Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6.6. DISCUSSIONS AND CONCLUSIONS 175<br />
key protocol is decidable under a bounded number <strong>of</strong> sessions <strong>and</strong> under the hypothesis<br />
that the protocol runs correctly.<br />
6.6 Discussions <strong>and</strong> conclusions<br />
The main contribution <strong>of</strong> this chapter is a decidability result <strong>of</strong> the ground entailment<br />
problem for a set S <strong>of</strong> clauses under the hypothesis that S is saturated<br />
by selected resolution up to redundancy with respect to a complete atom ordering<br />
compatible with a complete simplification ordering over terms.<br />
Many decidability results have been obtained for this problem, <strong>and</strong> we discuss<br />
some <strong>of</strong> them in Section 6.5. Among the works cited above, the closest to<br />
ours is [28]. In [28], D. Basin <strong>and</strong> H. Ganzinger proved the decidability <strong>of</strong> the<br />
ground entailment problem for a set S <strong>of</strong> clauses under the assumptions that<br />
(i) S is saturated up to redundancy under ordered resolution with respect to a<br />
complete well-founded ordering over atoms <strong>and</strong> that (ii) each maximal atom<br />
in each clause in S contains all variables appearing in the other atoms in the<br />
clause. In this chapter, we relax the condition (ii), <strong>and</strong> in order to get the decidability,<br />
we use an order more restrictive than the one used in [28]. Another<br />
contribution <strong>of</strong> this chapter is the reduction <strong>of</strong> insecurity problem <strong>of</strong> cryptographic<br />
protocols to a ground entailment problem in the first order logic. In<br />
this line <strong>of</strong> research, many results have been obtained, <strong>and</strong> some <strong>of</strong> them have<br />
been discussed in Section 6.3. We remark that our result is different than the<br />
results discussed in that section. In fact, we define a new model to analyse<br />
cryptographic protocols using Horn clauses, which is different that the models<br />
given in [84, 180, 205]. Moreover, in [84, 180, 205], the decidability results<br />
are obtained for Horn clauses <strong>and</strong> not full clauses as in this chapter. while in<br />
[84, 205], they can deal with an unbounded number <strong>of</strong> sessions, we consider<br />
only a bounded number <strong>of</strong> sessions but our result allows us to deal with a class<br />
<strong>of</strong> cryptographic protocols less restrictive than [84, 205].<br />
In future works, we plan implement the decision procedure with respect to<br />
the result <strong>of</strong> D. Basin <strong>and</strong> H. Ganzinger [28], we remark that for ground entailment<br />
problems, it suffices to consider inferences by selected resolution in which<br />
one <strong>of</strong> the atoms is ground. Thus we do not need to construct the set <strong>of</strong> ground<br />
atoms before solving an entailment problem. Furthermore, we plan to extend<br />
the result to the case where the clauses are considered modulo an equational<br />
theory.<br />
We thanks Michaël Rusinowitch for all the discussions we had concerning<br />
the results <strong>of</strong> this chapter