L(A) = L(B)? decidability results from complete formal systems
Theoretical Computer Science
Deciding DPDA Equivalence Is Primitive Recursive
ICALP '02 Proceedings of the 29th International Colloquium on Automata, Languages and Programming
The Equivalence Problem for Deterministic Pushdown Automata is Decidable
ICALP '97 Proceedings of the 24th International Colloquium on Automata, Languages and Programming
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Automated Verification of Selected Equivalences for Security Protocols
LICS '05 Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Proceedings of the 15th ACM conference on Computer and communications security
A Method for Proving Observational Equivalence
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Formal Verification of Privacy for RFID Systems
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Automating Open Bisimulation Checking for the Spi Calculus
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Trace equivalence decision: negative tests and non-determinism
Proceedings of the 18th ACM conference on Computer and communications security
Decidability of Equivalence of Symbolic Derivations
Journal of Automated Reasoning
Hi-index | 0.00 |
Formal methods have been very successful in analyzing security protocols for reachability properties such as secrecy or authentication. In contrast, there are very few results for equivalence-based properties, crucial for studying e.g. privacy-like properties such as anonymity or vote secrecy. We study the problem of checking equivalence of security protocols for an unbounded number of sessions. Since replication leads very quickly to undecidability (even in the simple case of secrecy), we focus on a limited fragment of protocols (standard primitives but pairs, one variable per protocol's rules) for which the secrecy preservation problem is known to be decidable. Surprisingly, this fragment turns out to be undecidable for equivalence. Then, restricting our attention to deterministic protocols, we propose the first decidability result for checking equivalence of protocols for an unbounded number of sessions. This result is obtained through a characterization of equivalence of protocols in terms of equality of languages of (generalized, real-time) deterministic pushdown automata.