Theory of linear and integer programming
Theory of linear and integer programming
Fast parallel computation of hermite and smith forms of polynomial matrices
SIAM Journal on Algebraic and Discrete Methods
Handbook of theoretical computer science (vol. B)
Automatic recognition of tractability in inference relations
Journal of the ACM (JACM)
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Term rewriting and all that
A calculus for cryptographic protocols
Information and Computation
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
Solving linear equations over polynomial semirings
LICS '96 Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
A resolution strategy for verifying cryptographic protocols with CBC encryption and blind signatures
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Easy intruder deduction problems with homomorphisms
Information Processing Letters
Deciding knowledge in security protocols under equational theories
Theoretical Computer Science - Automated reasoning for security protocol analysis
Intruder deduction for the equational theory of Abelian groups with distributive encryption
Information and Computation
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
Electronic Notes in Theoretical Computer Science (ENTCS)
Hierarchical combination of intruder theories
Information and Computation
Easy intruder deduction problems with homomorphisms
Information Processing Letters
Boundedness problems for Minsky counter machines
Programming and Computing Software
Deciding knowledge in security protocols for monoidal equational theories
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
Symbolic protocol analysis in presence of a homomorphism operator and exclusive or
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
LPAR'05 Proceedings of the 12th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Hierarchical combination of intruder theories
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Decidability and Combination Results for Two Notions of Knowledge in Security Protocols
Journal of Automated Reasoning
Security protocols, constraint systems, and group theories
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
| Hi-index | 0.00 |
Cryptographic protocols are small programs which involve a high level of concurrency and which are difficult to analyze by hand. The most successful methods to verify such protocols rely on rewriting techniques and automated deduction in order to implement or mimic the process calculus describing the protocol execution. We focus on the intruder deduction problem, that is the vulnerability to passive attacks, in presence of several variants of AC-like axioms (from AC to Abelian groups, including the theory of exclusive or) and homomorphism which are the most frequent axioms arising in cryptographic protocols. Solutions are known for the cases of exclusive or, of Abelian groups, and of homomorphism alone. In this paper we address the combination of these AC-like theories with the law of homomorphism which leads to much more complex decision problems. We prove decidability of the intruder deduction problem in all cases considered. Our decision procedure is in EXPTIME, except for a restricted case in which we have been able to get a PTIME decision procedure using a property of one-counter and pushdown automata.