Unification problems with one-sided distributivity
Journal of Symbolic Computation
Term rewriting and all that
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
The complexity of satisfiability problems
STOC '78 Proceedings of the tenth annual ACM symposium on Theory of computing
A decision procedure for the verification of security protocols with explicit destructors
Proceedings of the 11th ACM conference on Computer and communications security
A resolution strategy for verifying cryptographic protocols with CBC encryption and blind signatures
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Intruder deduction for the equational theory of Abelian groups with distributive encryption
Information and Computation
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
Analysing the Vulnerability of Protocols to Produce Known-pair and Chosen-text Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Cap unification: application to protocol security modulo homomorphic encryption
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
RTA'07 Proceedings of the 18th international conference on Term rewriting and applications
Unification modulo homomorphic encryption
FroCoS'09 Proceedings of the 7th international conference on Frontiers of combining systems
Hi-index | 0.00 |
Encryption `distributing over pairs' is a technique employed in several cryptographic protocols. We show that unification is decidable for an equational theory HE specifying such an encryption. The method consists in transforming any given problem in such a way, that the resulting problem can be solved by combining a graph-based reasoning on its equations involving the homomorphisms, with a syntactic reasoning on its pairings. We show HE-unification to be NP-hard and in EXPTIME. We also indicate, briefly, how to extend HE-unification to Cap unification modulo HE, that can be used as a tool for modeling and analyzing cryptographic protocols where encryption follows the ECB mode, i.e., is done block-wise on messages.