Security, Probability and Nearly Fair Coins in the Cryptographers’ Café

  • Annabelle McIver
  • Larissa Meinicke
  • Carroll Morgan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5850)


Security and probability are both artefacts that we hope to bring increasingly within the reach of refinement-based Formal Methods; although we have worked on them separately, in the past, the goal has always been to bring them together.

In this report we describe our ongoing work in that direction: we relate it to a well known problem in security, Chaum’s Dining Cryptographers, where the various criteria of correctness that might apply to it expose precisely the issues we have found to be significant in our efforts to deal with security, probability and abstraction all at once.

Taking our conviction into this unfamiliar and demanding territory, that abstraction and refinement are the key tools of software development, has turned out to be an exciting challenge.


Formal Method Hide Variable Hide State Probabilistic Choice Quantum Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A large literature on probabilistic process algebras from 1990 or beforeGoogle Scholar
  2. 2.
    A series of meetings between Oxford and Manchester over the general principles of data refinement (reification) and its completeness, Participants included Jifeng He, Tony Hoare, Cliff Jones, Peter Lupton, Carroll Morgan, Tobias Nipkow, Ken Robinson, Bill Roscoe, Jeff Sanders, Ib Sørensen and Mike Spivey (1986)Google Scholar
  3. 3.
    Back, R.-J.R.: On the correctness of refinement steps in program development. Report A-1978-4, Dept. Comp. Sci., Univ. Helsinki (1978)Google Scholar
  4. 4.
    Back, R.-J.R.: Data refinement in the refinement calculus. In: Proceedings 22nd Hawaii International Conference of System Sciences, Kailua-Kona (January 1989)Google Scholar
  5. 5.
    Back, R.-J.R., von Wright, J.: Refinement Calculus: A Systematic Introduction. Springer, Heidelberg (1998)zbMATHGoogle Scholar
  6. 6.
    Butler, M.J., Hartel, P.H.: Reasoning about Grover’s quantum search algorithm using probabilistic WP. ACM Trans. Prog. Lang. Sys. 21(3), 417–430 (1999)CrossRefGoogle Scholar
  7. 7.
    Celiku, O., McIver, A.: Cost-based analysis of probabilistic programs mechanised in HOL. Nordic. Jnl. Comp. 11(2), 102–128 (2004)zbMATHMathSciNetGoogle Scholar
  8. 8.
    Chaum, D.: The Dining Cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Cohen, E.S.: Information transmission in sequential programs. ACM SIGOPS Operatings Systems Review 11(5), 133–139 (1977)CrossRefGoogle Scholar
  10. 10.
    de Nicola, M., Hennessy, M.: Testing equivalence for processes. Theo. Comp. Sci. 34 (1984)Google Scholar
  11. 11.
    Deng, Y., Chothia, T., Palamidessi, C., Pang, J.: Metrics for action-labelled quantitative transition systems. Electronic Notes in Theoretical Computer Science 153(2), 79–96 (2006)CrossRefGoogle Scholar
  12. 12.
    Deng, Y., Du, W.: Kantorovich metric in computer science: A brief survey. In: Proceedings of the 7th Workshop on Quantitative Aspects of Programming Languages (to appear, 2009)Google Scholar
  13. 13.
    Desharnais, J., Jagadeesan, R., Gupta, V., Panangaden, P.: The metric analogue of weak bisimulation for probabilistic processes. In: Proc. of the 17th Annual IEEE Symp. Logic in Computer Science, pp. 413–422. IEEE, Los Alamitos (2002)CrossRefGoogle Scholar
  14. 14.
    Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)zbMATHGoogle Scholar
  15. 15.
    Engelhardt, K., Moses, Y., van der Meyden, R.: Unpublished report, Univ. NSW (2005)Google Scholar
  16. 16.
    Engelhardt, K., van der Meyden, R., Moses, Y.: A refinement theory that supports reasoning about knowledge and time. In: Nieuwenhuis, R., Voronkov, A. (eds.) LPAR 2001. LNCS (LNAI), vol. 2250, pp. 125–141. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Fidge, C., Shankland, C.: But what if I don’t want to wait forever? Formal Aspects of Computing 14(3), 281–294 (2003)CrossRefGoogle Scholar
  18. 18.
    Floyd, R.W.: Assigning meanings to programs. In: Schwartz, J.T. (ed.) Mathematical Aspects of Computer Science. Proc. Symp. Appl. Math., vol. 19, pp. 19–32. American Mathematical Society, Providence (1967)Google Scholar
  19. 19.
    Gardiner, P.H.B., Morgan, C.C.: Data refinement of predicate transformers. Theo. Comp. Sci. 87, 143–162 (1991); Reprinted in [60]zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Goguen, J.A., Meseguer, J.: Unwinding and inference control. In: Proc. IEEE Symp. on Security and Privacy, pp. 75–86 (1984)Google Scholar
  21. 21.
    Gonzalia, C., McIver, A.K.: Automating refinement checking in probabilistic system design. In: Butler, M., Hinchey, M.G., Larrondo-Petrie, M.M. (eds.) ICFEM 2007. LNCS, vol. 4789, pp. 212–231. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Grimmett, G.R., Welsh, D.: Probability: an Introduction. Oxford Science Publications (1986)Google Scholar
  23. 23.
    Hallerstede, S., Hoang, T.S.: Qualitative probabilistic modelling in Event-B. In: Davies, J., Gibbons, J. (eds.) IFM 2007. LNCS, vol. 4591, pp. 293–312. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    He, J., Seidel, K., McIver, A.K.: Probabilistic models for the guarded command language. Science of Computer Programming 28, 171–192 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Hoang, T.S.: The Development of a Probabilistic B-Method and a Supporting Toolkit. PhD thesis, Computer Science and Engineering (2005)Google Scholar
  26. 26.
    Hoang, T.S., McIver, A.K., Morgan, C.C., Robinson, K.A., Jin, Z.D.: Probabilistic invariants for probabilistic machines. In: Bert, D., Bowen, J.P., King, S. (eds.) ZB 2003. LNCS, vol. 2651, pp. 240–259. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Hoang, T.S., Morgan, C.C., Robinson, K.A., Jin, Z.D.: Refinement in probabilistic B: Foundation and case study. In: Treharne, H., King, S., Henson, M.C., Schneider, S. (eds.) ZB 2005. LNCS, vol. 3455. Springer, Heidelberg (2005)Google Scholar
  28. 28.
    Hoare, C.A.R.: An axiomatic basis for computer programming. Comm. ACM 12(10), 576–580 (1969)zbMATHCrossRefGoogle Scholar
  29. 29.
    Hurd, J., McIver, A.K., Morgan, C.C.: Probabilistic guarded commands mechanised in HOL. Theo. Comp. Sci. 346(1), 96–112 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  30. 30.
    de Vink, E.P., den Hartog, J.I., de Bakker, J.W.: Metric semantics and full abstractness for action refinement and probabilistic choice. Electronic Notes in Theo. Comp. Sci. 40 (2001)Google Scholar
  31. 31.
    Jones, C.: Probabilistic nondeterminism. Monograph ECS-LFCS-90-105, Edinburgh University, Ph.D. Thesis (1990)Google Scholar
  32. 32.
    Jones, C., Plotkin, G.: A probabilistic powerdomain of evaluations. In: Proceedings of the IEEE 4th Annual Symposium on Logic in Computer Science, pp. 186–195. IEEE Computer Society Press, Los Alamitos (1989)Google Scholar
  33. 33.
    Jones, C.B.: Systematic Software Development using VDM. Prentice-Hall, Englewood Cliffs (1986)zbMATHGoogle Scholar
  34. 34.
    Kozen, D.: Semantics of probabilistic programs. Jnl. Comp. Sys. Sci. 22, 328–350 (1981)zbMATHCrossRefMathSciNetGoogle Scholar
  35. 35.
    Kozen, D.: A probabilistic PDL. Jnl. Comp. Sys. Sci. 30(2), 162–178 (1985)zbMATHCrossRefMathSciNetGoogle Scholar
  36. 36.
    Leino, K.R.M., Joshi, R.: A semantic approach to secure information flow. Science of Computer Programming 37(1–3), 113–138 (2000)zbMATHMathSciNetGoogle Scholar
  37. 37.
    McIver, A.K.: The secure art of computer programming. In: Proc. ICTAC 2009 (2009) (invited presentation)Google Scholar
  38. 38.
    McIver, A.K., Morgan, C.C.: A quantified measure of security 2: A programming logic. Available at [62, key McIver:98A] (1998)Google Scholar
  39. 39.
    McIver, A.K., Morgan, C.C.: Demonic, angelic and unbounded probabilistic choices in sequential programs. Acta. Inf. 37(4/5), 329–354 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  40. 40.
    McIver, A.K., Morgan, C.C.: Abstraction and refinement of probabilistic systems. In: Katoen, J.-P. (ed.) ACM SIGMetrics Performance Evaluation Review, vol. 32. ACM, New York (2005)Google Scholar
  41. 41.
    McIver, A.K., Morgan, C.C.: Abstraction, Refinement and Proof for Probabilistic Systems. Tech. Mono. Comp. Sci. (2005)Google Scholar
  42. 42.
    McIver, A.K., Morgan, C.C.: Developing and reasoning about probabilistic programs in pGCL. In: Cavalcanti, A., Sampaio, A., Woodcock, J. (eds.) PSSE 2004. LNCS, vol. 3167, pp. 123–155. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  43. 43.
    McIver, A.K., Morgan, C.C.: A calculus of revelations. In: Presented at VSTTE Theories Workshop (October 2008),
  44. 44.
    McIver, A.K., Morgan, C.C.: Sums and lovers: Case studies in security, compositionality and refinement. In: Cavalcanti, A., Dams, D. (eds.) FM 2009. LNCS. Springer, Heidelberg (2009)Google Scholar
  45. 45.
    McIver, A.K., Morgan, C.C., Gonzalia, C.: Proofs and refutations for probabilistic systems. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 100–115. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  46. 46.
    McIver, A.K., Morgan, C.C., Hoang, T.S.: Probabilistic termination in B. In: Bert, D., Bowen, J.P., King, S. (eds.) ZB 2003. LNCS, vol. 2651, pp. 216–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  47. 47.
    McIver, A.K., Morgan, C.C., Sanders, J.W.: Probably Hoare? Hoare probably! In: Davies, J.W., Roscoe, A.W., Woodcock, J.C.P. (eds.) Millennial Perspectives in Computer Science, Cornerstones of Computing, pp. 271–282. Palgrave, Oxford (2000)Google Scholar
  48. 48.
    McIver, A.K., Morgan, C.C., Troubitsyna, E.: The probabilistic steam boiler: a case study in probabilistic data refinement. In: Bert, D. (ed.) B 1998. LNCS, vol. 1393, pp. 250–265. Springer, Heidelberg (1998); Also [41, ch. 4]Google Scholar
  49. 49.
    McIver, A., Morgan, C.: The thousand-and-one cryptographers. In: Festschrift in Honour of Tony Hoare (to appear, 2009)Google Scholar
  50. 50.
    Morgan, C.C.: The specification statement. ACM Trans. Prog. Lang. Sys. 10(3), 403–419 (1988); Reprinted in [60]zbMATHCrossRefGoogle Scholar
  51. 51.
    Morgan, C.C.: Programming from Specifications, 2nd edn. Prentice-Hall, Englewood Cliffs (1994), zbMATHGoogle Scholar
  52. 52.
    Morgan, C.C.: Proof rules for probabilistic loops. In: Jifeng, H., Cooke, J., Wallis, P. (eds.) Proc. BCS-FACS 7th Refinement Workshop, Workshops in Computing. Springer, Heidelberg (1996), Google Scholar
  53. 53.
    Morgan, C.C.: The generalised substitution language extended to probabilistic programs. In: Bert, D. (ed.) B 1998. LNCS, vol. 1393, pp. 9–25. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  54. 54.
    Morgan, C.C.: The Shadow Knows: Refinement of ignorance in sequential programs. In: Uustalu, T. (ed.) MPC 2006. LNCS, vol. 4014, pp. 359–378. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  55. 55.
    Morgan, C.C.: How to brew-up a refinement ordering. In: Boiten, E., Derrick, J., Reeves, S. (eds.) Proc. 2009 Refine Workshop, Eindhoven (2009)Google Scholar
  56. 56.
    Morgan, C.C.: The Shadow Knows: Refinement of ignorance in sequential programs. Science of Computer Programming 74(8) (2009); Treats Oblivious TransferGoogle Scholar
  57. 57.
    Morgan, C.C., McIver, A.K.: A quantified measure of security 1: a relational model. Available at [62, key Morgan:98a] (1998)Google Scholar
  58. 58.
    Morgan, C.C., McIver, A.K.: pGCL: Formal reasoning for random algorithms. South African Comp. Jnl. 22, 14–27 (1999)Google Scholar
  59. 59.
    Morgan, C.C., McIver, A.K., Seidel, K.: Probabilistic predicate transformers. ACM Trans. Prog. Lang. Sys. 18(3), 325–353 (1996), CrossRefGoogle Scholar
  60. 60.
    Morgan, C.C., Vickers, T.N. (eds.): On the Refinement Calculus. FACIT Series in Computer Science. Springer, Berlin (1994)Google Scholar
  61. 61.
    Morris, J.M.: A theoretical basis for stepwise refinement and the programming calculus. Science of Computer Programming 9(3), 287–306 (1987)zbMATHCrossRefMathSciNetGoogle Scholar
  62. 62.
    Probabilistic Systems Group. Publications,
  63. 63.
    Sabelfeld, A., Sands, D.: A PER model of secure information flow. Higher-Order and Symbolic Computation 14(1), 59–91 (2001)zbMATHCrossRefGoogle Scholar
  64. 64.
    Schneider, S., Hoang, T.S., Robinson, K.A., Treharne, H.: Tank monitoring: a pAMN case study. Formal Aspects of Computing 18(3), 308–328 (2006)zbMATHCrossRefGoogle Scholar
  65. 65.
    Tix, R., Keimel, K., Plotkin, G.D.: Semantic domains for combining probability and non-determinism. ENTCS 129, 1–104 (2005)zbMATHMathSciNetGoogle Scholar
  66. 66.
    van Breugel, F.: Comparative Metric Semantics of Programming Languages: Nondeterminism and Recursion. Theoretical Computer Science (1997)Google Scholar
  67. 67.
    Ying, M., Wirsing, M.: Approximate Bisimilarity. In: Rus, T. (ed.) AMAST 2000. LNCS, vol. 1816, pp. 309–322. Springer, Heidelberg (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Annabelle McIver
    • 1
  • Larissa Meinicke
    • 1
  • Carroll Morgan
    • 2
  1. 1.Dept. Computer ScienceMacquarie UniversityAustralia
  2. 2.School of Comp. Sci. and Eng.Univ. New South WalesAustralia

Personalised recommendations