Using one-way functions for authentication
ACM SIGCOMM Computer Communication Review
Handbook of theoretical computer science (vol. B)
Key distribution protocol for digital mobile communication systems
CRYPTO '89 Proceedings on Advances in cryptology
On the regular structure of prefix rewriting
CAAP '90 Selected papers of the conference on Fifteenth colloquium on trees in algebra and programming
Automatic recognition of tractability in inference relations
Journal of the ACM (JACM)
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Term rewriting and all that
A calculus for cryptographic protocols
Information and Computation
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A decision procedure for the verification of security protocols with explicit destructors
Proceedings of the 11th ACM conference on Computer and communications security
Deciding Knowledge in Security Protocols under (Many More) Equational Theories
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Easy intruder deduction problems with homomorphisms
Information Processing Letters
Note: An undecidability result for AGh
Theoretical Computer Science
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
Symbolic protocol analysis in presence of a homomorphism operator and exclusive or
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Intruder deduction for AC-like equational theories with homomorphisms
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Combining Algorithms for Deciding Knowledge in Security Protocols
FroCoS '07 Proceedings of the 6th international symposium on Frontiers of Combining Systems
A Proof Theoretic Analysis of Intruder Theories
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Computing Knowledge in Security Protocols under Convergent Equational Theories
CADE-22 Proceedings of the 22nd International Conference on Automated Deduction
Approximation-based tree regular model-checking
Nordic Journal of Computing
Unification modulo homomorphic encryption
FroCoS'09 Proceedings of the 7th international conference on Frontiers of combining systems
A DEXPTIME-complete Dolev-Yao theory with distributive encryption
MFCS'10 Proceedings of the 35th international conference on Mathematical foundations of computer science
Unification Modulo Homomorphic Encryption
Journal of Automated Reasoning
Computing Knowledge in Security Protocols Under Convergent Equational Theories
Journal of Automated Reasoning
Decidability and Combination Results for Two Notions of Knowledge in Security Protocols
Journal of Automated Reasoning
Hi-index | 0.00 |
Cryptographic protocols are small programs which involve a high level of concurrency and which are difficult to analyze by hand. The most successful methods to verify such protocols are based on rewriting techniques and automated deduction in order to implement or mimic the process calculus describing the execution of a protocol. We are interested in the intruder deduction problem, that is vulnerability to passive attacks in presence of equational theories which model the protocol specification and properties of the cryptographic operators. In the present paper, we consider the case where the encryption distributes over the operator of an Abelian group or over an exclusive-or operator. We prove decidability of the intruder deduction problem in both cases. We obtain a PTIME decision procedure in a restricted case, the so-called binary case. These decision procedures are based on a careful analysis of the proof system modeling the deductive power of the intruder, taking into account the algebraic properties of the equational theories under consideration. The analysis of the deduction rules interacting with the equational theory relies on the manipulation of Z-modules in the general case, and on results from prefix rewriting in the binary case.