Logical Analysis and Verification of Cryptographic Protocols - Loria

More documents

Recommendations

Info

144 CHAPTER 5. SATURATED DEDUCTION SYSTEMS with increasing rules. Thus, after a right choice of at most |Sub(E) \ V ar(E)| decreasing rules, all terms deducible from the obtained knowledge set can be deduced using only increasing rules, hence the tagging with inc of the final deduction constraint E ∪ {r1, . . . , rk} ⊲inc t, k = |Sub(E) \ V ar(E)|. Termination of Step 2. First let us notice that if a unification is chosen, it unifies two subterms of the constraint system in the empty theory, and thus either the two terms were already equal or it reduces strictly the number of variables in the constraint system. Thus the number of unification choices is bounded by the number of variables in the constraint system. Once all unification have been performed, the termination of the first part of the iteration can easily be proved by considering the multiset of the right-hand side of the deduction constraints, ordered by the extension to multisets of the (well-founded) subterm ordering. The second part of the iteration obviously terminates. Thus each iteration terminates. Since each iteration decreases strictly the number of non-labelled deduction constraints, Step 2. terminates. 5.9 Related works Several decidability results have been obtained for cryptographic protocols in a similar setting [15, 156, 16, 178]. These results have been extended to handle algebraic properties of cryptographic primitives [68, 70, 66, 9]. In [10], a decidability result was given to the ground reachability problems in the case of subterm convergent equational theories. This result was extended in [9] and a decidability result to the ground reachability problems in the case of locally stable AC-convergent equational theories was given. Moreover, again in [9], a decidability result was given to the ground reachability problems for the theory of blind signature [136] while this theory was not included in [10]. To obtain a decidability result for the theory of blind signature, M. Abadi and V. Cortier [9] use a new extended definition of subterm. The result obtained in [10] was extended in [31] in different way than in [9] and a decidability result was obtained to the general reachability problem for the class of subterm convergent equational theory. The first result of our chapter is a decidability result to the ground reachability problems for a class of equational theories which includes the class studied in [10]. We note that the class studied in [9] is incomparable to ours and we note also that the proof used in [9] to decide the ground reachability problems for the theory of blind signature is different from the ours. Another result of this chapter is a decidability result to the general reachability problem for a class of equational theories under some conditions on the deduction systems and the class studied in [31] is incomparable with ours. In [40], a decidability result was given to the general reachability problems under some
5.10. CONCLUSION 145 syntactic conditions on the intruder deduction rules, this result is incomparable with ours. 5.10 Conclusion In [80], H. Comon-Lundh proposes a two-steps strategy for solving general reachability problems: first, decide ground reachability problems and, second, reduce general reachability problems to ground reachability ones, e.g. by providing a bound on the size of a minimal solution of a problem. Our results are in this line: for contracting deduction systems, general reachability can be reduced to ground reachability. We strongly conjecture that it permits one to provide a bound on the size of minimal solutions. Thus, this chapter adds a new criterion to the one already known for deciding reachability problems. In future works, we will investigate how the construction presented here can be extended to equational theories having the finite variant property w.r.t. a nonempty equational theory. We will also try to weaken the definition of µ(T ) for a set of terms T . In the next chapter, we employ similar techniques to solve ground entailment problems for saturated first-order theories.
Page 1:
Logical Analysis and Verification o
Page 5:
Abstract This thesis is developed i
Page 8 and 9:
viii
Page 10 and 11:
x CONTENTS 2.1.7 Unification . . .
Page 12 and 13:
xii CONTENTS 5.8 Decidability of re
Page 14 and 15:
2 CHAPTER 1. INTRODUCTION Figure 1.
Page 16 and 17:
4 CHAPTER 1. INTRODUCTION Secrecy T
Page 18 and 19:
6 CHAPTER 1. INTRODUCTION “G”.
Page 20 and 21:
8 CHAPTER 1. INTRODUCTION And, a pe
Page 22 and 23:
10 CHAPTER 1. INTRODUCTION intercep
Page 24 and 25:
12 CHAPTER 1. INTRODUCTION Figure 1
Page 26 and 27:
14 CHAPTER 1. INTRODUCTION have bee
Page 28 and 29:
16 CHAPTER 1. INTRODUCTION the orde
Page 30 and 31:
18 CHAPTER 1. INTRODUCTION 1.5.3 Ch
Page 32 and 33:
20 CHAPTER 2. PROTOCOL ANALYSIS USI
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
58 CHAPTER 3. PROTOCOLS WITH VULNER
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107: 94 CHAPTER 4. PROTOCOLS WITH VULNER
Page 112 and 113: 100 CHAPTER 4. PROTOCOLS WITH VULNE
Page 124 and 125: 112 CHAPTER 5. SATURATED DEDUCTION
Page 160 and 161: 148 CHAPTER 6. ON THE GROUND ENTAIL
Page 190 and 191: 178 CHAPTER 7. VOTER VERIFIABILITY
Page 206 and 207:
194 CHAPTER 7. VOTER VERIFIABILITY
Page 208 and 209:
196 CHAPTER 7. VOTER VERIFIABILITY
Page 210 and 211:
198 CHAPTER 8. CONCLUSION AND PERSP
Page 212 and 213:
200 CHAPTER 8. CONCLUSION AND PERSP
Page 214 and 215:
202 BIBLIOGRAPHY [12] M. Abadi and
Page 216 and 217:
204 BIBLIOGRAPHY [36] M. Bellare, A
Page 218 and 219:
206 BIBLIOGRAPHY [60] U. Hustadt Ch
Page 220 and 221:
208 BIBLIOGRAPHY [83] H. Comon-Lund
Page 222 and 223:
210 BIBLIOGRAPHY [108] B. Donovan,
Page 224 and 225:
212 BIBLIOGRAPHY [132] T. Kohno, A.
Page 226 and 227:
214 BIBLIOGRAPHY [160] J. C. Mitche
Page 228 and 229:
216 BIBLIOGRAPHY [187] H. Seidl and
show all

Logical Analysis and Verification of Cryptographic Protocols - Loria

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?