Proving more observational equivalences with proverif

Authors:
Vincent Cheval;Bruno Blanchet
Affiliations:
LSV, ENS Cachan & CNRS & INRIA Saclay Île-de-France, France;INRIA Paris-Rocquencourt, France
Venue:
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Year:
2013

Citing 11
Cited 0

A calculus for cryptographic protocols

Information and Computation
Mobile values, new names, and secure communication

POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic testing equivalence verification of spi calculus specifications

ACM Transactions on Software Engineering and Methodology (TOSEM)
Private authentication

Theoretical Computer Science - Special issue: Foundations of wide area network computing
A Complete Symbolic Bisimulation for Full Applied Pi Calculus

SOFSEM '10 Proceedings of the 36th Conference on Current Trends in Theory and Practice of Computer Science
Symbolic bisimulation for the applied Pi calculus

FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Automating Open Bisimulation Checking for the Spi Calculus

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Trace equivalence decision: negative tests and non-determinism

Proceedings of the 18th ACM conference on Computer and communications security
The finite variant property: how to get rid of some algebraic properties

RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Verifying Privacy-Type Properties in a Modular Way

CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents an extension of the automatic protocol verifier ProVerif in order to prove more observational equivalences. ProVerif can prove observational equivalence between processes that have the same structure but differ by the messages they contain. In order to extend the class of equivalences that ProVerif handles, we extend the language of terms by defining more functions (destructors) by rewrite rules. In particular, we allow rewrite rules with inequalities as side-conditions, so that we can express tests "if then else" inside terms. Finally, we provide an automatic procedure that translates a process into an equivalent process that performs as many actions as possible inside terms, to allow ProVerif to prove the desired equivalence. These extensions have been implemented in ProVerif and allow us to automatically prove anonymity in the private authentication protocol by Abadi and Fournet.