On the security of ping-pong protocols when implemented using the RSA
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Athena: a novel approach to efficient automatic security protocol analysis
Journal of Computer Security
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Relating Strands and Multiset Rewriting for Security Protocol Analysis
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Information Processing Letters
Rewriting Techniques in the Constraint Solver
Electronic Notes in Theoretical Computer Science (ENTCS)
Protocol analysis in Maude-NPA using unification modulo homomorphic encryption
Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming
Tree automata with equality constraints modulo equational theories
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Soundness of removing cancellation identities in protocol analysis under Exclusive-OR
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Diffie-Hellman without difficulty
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Towards the orchestration of secured services under non-disclosure policies
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
| Hi-index | 0.00 |
Formal systems for cryptographic protocol analysis typically model cryptosystems in terms of free algebras. Modeling the behavior of a cryptosystem in terms of rewrite rules is more expressive, however, and there are some attacks that can only be discovered when rewrite rules are used. But free algebras are more efficient, and appear to be sound for ''most'' protocols. In [J. Millen, ''On the freedom of decryption'', Information Processing Letters 86 (6) (June 2003) 329-333] Millen formalizes this intuition for shared key cryptography and provides conditions under which it holds; that is, conditions under which security for a free algebra version of the protocol implies security of the version using rewrite rules. Moreover, these conditions fit well with accepted best practice for protocol design. However, he left public key cryptography as an open problem. In this paper, we show how Millen's approach can be extended to public key cryptography, giving conditions under which security for the free algebra model implies security for the rewrite rule model. As in the case for shared key cryptography, our conditions correspond to standard best practice for protocol design.