cryptographic protocols: privacy-type properties. Ph.D. thesis, ENS Cachan, December 2012Google Scholar
  9. 9.
    Cheval, V.: APTE: an algorithm for proving trace equivalence. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014 (ETAPS). LNCS, vol. 8413, pp. 587–592. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  10. 10.
    Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties for cryptographic protocols. Application to key cycles. ACM Trans. Comput. Log. 11(2), 9:1–9:42 (2010). doi: 10.1145/1656242.1656244 MathSciNetzbMATHCrossRefGoogle Scholar
  11. 11.
    Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, Part II. In: Information and Computation, pp. 41–77 (1992)Google Scholar
  12. 12.
    Montanari, U., Sassone, V.: Dynamic congruence vs. progressing bisimulation for CCS. Fundamenta Informaticae 16(2), 171–199 (1992)MathSciNetzbMATHGoogle Scholar
  13. 13.
    Sangiorgi, D.: A theory of bisimulation for the pi-calculus. Acta Inf. 33(1), 69–97 (1996)MathSciNetzbMATHCrossRefGoogle Scholar
  14. 14.
    Sangiorgi, D.: On the bisimulation proof method. Math. Struct. Comput. Sci. 8, 447–479 (1998)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Sangiorgi, D., Walker, D.: \(\pi \)-Calculus: A Theory of Mobile Processes. Cambridge University Press, Cambridge (2001)zbMATHGoogle Scholar
  16. 16.
    Tiu, A.: A logical framework for reasoning about logical specifications. Ph.D. thesis, Pennsylvania State University, May 2004Google Scholar
  17. 17.
    Tiu, A.F.: A trace based bisimulation for the spi calculus: an extended abstract. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 367–382. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Tiu, A.: A trace based bisimulation for the spi calculus. CoRR, abs/0901.2166 (2009)Google Scholar
  19. 19.
    Tiu, A., Dawson, J.E.: Automating open bisimulation checking for the spi calculus. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF 2010), pp. 307–321. IEEE Computer Society (2010)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.School of Computer Science and EngineeringNanyang Technological UniversitySingaporeSingapore

Personalised recommendations