Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 5<br />
Decidability results for saturated<br />
deduction systems<br />
In this chapter, we consider the class <strong>of</strong> cryptographic protocols<br />
where the cryptographic primitives are represented by equational<br />
theories generated by convergent rewrite systems satisfying the finite<br />
variant property, which symbolically has been introduced in [86].<br />
The finite variant property allows one to compute all possible normal<br />
forms <strong>of</strong> the instances <strong>of</strong> a term t. Such a property is claimed to be a<br />
key property for decidability results in cryptographic protocols verification<br />
in presence <strong>of</strong> algebraic properties [80], <strong>and</strong> many common<br />
equational theories have been proved to have this property, for example,<br />
the Dolev-Yao theory with explicit destructors, the Abelian group<br />
theory <strong>and</strong> others. A first contribution on this chapter is the decidability<br />
<strong>of</strong> the ground reachability problems for our class <strong>of</strong> deduction<br />
systems. Following the description given in Chapter 2, we employ<br />
the finite variant property to reduce reachability problems modulo<br />
an equational theory to reachability problems modulo the empty theory.<br />
We then partially compute a transitive closure <strong>of</strong> the possible deductions.<br />
We prove that the termination <strong>of</strong> this computation implies<br />
the decidability <strong>of</strong> the ground reachability problems. We conjecture<br />
that the overall construction amounts to proving that the deduction<br />
system is F -local [40]. We then give a new criterion that permits us<br />
to reduce general reachability problems to ground reachability problems.<br />
This criterion is based on counting the number <strong>of</strong> variables in a<br />
reachability problem before <strong>and</strong> after a deduction is guessed, <strong>and</strong> is a<br />
generalisation <strong>of</strong> the one employed for the specific case <strong>of</strong> the DSKS<br />
intruder model. The intuition behind this criterion is that a deduction<br />
rule has to provide more relations between existing fact than it<br />
introduces new unknown. We give an example showing that such an<br />
111