Niveau: Supérieur, Doctorat, Bac+8
A Computationally Sound Mechanized Prover for Security Protocols Bruno Blanchet CNRS, ·Ecole Normale Sup·erieure, Paris Abstract We present a new mechanized prover for secrecy proper- ties of cryptographic protocols. In contrast to most previous provers, our tool does not rely on the Dolev-Yao model, but on the computational model. It produces proofs presented as sequences of games; these games are formalized in a probabilistic polynomial-time process calculus. Our tool provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared- and public-key encryption, signatures, message authentica- tion codes, and hash functions. Our tool produces proofs valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. We have implemented our tool and tested it on a number of examples of protocols from the literature. 1 Introduction There exist two main frameworks for studying cryp- tographic protocols. In the computational model, mes- sages are bitstrings, and the adversary is a probabilistic polynomial-time Turing machine. This model is close to the real execution of protocols, but the proofs are usually manual and informal. In contrast, in the formal, Dolev-Yao model, cryptographic primitives are considered as perfect blackboxes, modeled by function symbols in an algebra of terms, possibly with equations.
- time turing
- let xm
- suchthat defined
- single definition
- then
- output
- defined variables
- can then
- make automatic syntactic
- automatic analysis