Deducibility constraints, equational theory and electronic money. (English) Zbl 1186.68283
Comon-Lundh, Hubert (ed.) et al., Rewriting, computation and proof. Essays dedicated to Jean-Pierre Jouannaud on the occasion of his 60th birthday. Berlin: Springer (ISBN 978-3-540-73146-7/pbk). Lecture Notes in Computer Science 4600, 196-212 (2007).
Summary: The starting point of this work is a case study (from France Télécom) of an electronic purse protocol. The goal was to prove that the protocol is secure or that there is an attack. Modeling the protocol requires algebraic properties of a fragment of arithmetic, typically containing modular exponentiation. The usual equational theories described in papers on security protocols are too weak: the protocol cannot even be executed in these models. We consider here an equational theory which is powerful enough for the protocol to be executed, and for which unification is still decidable.
Our main result is the decidability of the so-called intruder deduction problem, i.e. security in presence of a passive attacker, taking the algebraic properties into account. Our equational theory is a combination of several equational theories over non-disjoint signatures.
For the entire collection see [Zbl 1120.68003].
Our main result is the decidability of the so-called intruder deduction problem, i.e. security in presence of a passive attacker, taking the algebraic properties into account. Our equational theory is a combination of several equational theories over non-disjoint signatures.
For the entire collection see [Zbl 1120.68003].
MSC:
| 68Q60 | Specification and verification (program logics, model checking, etc.) |
| 03B25 | Decidability of theories and sets of sentences |
| 68M12 | Network protocols |
| 94A60 | Cryptography |
