Intruder Deduction for the Equational Theory of Exclusive-or with Commutative and Distributive Encryption

Authors:
Pascal Lafourcade
Affiliations:
Information Security ETH Zentrum, IFW C41.2, Haldeneggsteig 4 CH-8092 Zürich Switzerland
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2007

Citing 11
Cited 1

Rewrite systems

Handbook of theoretical computer science (vol. B)
Automatic recognition of tractability in inference relations

Journal of the ACM (JACM)
Term rewriting and all that

Term rewriting and all that
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Protocol Insecurity with Finite Number of Sessions is NP-Complete

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Easy intruder deduction problems with homomorphisms

Information Processing Letters
A survey of algebraic properties used in cryptographic protocols

Journal of Computer Security
Symbolic protocol analysis in presence of a homomorphism operator and exclusive or

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Combining intruder theories

ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Intruder deduction for AC-like equational theories with homomorphisms

RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications

Efficient decision procedures for message deducibility and static equivalence

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust

Quantified Score

Hi-index	0.00

Visualization

Abstract

The first step in the verification of cryptographic protocols is to decide the intruder deduction problem, that is the vulnerability to a so-called passive attacker. We extend the Dolev-Yao model in order to model this problem in presence of the equational theory of a commutative encryption operator which distributes over the exclusive-or operator. The interaction between the commutative distributive law of the encryption and exclusive-or offers more possibilities to decrypt an encrypted message than in the non-commutative case, which imply a more careful analysis of the proof system. We prove decidability of the intruder deduction problem for a commutative encryption which distributes over exclusive-or with a DOUBLE-EXP-TIME procedure. And we obtain that this problem is EXPSPACE-hard in the binary case.