Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Using encryption for authentication in large networks of computers
Communications of the ACM
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
Journal of Cryptology
Verification of cryptographic Protocols: tagging enforces termination
FOSSACS'03/ETAPS'03 Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Soundness of formal encryption in the presence of key-cycles
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
From One Session to Many: Dynamic Tags for Security Protocols
LPAR '08 Proceedings of the 15th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning
Safely composing security protocols
Formal Methods in System Design
Verification of Security Protocols
VMCAI '09 Proceedings of the 10th International Conference on Verification, Model Checking, and Abstract Interpretation
Computational soundness for key exchange protocols with symmetric encryption
Proceedings of the 16th ACM conference on Computer and communications security
Deciding security properties for cryptographic protocols. application to key cycles
ACM Transactions on Computational Logic (TOCL)
Verifying cryptographic protocols with subterms constraints
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
Safely composing security protocols
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Bounding messages for free in security protocols
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems
Journal of Automated Reasoning
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
| Hi-index | 0.00 |
Many recent results are concerned with interpreting proofs of security done in symbolic models in the more detailed models of computational cryptography. In the case of symmetric encryption, these results stringently demand that no key cycle (e.g. {k}k) can be produced during the execution of protocols. While security properties like secrecy or authentication have been proved decidable for many interesting classes of protocols, the automatic detection of key cycles has not been studied so far. In this paper, we prove that deciding the existence of key-cycles is NP-complete for a bounded number of sessions. Next, we observe that the techniques that we use are of more general interest and apply them to reprove the decidability of a significant existing fragment of protocols with timestamps.