Abstract
Security of a cryptographic protocol for a bounded number of sessions is usually expressed as a symbolic trace reachability problem. We show that symbolic trace reachability for well-defined protocols is decidable in presence of the exclusive or theory in combination with the homomorphism axiom. These theories allow us to model basic properties of important cryptographic operators.
This trace reachability problem can be expressed as a system of symbolic deducibility constraints for a certain inference system describing the capabilities of the attacker. One main step of our proof consists in reducing deducibility constraints to constraints for deducibility in one step of the inference system. This constraint system, in turn, can be expressed as a system of quadratic equations of a particular form over ℤ/2ℤ[h], the ring of polynomials in one indeterminate over the finite field ℤ/2ℤ. We show that satisfiability of such systems is decidable.
This work has been partly supported by the RNTL project PROUVÉ 03V360 and the ACI-SI Rossignol.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science (LICS 2003), pp. 261–270. IEEE Computer Society Press, Los Alamitos (2003)
Chevalier, Y., Rusinowitch, M.: Combining intruder theories. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 639–651. Springer, Heidelberg (2005)
Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science LICS 2003, pp. 271–280. IEEE Computer Society Press, Los Alamitos (2003)
Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)
Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)
Delaune, S.: Easy intruder deduction problems with homomorphisms. Information Processing Letters 97(6), 213–218 (2006)
Delaune, S.: An undecidability result for AGh. Research Report LSV-06-02, LSV, ENS Cachan, France (2006)
Delaune, S., Jacquemard, F.: A decision procedure for the verification of security protocols with explicit destructors. In: Proc. of 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 278–287. ACM Press, New York (2004)
Delaune, S., Lafourcade, P., Lugiez, D., Treinen, R.: Symbolic protocol analysis in presence of a homomorphism operator and exclusive or. In: Research Report LSV-05-20 (2005)
Dolev, D., Yao, A.: On the security of public key protocols. In: Proc. of the 22nd Symp. on Foundations of Computer Science, pp. 350–357. IEEE Computer Society Press, Los Alamitos (1981)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. Workshop on formal methods in security protocols (1999)
Guo, Q., Narendran, P., Wolfram, D.A.: Complexity of nilpotent unification and matching problems. Information and Computation 162(1-2), 3–23 (2000)
Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for AC-like equational theories with homomorphisms. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 308–322. Springer, Heidelberg (2005)
Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for the equational theory of exclusive-or with distributive encryption. In: Research Report LSV-05-19, ENS Cachan (2005)
Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc.of 8th ACM Conference on Computer and Communications Security (CCS 2001), ACM Press, New York (2001)
Millen, J., Shmatikov, V.: Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation. Journal of Computer Security 13(3), 515–564 (2005)
Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoretical Computer Science 1-3(299), 451–475 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Delaune, S., Lafourcade, P., Lugiez, D., Treinen, R. (2006). Symbolic Protocol Analysis in Presence of a Homomorphism Operator and Exclusive Or . In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_12
Download citation
DOI: https://doi.org/10.1007/11787006_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35907-4
Online ISBN: 978-3-540-35908-1
eBook Packages: Computer ScienceComputer Science (R0)