Combining Algorithms for Deciding Knowledge in Security Protocols

  • Mathilde Arnaud
  • Véronique Cortier
  • Stéphanie Delaune
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4720)


In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, ...). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually considered: deducibility and indistinguishability. Those notions are well-studied and several decidability results already exist to deal with a variety of equational theories. However most of the results are dedicated to specific equational theories.

We show that decidability results can be easily combined for any disjoint equational theories: if the deducibility and indistinguishability relations are decidable for two disjoint theories, they are also decidable for their union. As an application, new decidability results can be obtained using this combination theorem.


Function Symbol Equational Theory Security Protocol Decidability Result Indistinguishability Relation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Baudet, M., Warinschi, B.: Guessing attacks and the computational soundness of static equivalence. In: Aceto, L., Ingólfsdóttir, A. (eds.) FOSSACS 2006 and ETAPS 2006. LNCS, vol. 3921, pp. 398–412. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 387(1-2), 2–32 (2006)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115. ACM Press, New York (2001)CrossRefGoogle Scholar
  4. 4.
    Arnaud, M., Cortier, V., Delaune, S.: Combining algorithms for deciding knowledge in security protocols. Research Report 6118, INRIA, p. 28 (February 2007)Google Scholar
  5. 5.
    Baader, F., Schulz, K.U.: Unification in the union of disjoint equational theories: Combining decision procedures. Journal of Symbolic Computation 21(2), 211–243 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Baudet, M., Cortier, V., Kremer, S.: Computationally sound implementations of equational theories against passive adversaries. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 652–663. Springer, Heidelberg (2005)Google Scholar
  7. 7.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: Proceedings of 18th Annual IEEE Symposium on Logic in Computer Science (LICS 2003), Ottawa (Canada), IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  8. 8.
    Chevalier, Y., Rusinowitch, M.: Combining intruder theories. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 639–651. Springer, Heidelberg (2005)Google Scholar
  9. 9.
    Chevalier, Y., Rusinowitch, M.: Combining intruder theories. Technical Report 5495, INRIA (2005),
  10. 10.
    Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 108–122. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of 18th Annual IEEE Symposium on Logic in Computer Science (LICS 2003), Ottawa (Canada), IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  12. 12.
    Cortier, V., Delaune, S.: Deciding knowledge in security protocols for monoidal equational theories. In: Proc. of the Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA 2007), Wrocław, Poland (to appear, 2007)Google Scholar
  13. 13.
    Delaune, S.: Easy intruder deduction problems with homomorphisms. Information Processing Letters 97(6), 213–218 (2006)CrossRefMathSciNetGoogle Scholar
  14. 14.
    Dershowitz, N., Jouannaud, J.-P.: Rewrite systems. In: Handbook of Theoretical Computer Science. ch. 6, vol. B, Elsevier, Amsterdam (1990)Google Scholar
  15. 15.
    Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for the equational theory of Abelian groups with distributive encryption. Information and Computation (to appear, 2007)Google Scholar
  16. 16.
    Lakhnech, Y., Mazaré, L., Warinschi, B.: Soundness of symbolic equivalence for modular exponentiation. In: Proceedings of the Second Workshop on Formal and Computational Cryptography (FCC 2006), pp. 19–23, Venice, Italy (July 2006)Google Scholar
  17. 17.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  18. 18.
    Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS 2001), ACM Press, New York (2001)Google Scholar
  19. 19.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)Google Scholar
  20. 20.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoretical Computer Science 1-3(299), 451–475 (2003)CrossRefMathSciNetGoogle Scholar
  21. 21.
    Schmidt-Schauß, M.: Unification in a combination of arbitrary disjoint equational theories. Journal of Symbolic Computation 8(1/2), 51–99 (1989)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Mathilde Arnaud
    • 1
  • Véronique Cortier
    • 2
  • Stéphanie Delaune
    • 2
  1. 1.École Normale Supérieure de Cachan, Computer Science departmentFrance
  2. 2.LORIA, CNRS & INRIA project Cassis, NancyFrance

Personalised recommendations