Complexity of nilpotent unification and matching problems
Information and Computation
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
A decision procedure for the verification of security protocols with explicit destructors
Proceedings of the 11th ACM conference on Computer and communications security
Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation
Journal of Computer Security
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
On the security of public key protocols
SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Easy intruder deduction problems with homomorphisms
Information Processing Letters
A secure and optimally efficient multi-authority election scheme
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Intruder deduction for AC-like equational theories with homomorphisms
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Note: An undecidability result for AGh
Theoretical Computer Science
Intruder deduction for the equational theory of Abelian groups with distributive encryption
Information and Computation
Electronic Notes in Theoretical Computer Science (ENTCS)
Symbolic protocol analysis for monoidal equational theories
Information and Computation
A Proof Theoretic Analysis of Intruder Theories
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Associative-commutative deducibility constraints
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Information-flow types for homomorphic encryptions
Proceedings of the 18th ACM conference on Computer and communications security
Deducibility constraints, equational theory and electronic money
Rewriting Computation and Proof
| Hi-index | 0.00 |
Security of a cryptographic protocol for a bounded number of sessions is usually expressed as a symbolic trace reachability problem. We show that symbolic trace reachability for well-defined protocols is decidable in presence of the exclusive or theory in combination with the homomorphism axiom. These theories allow us to model basic properties of important cryptographic operators This trace reachability problem can be expressed as a system of symbolic deducibility constraints for a certain inference system describing the capabilities of the attacker. One main step of our proof consists in reducing deducibility constraints to constraints for deducibility in one step of the inference system. This constraint system, in turn, can be expressed as a system of quadratic equations of a particular form over ℤ/2ℤ[h], the ring of polynomials in one indeterminate over the finite field ℤ/2ℤ. We show that satisfiability of such systems is decidable