Deciding Knowledge in Security Protocols Under Equational Theories

  • Martín Abadi
  • Véronique Cortier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3142)


The analysis of security protocols requires precise formulations of the knowledge of protocol participants and attackers. In formal approaches, this knowledge is often treated in terms of message deducibility and indistinguishability relations. In this paper we study the decidability of these two relations. The messages in question may employ functions (encryption, decryption, etc.) axiomatized in an equational theory. Our main positive results say that, for a large and useful class of equational theories, deducibility and indistinguishability are both decidable in polynomial time.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Technical Report RR-5169, INRIA (April 2004), An up-to-date version will be kept at
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), January 2001, pp. 104–115 (2001)Google Scholar
  3. 3.
    Abadi, M., Gordon, A.D.: A bisimulation method for cryptographic protocols. Nordic Journal of Computing 5(4), 267–303 (1998)zbMATHMathSciNetGoogle Scholar
  4. 4.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148(1), 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Amadio, R.M., Lugiez, D.: On the reachability problem in cryptographic protocols. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 380–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), June 2001, pp. 82–96 (2001)Google Scholar
  7. 7.
    Blanchet, B.: From secrecy to authenticity in security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 342–359. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Blanchet, B.: Automatic proof of strong secrecy for security protocols. In: IEEE Symposium on Security and Privacy (May 2004) (to appear)Google Scholar
  9. 9.
    Boreale, M., De Nicola, R., Pugliese, R.: Proof techniques for cryptographic processes. In: Proceedings of the Fourteenth Annual IEEE Symposium on Logic in Computer Science, July 1999, pp. 157–166 (1999)Google Scholar
  10. 10.
    Chevalier, Y., Kuester, R., Rusinowitch, M., Turani, M.: Deciding the security of protocols with Diffie-Hellman exponentiation and products in exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Chevalier, Y., Kuester, R., Rusinowitch, M., Turani, M.: An NP decision procedure for protocol insecurity with xor. In: Proceedings of the 18th Annual IEEE Symposium on Logic In Computer Science (LICS 2003), pp. 261–270 (2003)Google Scholar
  12. 12.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of the 18th Annual IEEE Symposium on Logic In Computer Science (LICS 2003), pp. 271–280 (2003)Google Scholar
  13. 13.
    Comon-Lundh, H., Treinen, R.: Easy intruder deductions. Technical Report LSV-03-8, Laboratoire Spécification et Vérification, ENS de Cachan, France (2003)Google Scholar
  14. 14.
    Delaune, S., Jacquemard, F.: Narrowing-based constraint solving for the verification of security protocols. Technical Report LSV-04-8, Laboratoire Spécification et Vérification, ENS de Cachan, France (April 2004)Google Scholar
  15. 15.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(12), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  16. 16.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Kemmerer, R., Meadows, C., Millen, J.: Three system for cryptographic protocol analysis. Journal of Cryptology 7(2), 79–130 (1994)zbMATHCrossRefGoogle Scholar
  18. 18.
    Lincoln, P., Mitchell, J., Mitchell, M., Scedrov, A.: A probabilistic poly-time framework for protocol analysis. In: Proceedings of the Fifth ACM Conference on Computer and Communications Security, pp. 112–121 (1998)Google Scholar
  19. 19.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  20. 20.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)Google Scholar
  21. 21.
    Schneider, S.: Security properties and CSP. In: IEEE Symposium on Security and Privacy, pp. 174–187 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Martín Abadi
    • 1
  • Véronique Cortier
    • 2
  1. 1.Computer Science DepartmentUniversity of California at Santa CruzUSA
  2. 2.Loria, INRIA & CNRSNancyFrance

Personalised recommendations