Niveau: Supérieur, Doctorat, Bac+8
A Computationally Sound Mechanized Prover for Security Protocols Bruno Blanchet?† May 25, 2007 Abstract We present a new mechanized prover for secrecy properties of security protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for speci- fying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions. Our tool pro- duces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. We have implemented our tool and tested it on a number of exam- ples of protocols from the literature. 1 Introduction There exist two main approaches for analyzing security proto- cols. In the computational model, messages are bitstrings, and the adversary is a probabilistic polynomial-time Turing machine. This model is close to the real execution of protocols, but the proofs are usually manual and informal. In contrast, in the for- mal, Dolev-Yao model, cryptographic primitives are considered as perfect blackboxes, modeled by function symbols in an al- gebra of terms, possibly with equations. The adversary can compute using these blackboxes.
- let xm
- suchthat defined
- variable access
- single definition
- when i1
- sev- eral security
- security parameter
- can then
- mj then