Logical Analysis and Verification of Cryptographic Protocols - Loria

More documents

Recommendations

Info

194 CHAPTER 7. VOTER VERIFIABILITY FOR E-VOTING PROTOCOLS Figure 7.1 Postal ballot voting protocol The voting specification <strong>of</strong> our “postal ballot” voting protocol is defined as 〈V, P, (), (skV ), (a)〉 for processes: V � a(skV ).bb〈sign(u, skV )〉 P � a〈skV 〉 | bb〈P k(skV )〉 The process � V P ({¯v1/u}, {¯v2/u}) is defined as: �V P ({¯v1/u}, {¯v2/u}) � ν a1, skV1 , kpc1, a2, skV2 , kpc2. (a1〈skV1 〉 | bb〈P k(skV1 )〉 | a2〈skV2 〉 | bb〈P k(skV1 )〉 | a1(skV ).bb〈senc(skV , kpc1)〉.bb〈sign(¯v1, skV )〉 | Figure 7.2 Fujioka et al. protocol verification artifacts a2(skV ).bb〈senc(skV , kpc1)〉.bb〈sign(¯v2, skV )〉) R IV = eq(P k(nth 2 1(sdec(x2, z3))), nth 2 1(x1)) ∧ eq(nth 3 2(x3), blind(commit(v, z1), z2))∧ eq(checksign(x4, blind(commit(v, z1), z2), nth 2 2(x1)), true)∧ eq(nth 2 1(x5), nth 3 2(x6)) ∧ eq(nth 2 1(x5), commit(v, z1)) ∧ eq(nth 2 2(x7), z1) R UV = � n i=1 eq(open(nth3 2(x6,i), nth 2 2(x7,i)), vi) σ = {(P k(skV1), P k(skA))/x ′ l1 , . . . , (P k(skVn), P k(skA))/x ′ ln , senc((skV1, P k(skA)), Kpc1)/x ′ l n+1 , . . . , senc((skVn, P k(skA)), Kpcn)/x ′ l2n , (P k(skV1), blind(b1, r ′ 1), sign(blind(b1, r ′ 1), skV1))/x ′ l 2n+1 , . . . , (P k(skVn), blind(bn, r ′ n), sign(blind(bn, r ′ n), skVn))/x ′ l3n , sign(blind(b1, r ′ 1), skA)/x ′ l 3n+1 , . . . , sign(blind(bn, r ′ n), skA)/x ′ l4n , (b1, sign(b1, skA))/x ′ l 4n+1 , . . . , (bn, sign(bn, skA))/x ′ l5n , (l1, b1, sign(b1, skA))/x ′ l 5n+1 , . . . , (ln, bn, sign(bn, skA))/x ′ l6n , (l1, r1)/x ′ l 6n+1 , . . . , (ln, rn)/x ′ l7n } where bi = commit(¯vi, ri) RIV Φ = eq(P k(nth 2 1(sdec(senc((skVi , P k(skA)), Kpci2 2 ), Kpcj))), P k(skVi ))∧ 1 eq(blind(commit(¯vi3 , ri3 ), r′ i3 ), blind(commit(u, rj), r ′ j ))∧ eq(checksign(sign(blind(commit(¯vi4 , ri4 ), r′ ), skA), i4 blind(commit(u, rj), r ′ j ), P k(skA)), true)∧ eq(commit(¯vi5 , ri5 ), commit(¯vi6 , ri6 ))∧ eq(commit(¯vi5 , ri5 ), commit(u, rj)) ∧ eq(ri7 , rj).
7.7. CONCLUSION 195 Figure 7.3 Lee et al. protocol verification artifacts RIV = eq(x2, penc(u, z1, nth 3 3(sdec(x1, z2)))) ∧ eq(x4, sign(nth 2 1(sdec(x3, z2)), nth 3 1(sdec(x1, z2))))∧ checkdvp(nth 2 2(sdec(x3, z2)), x2, getmsg(nth 2 1(sdec(x3, z2))), P k(nth 3 1(sdec(x1, z2))))∧ eq(nth 3 1(x6), P k(nth 3 1(sdec(x1, z2)))) ∧ eq(P k(x5), nth 3 R 2(sdec(x1, z2))) UV = � � n i=1 y1,i = getmsg(getmsg(x4,i)) ∧ nth 3 3(x6,i) = Public1(y2,i) ∧ y1,i = Public3(y2,i)∧ � Ver1,3(FL, y2,i) ∧ y3,i = dec(y1,i, Public2(y2,i)) ∧ ui = y3,i σ =E {senc(〈skV1, P k(skR1), P k(skT )〉, kpc1)/x ′ l1 , . . . , senc(〈skVn, P k(skRn), P k(skT )〉, kpcn)/x ′ ln , b1/x ′ l n+1 , . . . , bn/x ′ l2n senc(〈sign(b ′ 1, skR1), dvp(b1, b ′ 1, r ′ 1, P k(skV1))〉, kpc1)/x ′ l 2n+1 , . . . , senc(〈sign(b ′ n, skRn), dvp(bn, b ′ n, r ′ n, P k(skVn))〉, kpcn)/x ′ l3n , sign(sign(b ′ 1, skR1), skV1)/x ′ l 3n+1 , . . . , sign(sign(b ′ n, skRn), skVn)/x ′ l4n , skR1/x ′ l 4n+1 , . . . , skRn/x ′ l5n , 〈P k(skV1), P k(skR1), P k(skT )〉/x ′ l 5n+1 , . . . , 〈P k(skVn), P k(skRn), P k(skT )〉/x ′ l6n } where bi = penc(¯vi, ri, P k(skT )) <strong>and</strong> b ′ i = penc(¯vi, f(ri, r ′ i), P k(skT )) RIV Φ = eq(bi2 , penc(v′ , rj, nth 3 3(sdec(senc(〈skVi , P k(skRi ), P k(skT )〉, kpci1 ), kpcj)))) 1 1 ∧eq(sign(sign(b ′ i4 , skRi 4 ), skVi 4 ), sign(nth 2 1(sdec(senc(〈sign(b ′ i3 , skRi 3 ), ), kpcj)), nth 3 1(sdec(senc(〈skVi , P k(skRi ), P k(skT )〉, kpci1 ), kpcj)))) 1 1 dvp(bi3 , b′ i3 , r′ i3 , P k(skVi 3 ))〉, kpci3 ∧checkdvp(nth 2 2(sdec(senc(〈sign(b ′ i3 , skRi 3 ), dvp(bi3 , b′ i3 , r′ i3 , P k(skVi 3 ))〉, kpci3 ), kpcj)), bi2 , getmsg(nth 2 1(sdec(senc(〈sign(b ′ i3 , skRi ), dvp(bi3 3 , b′ i3 , r′ i3 , P k(skVi ))〉, kpci3 ), kpcj))), 3 P k(nth 3 1(sdec(senc(〈skVi 1 , P k(skRi 1 ), P k(skT )〉, kpci1 ), kpcj)))) ∧eq(nth 3 1(〈P k(skVi 6 ), P k(skRi 6 ), P k(skT )〉), P k(nth 3 1(sdec(senc(〈skVi 1 , P k(skRi 1 ), P k(skT )〉, kpci1 ), kpcj)))) ∧eq(P k(skRi ), nth 5 3 2(sdec(senc(〈skVi , P k(skRi ), P k(skT )〉, kpci1 ), kpcj))) 1 1
Page 1:
Logical Analysis and Verification o
Page 5:
Abstract This thesis is developed i
Page 8 and 9:
viii
Page 10 and 11:
x CONTENTS 2.1.7 Unification . . .
Page 12 and 13:
xii CONTENTS 5.8 Decidability of re
Page 14 and 15:
2 CHAPTER 1. INTRODUCTION Figure 1.
Page 16 and 17:
4 CHAPTER 1. INTRODUCTION Secrecy T
Page 18 and 19:
6 CHAPTER 1. INTRODUCTION “G”.
Page 20 and 21:
8 CHAPTER 1. INTRODUCTION And, a pe
Page 22 and 23:
10 CHAPTER 1. INTRODUCTION intercep
Page 24 and 25:
12 CHAPTER 1. INTRODUCTION Figure 1
Page 26 and 27:
14 CHAPTER 1. INTRODUCTION have bee
Page 28 and 29:
16 CHAPTER 1. INTRODUCTION the orde
Page 30 and 31:
18 CHAPTER 1. INTRODUCTION 1.5.3 Ch
Page 32 and 33:
20 CHAPTER 2. PROTOCOL ANALYSIS USI
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
58 CHAPTER 3. PROTOCOLS WITH VULNER
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
100 CHAPTER 4. PROTOCOLS WITH VULNE
Page 114 and 115:
Page 116 and 117:
Page 118 and 119:
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
112 CHAPTER 5. SATURATED DEDUCTION
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157: 144 CHAPTER 5. SATURATED DEDUCTION
Page 158 and 159: 146 CHAPTER 5. SATURATED DEDUCTION
Page 160 and 161: 148 CHAPTER 6. ON THE GROUND ENTAIL
Page 190 and 191: 178 CHAPTER 7. VOTER VERIFIABILITY
Page 210 and 211: 198 CHAPTER 8. CONCLUSION AND PERSP
Page 212 and 213: 200 CHAPTER 8. CONCLUSION AND PERSP
Page 214 and 215: 202 BIBLIOGRAPHY [12] M. Abadi and
Page 216 and 217: 204 BIBLIOGRAPHY [36] M. Bellare, A
Page 218 and 219: 206 BIBLIOGRAPHY [60] U. Hustadt Ch
Page 220 and 221: 208 BIBLIOGRAPHY [83] H. Comon-Lund
Page 222 and 223: 210 BIBLIOGRAPHY [108] B. Donovan,
Page 224 and 225: 212 BIBLIOGRAPHY [132] T. Kohno, A.
Page 226 and 227: 214 BIBLIOGRAPHY [160] J. C. Mitche
Page 228 and 229: 216 BIBLIOGRAPHY [187] H. Seidl and
show all

Logical Analysis and Verification of Cryptographic Protocols - Loria

Create successful ePaper yourself

Delete template?

Save as template?