• Home

  • Documents

  • A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... ·...
53
A Teory of Assertions for Dolev-Yao Models R Ramanujam IMSc, Chennai Vaishnavi Sundararajan CMI, Chennai S P Suresh CMI, Chennai IRISA, Rennes 8 th June 2018

A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

A Theory of Assertions for Dolev-Yao Models

R Ramanujam

IMSc, Chennai

Vaishnavi Sundararajan

CMI, Chennai

S P Suresh

CMI, Chennai

IRISA, Rennes

8th June 2018

Page 2: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

IntroductionSecurity protocol: a pattern of communications to achieve a security goal

in an insecure environment.

Each communication is of the form A B: m.

A and B are agents participating in the protocol, and m is some message.

Malicious intruder can play havoc when many messages are being

communicated, by mixing-and-matching (even without breaking

cryptography).

Need formal analysis of protocols to guarantee security goals!

Page 3: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Dolev-Yao Model

Framework for analysis of security protocols.

Messages are abstract terms rather than bitstrings.

Encryption, hashing etc. abstract functions on terms.

Cryptography assumed to be perfect, no cryptanalysis!

Formalize properties, verify.

Page 4: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Dolev-Yao Model: IntruderIntruder I cannot break encryption, but can

see any message

block any message

redirect any message

generate messages — according to set rules!

send messages in someone else’s name

initiate new communication according to the protocol

Page 5: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Dolev-Yao Model: ActionsTwo types of actions, send and receive.

Each communication A B separated out into a send action

(+A) and a ‘corresponding’ receive action (-B).

Every sent term assumed to be received by I.

Each received term assumed to come from I.

Ties in well with intuition of I being the network!

Page 6: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Dolev-Yao model: Term derivation system

= � � ( , ) � ( , ′) � ( , , )

∈N

� ( )

� �

� ( , )

� ( , )

� ( , )

� �

� ( , )

� ( , ) �

� � �

� ( , , )

� ( , , ) � ( )

<latexit sha1_base64="qHwYZ7a9ajbNdfXO/0nVDrkaZ3U=">AAAKc3ictVbdbtNIFDZll4DZBcpecjOi/KRSieyCoFx0xQokEKKrrqBQKbaik/E4GWLPmJlxSOX18+wD7NPsg3DPGacJcRJCS1lblj3nZ873nXM8M90s4dp43n/n1s7/9POFxsVL7uVffr1y9dr69bda5oqyAyoTqQ67oFnCBTsw3CTsMFMM0m7C3nUHT63+3ZApzaV4Y44yFqbQEzzmFAyKOusX/gnaxJBdkpIg5REJDBuZIhs0B5tlTQJclU3TKbxyi+DLLzdn1ZoJimpU3a3JYSJXW2SAmtB1gy7rcVEYQIhlux+6AWXCMMVFzw10CkkyY5InoMrib4p36QZ9y9K9EwQTixRMv5wMMiVlbBRjpStIwPGxagpJ8WfZKTK0e59rg9yZJockGEag+wStco2hx3g5Es27aMlENDtfNR4Hu/Ot2KaKfbg0mpmPBqOVwZBpxfbExKeRBkvjT6pbNm0x5ogPSnIm4l9Y2i4hwYccIjIr9JeXYEWDzSG0Jv9Pur6KYXkZxwTr6GJtztY43w/GXwCjRbS6mt+fKjNf2XxFVafrQr5QzUr1IxNWi3USiAt/o47Yakhnyhre06GqD1f9rfNL6NwC8qOzOB9uFubYgouhXT9OuMCdLqWVYrLuT0e4Ubidaxtey3uw/fCxR7zW/cc7Dz2f+C2vuqYfG87xtd9ZX/s3iCTNU9xdaAJat30vM2EBynBqZ0SkLAM6gB5rR0OeaQEp02ExqnbVktxGfURiqfARhlTSWacCUq2P0i5aWip6XlfxW6Jr5ybeCTGNWW5ssqtAcZ4QI4ndoknEFaMmOcIPoIojXEL7oIDiLlmPMpPSWoQ98RqBySSskqyzqgYzflaqdKzr0lFiRkYBCiMWQ54YyztmYHLFdLEHWYaV3cXC3rPFRTPNTApcWLN2WPwRyS4jL5nQUpB9JScGCMBaNF/hkUNsPeM9bvRm+zVuzGx3Dwztv5IfmaJ4iPn2HM+R6+Brzntc8Inb7YmfSounfchAKUi+zIinDA2imlOfCgo6plLIUzoKqfBgwzUbgsKGSvWYFhcf+9wwjQVg2J2eF9o2X2jqxY+32y3fa/l/bW882Tlu+IvODeem03R855HzxHnh7DsHDm1caTxo7DZ+v/TJveHedG+NTdfOHfv85tQu995nZom06Q==</latexit><latexit sha1_base64="qHwYZ7a9ajbNdfXO/0nVDrkaZ3U=">AAAKc3ictVbdbtNIFDZll4DZBcpecjOi/KRSieyCoFx0xQokEKKrrqBQKbaik/E4GWLPmJlxSOX18+wD7NPsg3DPGacJcRJCS1lblj3nZ873nXM8M90s4dp43n/n1s7/9POFxsVL7uVffr1y9dr69bda5oqyAyoTqQ67oFnCBTsw3CTsMFMM0m7C3nUHT63+3ZApzaV4Y44yFqbQEzzmFAyKOusX/gnaxJBdkpIg5REJDBuZIhs0B5tlTQJclU3TKbxyi+DLLzdn1ZoJimpU3a3JYSJXW2SAmtB1gy7rcVEYQIhlux+6AWXCMMVFzw10CkkyY5InoMrib4p36QZ9y9K9EwQTixRMv5wMMiVlbBRjpStIwPGxagpJ8WfZKTK0e59rg9yZJockGEag+wStco2hx3g5Es27aMlENDtfNR4Hu/Ot2KaKfbg0mpmPBqOVwZBpxfbExKeRBkvjT6pbNm0x5ogPSnIm4l9Y2i4hwYccIjIr9JeXYEWDzSG0Jv9Pur6KYXkZxwTr6GJtztY43w/GXwCjRbS6mt+fKjNf2XxFVafrQr5QzUr1IxNWi3USiAt/o47Yakhnyhre06GqD1f9rfNL6NwC8qOzOB9uFubYgouhXT9OuMCdLqWVYrLuT0e4Ubidaxtey3uw/fCxR7zW/cc7Dz2f+C2vuqYfG87xtd9ZX/s3iCTNU9xdaAJat30vM2EBynBqZ0SkLAM6gB5rR0OeaQEp02ExqnbVktxGfURiqfARhlTSWacCUq2P0i5aWip6XlfxW6Jr5ybeCTGNWW5ssqtAcZ4QI4ndoknEFaMmOcIPoIojXEL7oIDiLlmPMpPSWoQ98RqBySSskqyzqgYzflaqdKzr0lFiRkYBCiMWQ54YyztmYHLFdLEHWYaV3cXC3rPFRTPNTApcWLN2WPwRyS4jL5nQUpB9JScGCMBaNF/hkUNsPeM9bvRm+zVuzGx3Dwztv5IfmaJ4iPn2HM+R6+Brzntc8Inb7YmfSounfchAKUi+zIinDA2imlOfCgo6plLIUzoKqfBgwzUbgsKGSvWYFhcf+9wwjQVg2J2eF9o2X2jqxY+32y3fa/l/bW882Tlu+IvODeem03R855HzxHnh7DsHDm1caTxo7DZ+v/TJveHedG+NTdfOHfv85tQu995nZom06Q==</latexit><latexit sha1_base64="qHwYZ7a9ajbNdfXO/0nVDrkaZ3U=">AAAKc3ictVbdbtNIFDZll4DZBcpecjOi/KRSieyCoFx0xQokEKKrrqBQKbaik/E4GWLPmJlxSOX18+wD7NPsg3DPGacJcRJCS1lblj3nZ873nXM8M90s4dp43n/n1s7/9POFxsVL7uVffr1y9dr69bda5oqyAyoTqQ67oFnCBTsw3CTsMFMM0m7C3nUHT63+3ZApzaV4Y44yFqbQEzzmFAyKOusX/gnaxJBdkpIg5REJDBuZIhs0B5tlTQJclU3TKbxyi+DLLzdn1ZoJimpU3a3JYSJXW2SAmtB1gy7rcVEYQIhlux+6AWXCMMVFzw10CkkyY5InoMrib4p36QZ9y9K9EwQTixRMv5wMMiVlbBRjpStIwPGxagpJ8WfZKTK0e59rg9yZJockGEag+wStco2hx3g5Es27aMlENDtfNR4Hu/Ot2KaKfbg0mpmPBqOVwZBpxfbExKeRBkvjT6pbNm0x5ogPSnIm4l9Y2i4hwYccIjIr9JeXYEWDzSG0Jv9Pur6KYXkZxwTr6GJtztY43w/GXwCjRbS6mt+fKjNf2XxFVafrQr5QzUr1IxNWi3USiAt/o47Yakhnyhre06GqD1f9rfNL6NwC8qOzOB9uFubYgouhXT9OuMCdLqWVYrLuT0e4Ubidaxtey3uw/fCxR7zW/cc7Dz2f+C2vuqYfG87xtd9ZX/s3iCTNU9xdaAJat30vM2EBynBqZ0SkLAM6gB5rR0OeaQEp02ExqnbVktxGfURiqfARhlTSWacCUq2P0i5aWip6XlfxW6Jr5ybeCTGNWW5ssqtAcZ4QI4ndoknEFaMmOcIPoIojXEL7oIDiLlmPMpPSWoQ98RqBySSskqyzqgYzflaqdKzr0lFiRkYBCiMWQ54YyztmYHLFdLEHWYaV3cXC3rPFRTPNTApcWLN2WPwRyS4jL5nQUpB9JScGCMBaNF/hkUNsPeM9bvRm+zVuzGx3Dwztv5IfmaJ4iPn2HM+R6+Brzntc8Inb7YmfSounfchAKUi+zIinDA2imlOfCgo6plLIUzoKqfBgwzUbgsKGSvWYFhcf+9wwjQVg2J2eF9o2X2jqxY+32y3fa/l/bW882Tlu+IvODeem03R855HzxHnh7DsHDm1caTxo7DZ+v/TJveHedG+NTdfOHfv85tQu995nZom06Q==</latexit><latexit sha1_base64="qHwYZ7a9ajbNdfXO/0nVDrkaZ3U=">AAAKc3ictVbdbtNIFDZll4DZBcpecjOi/KRSieyCoFx0xQokEKKrrqBQKbaik/E4GWLPmJlxSOX18+wD7NPsg3DPGacJcRJCS1lblj3nZ873nXM8M90s4dp43n/n1s7/9POFxsVL7uVffr1y9dr69bda5oqyAyoTqQ67oFnCBTsw3CTsMFMM0m7C3nUHT63+3ZApzaV4Y44yFqbQEzzmFAyKOusX/gnaxJBdkpIg5REJDBuZIhs0B5tlTQJclU3TKbxyi+DLLzdn1ZoJimpU3a3JYSJXW2SAmtB1gy7rcVEYQIhlux+6AWXCMMVFzw10CkkyY5InoMrib4p36QZ9y9K9EwQTixRMv5wMMiVlbBRjpStIwPGxagpJ8WfZKTK0e59rg9yZJockGEag+wStco2hx3g5Es27aMlENDtfNR4Hu/Ot2KaKfbg0mpmPBqOVwZBpxfbExKeRBkvjT6pbNm0x5ogPSnIm4l9Y2i4hwYccIjIr9JeXYEWDzSG0Jv9Pur6KYXkZxwTr6GJtztY43w/GXwCjRbS6mt+fKjNf2XxFVafrQr5QzUr1IxNWi3USiAt/o47Yakhnyhre06GqD1f9rfNL6NwC8qOzOB9uFubYgouhXT9OuMCdLqWVYrLuT0e4Ubidaxtey3uw/fCxR7zW/cc7Dz2f+C2vuqYfG87xtd9ZX/s3iCTNU9xdaAJat30vM2EBynBqZ0SkLAM6gB5rR0OeaQEp02ExqnbVktxGfURiqfARhlTSWacCUq2P0i5aWip6XlfxW6Jr5ybeCTGNWW5ssqtAcZ4QI4ndoknEFaMmOcIPoIojXEL7oIDiLlmPMpPSWoQ98RqBySSskqyzqgYzflaqdKzr0lFiRkYBCiMWQ54YyztmYHLFdLEHWYaV3cXC3rPFRTPNTApcWLN2WPwRyS4jL5nQUpB9JScGCMBaNF/hkUNsPeM9bvRm+zVuzGx3Dwztv5IfmaJ4iPn2HM+R6+Brzntc8Inb7YmfSounfchAKUi+zIinDA2imlOfCgo6plLIUzoKqfBgwzUbgsKGSvWYFhcf+9wwjQVg2J2eF9o2X2jqxY+32y3fa/l/bW882Tlu+IvODeem03R855HzxHnh7DsHDm1caTxo7DZ+v/TJveHedG+NTdfOHfv85tQu995nZom06Q==</latexit>

Page 7: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

More about Dolev-Yao

Dolev-Yao treats all messages as “terms”.

What if protocol involves certificates? For

authorization, delegation etc.

Encoded as terms in Dolev-Yao — bit commitment,

protocol-specific tagging etc.

Not always concise/readable!

Page 8: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

ExampleA sends to B a nonce m encrypted in some key k, along with a

disjunctive certificate about the value of m being a or b.

Need to encode this certificate as a term in Dolev-Yao algebra.

Uses 1-out-of-2 encryption: For a given {m}k, show that it is of

the form {mi}k where mi ∈ {m0, m1}, without revealing i.

Needs multiplication, exponentiation, and hashing!

Not obvious that the end result stands for {m = a or m = b}.

Page 9: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

ZKP Terms [BHM08]

Extend the Dolev-Yao model with “zero-knowledge proof terms”.

Zero-knowledge proof term: ZKp,q(P1,…,Pp ; Q1,…,Qq ; F).

Ps: private; Qs: public; F defines relationship between Ps and

Qs.

Presents the certificate in a more readable format than encoding

into terms.

BHM08: Backes, M.; Hritcu, C.; Matteo, M. (2008) “Type-checking zero-knowledge.” In Proc. CCS ’08, 357–370.

→ ∶,� , ;{ } , , ; = ( , ) ∧ ( = ∨ = )�

<latexit sha1_base64="PXdadgSz/yz2v0WtssY9V2l5vlI=">AAAFJniclVTbbtNAEHVogBJuLTzysqKqlEgmsp1eQZV6QSqCRiqUXkQcRevN2lllL2Z33SayzPfwNbwhhHjhU1g7aWmaItR9Gp05Z3ZmZ2aDmBKlHedn6dZM+fadu7P3KvcfPHz0eG7+yZESiUT4EAkq5EkAFaaE40NNNMUnscSQBRQfB/2d3H98iqUign/Uwxi3GYw4CQmC2kCduV9bwJck6mkopTgD2+Al8DUe6PTTu6yTejZoZH5AIloFqV/clrJhYJg8A8wG/ezLq0uOSGJsHH7KfCPuZzaANggmOTFNmKEEWMOOCzZGtxGdYo6yqg9p3DO4DcaWVwM+hbwLLly5pBB7xiMkmMIbtTw8iWStM7fg1J0lb2XdAU69sb624rjArTvFuTAWrPHZ78zPNPyuQAnDXCMKlWq5TqzbKZSaIIqzip8oHEPUhxFuGZNDhlU7LUrLwKJBuiA0OYWCa1CglxUpZEoNWWCYDOqeuurLwet8rUSHa+2U8DjR+SsVF4UJBVqAvKWgSyRGmg6NAZEkJleAelBCpE3jr83ZBt1TEqtx/oNRAZUJapMfmFwFbadFQjFGE+UXqFShmkQHVA+0hAbs4hAmVOdPEWKoE4lV2oRxTHi0YVr+Im+7oSmsGSQ8p7Xa6VZXBBi8xVwJDvalOCeYBHJGdc9MLbdfk4hoVWsdIEjxRhNq1NsTZ1giswf/j7FrhrT/L3GTcHIuWzzXSZbu9GBsNgTSvxEhpQryIqa6USpGyAQXNxRyIRk0HwI+hdLMGFOjsgg/6xGNlWkANtPqOO1K8fbmO5hc1/TD7naWut6avbJke9lV0mh1RyTPtZdd212eIhW7O+Ksera3bLsNQzJrNrVU08aRV3eduvt+aWFze7xws9Yz67lVtVxr1dq03lj71qGFSlulqBSXPpe/lr+Vv5d/jKi3SmPNU2vilH//Aa43wso=</latexit><latexit sha1_base64="PXdadgSz/yz2v0WtssY9V2l5vlI=">AAAFJniclVTbbtNAEHVogBJuLTzysqKqlEgmsp1eQZV6QSqCRiqUXkQcRevN2lllL2Z33SayzPfwNbwhhHjhU1g7aWmaItR9Gp05Z3ZmZ2aDmBKlHedn6dZM+fadu7P3KvcfPHz0eG7+yZESiUT4EAkq5EkAFaaE40NNNMUnscSQBRQfB/2d3H98iqUign/Uwxi3GYw4CQmC2kCduV9bwJck6mkopTgD2+Al8DUe6PTTu6yTejZoZH5AIloFqV/clrJhYJg8A8wG/ezLq0uOSGJsHH7KfCPuZzaANggmOTFNmKEEWMOOCzZGtxGdYo6yqg9p3DO4DcaWVwM+hbwLLly5pBB7xiMkmMIbtTw8iWStM7fg1J0lb2XdAU69sb624rjArTvFuTAWrPHZ78zPNPyuQAnDXCMKlWq5TqzbKZSaIIqzip8oHEPUhxFuGZNDhlU7LUrLwKJBuiA0OYWCa1CglxUpZEoNWWCYDOqeuurLwet8rUSHa+2U8DjR+SsVF4UJBVqAvKWgSyRGmg6NAZEkJleAelBCpE3jr83ZBt1TEqtx/oNRAZUJapMfmFwFbadFQjFGE+UXqFShmkQHVA+0hAbs4hAmVOdPEWKoE4lV2oRxTHi0YVr+Im+7oSmsGSQ8p7Xa6VZXBBi8xVwJDvalOCeYBHJGdc9MLbdfk4hoVWsdIEjxRhNq1NsTZ1giswf/j7FrhrT/L3GTcHIuWzzXSZbu9GBsNgTSvxEhpQryIqa6USpGyAQXNxRyIRk0HwI+hdLMGFOjsgg/6xGNlWkANtPqOO1K8fbmO5hc1/TD7naWut6avbJke9lV0mh1RyTPtZdd212eIhW7O+Ksera3bLsNQzJrNrVU08aRV3eduvt+aWFze7xws9Yz67lVtVxr1dq03lj71qGFSlulqBSXPpe/lr+Vv5d/jKi3SmPNU2vilH//Aa43wso=</latexit><latexit sha1_base64="PXdadgSz/yz2v0WtssY9V2l5vlI=">AAAFJniclVTbbtNAEHVogBJuLTzysqKqlEgmsp1eQZV6QSqCRiqUXkQcRevN2lllL2Z33SayzPfwNbwhhHjhU1g7aWmaItR9Gp05Z3ZmZ2aDmBKlHedn6dZM+fadu7P3KvcfPHz0eG7+yZESiUT4EAkq5EkAFaaE40NNNMUnscSQBRQfB/2d3H98iqUign/Uwxi3GYw4CQmC2kCduV9bwJck6mkopTgD2+Al8DUe6PTTu6yTejZoZH5AIloFqV/clrJhYJg8A8wG/ezLq0uOSGJsHH7KfCPuZzaANggmOTFNmKEEWMOOCzZGtxGdYo6yqg9p3DO4DcaWVwM+hbwLLly5pBB7xiMkmMIbtTw8iWStM7fg1J0lb2XdAU69sb624rjArTvFuTAWrPHZ78zPNPyuQAnDXCMKlWq5TqzbKZSaIIqzip8oHEPUhxFuGZNDhlU7LUrLwKJBuiA0OYWCa1CglxUpZEoNWWCYDOqeuurLwet8rUSHa+2U8DjR+SsVF4UJBVqAvKWgSyRGmg6NAZEkJleAelBCpE3jr83ZBt1TEqtx/oNRAZUJapMfmFwFbadFQjFGE+UXqFShmkQHVA+0hAbs4hAmVOdPEWKoE4lV2oRxTHi0YVr+Im+7oSmsGSQ8p7Xa6VZXBBi8xVwJDvalOCeYBHJGdc9MLbdfk4hoVWsdIEjxRhNq1NsTZ1giswf/j7FrhrT/L3GTcHIuWzzXSZbu9GBsNgTSvxEhpQryIqa6USpGyAQXNxRyIRk0HwI+hdLMGFOjsgg/6xGNlWkANtPqOO1K8fbmO5hc1/TD7naWut6avbJke9lV0mh1RyTPtZdd212eIhW7O+Ksera3bLsNQzJrNrVU08aRV3eduvt+aWFze7xws9Yz67lVtVxr1dq03lj71qGFSlulqBSXPpe/lr+Vv5d/jKi3SmPNU2vilH//Aa43wso=</latexit><latexit sha1_base64="PXdadgSz/yz2v0WtssY9V2l5vlI=">AAAFJniclVTbbtNAEHVogBJuLTzysqKqlEgmsp1eQZV6QSqCRiqUXkQcRevN2lllL2Z33SayzPfwNbwhhHjhU1g7aWmaItR9Gp05Z3ZmZ2aDmBKlHedn6dZM+fadu7P3KvcfPHz0eG7+yZESiUT4EAkq5EkAFaaE40NNNMUnscSQBRQfB/2d3H98iqUign/Uwxi3GYw4CQmC2kCduV9bwJck6mkopTgD2+Al8DUe6PTTu6yTejZoZH5AIloFqV/clrJhYJg8A8wG/ezLq0uOSGJsHH7KfCPuZzaANggmOTFNmKEEWMOOCzZGtxGdYo6yqg9p3DO4DcaWVwM+hbwLLly5pBB7xiMkmMIbtTw8iWStM7fg1J0lb2XdAU69sb624rjArTvFuTAWrPHZ78zPNPyuQAnDXCMKlWq5TqzbKZSaIIqzip8oHEPUhxFuGZNDhlU7LUrLwKJBuiA0OYWCa1CglxUpZEoNWWCYDOqeuurLwet8rUSHa+2U8DjR+SsVF4UJBVqAvKWgSyRGmg6NAZEkJleAelBCpE3jr83ZBt1TEqtx/oNRAZUJapMfmFwFbadFQjFGE+UXqFShmkQHVA+0hAbs4hAmVOdPEWKoE4lV2oRxTHi0YVr+Im+7oSmsGSQ8p7Xa6VZXBBi8xVwJDvalOCeYBHJGdc9MLbdfk4hoVWsdIEjxRhNq1NsTZ1giswf/j7FrhrT/L3GTcHIuWzzXSZbu9GBsNgTSvxEhpQryIqa6USpGyAQXNxRyIRk0HwI+hdLMGFOjsgg/6xGNlWkANtPqOO1K8fbmO5hc1/TD7naWut6avbJke9lV0mh1RyTPtZdd212eIhW7O+Ksera3bLsNQzJrNrVU08aRV3eduvt+aWFze7xws9Yz67lVtVxr1dq03lj71qGFSlulqBSXPpe/lr+Vv5d/jKi3SmPNU2vilH//Aa43wso=</latexit>

Page 10: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

ZKP Terms (Contd.)

Sounds great! So why reinvent the wheel?

Consider two certificates as follows: {m = a or m = b}

and {m = a or m = c}, with b ≠ c.

Ideally, should be able to derive m = a from these two.

One cannot do derivations on ZKP terms. Cannot

infer m = a from these certificates in this system.

Page 11: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Overall Idea

Extend the Dolev-Yao model with a class of abstract

objects called ‘assertions’ which capture certification.

Protocol descriptions are readable. Assertions are distinct

from terms, and clearly specify the statements of the

certificates they model.

Inference on assertions is possible, independent of

underlying implementation.

Page 12: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Assertions

The says connective allows agents to “sign” an assertion as coming

from them.

P is any application-specific predicate.

Existential quantification lets agents hide witnesses.

Earlier example now looks as follows:

Assertions have the following syntax.

∶= = � ( ) � ∧ � ∨ � ∃ . �<latexit sha1_base64="mzxs69VYpBl8GvGw66VVljVj7dQ=">AAAEPHiclVPLbtNAFJ00PEp4tbBgwWagqtRKENmhKi1SpZYigVAjBZU+pMSKbibXyajzsGbGbSKr/ABfwM/wH+zZIRZsWDN2kkJaEOosrOtzz7lzr+9xJxHcuiD4UpopX7l67frsjcrNW7fv3J2bv7dvdWoY7jEttDnsgEXBFe457gQeJgZBdgQedI628/zBMRrLtXrvhglGEnqKx5yB81B77mMLRNIH+mKDunZI82eNtiTv0saSWx5FI4rPtgSos9fahaQ253M48BNYOqh+GF9TwFu05XDgm82ohaGlpxPZ3EJQDVZqq+sBDarP1tdWg5CG1aA4Z8ECGZ9Ge37mU6urWSpROSbA2mYYJC7KwDjOBJ5WWqnFBNgR9LDpQwUSbZQVX+2ULnqkS2PfdayVowX6pyIDae1QdjxTguvb87kc/Fuumbp4Lcq4SlKHio0uilNBnab5CmiXG2RODH0AzHDfK2V9MMCcX1RlqlRd7foOtIiy4poE2dRQBWpsbKfRgXADZ8CDXYwhFS4fMEZwqUGb1SFJuOpt+B08zffgaRadBK5yWjPKtrq6g/QtKqsVbRg9IfgGcsbSjveOevKK97izy81dBgI36uBYf0efoGHejf+v8dogHv1LXOeKT2SLE52R2XYfEjAGxO+KIIQFVdS0l2rFC6VW+pJCpY0E/1viMRjvHGlHY3F10ucOrV8Aeg8GQVTxZr5g3YvBfq0aBtXw3crC5suxrWfJQ/KYLJGQPCeb5A1pkD3CyI/SgxItPSp/Ln8tfyt/H1FnSmPNfTJ1yj9/AQIybFw=</latexit><latexit sha1_base64="mzxs69VYpBl8GvGw66VVljVj7dQ=">AAAEPHiclVPLbtNAFJ00PEp4tbBgwWagqtRKENmhKi1SpZYigVAjBZU+pMSKbibXyajzsGbGbSKr/ABfwM/wH+zZIRZsWDN2kkJaEOosrOtzz7lzr+9xJxHcuiD4UpopX7l67frsjcrNW7fv3J2bv7dvdWoY7jEttDnsgEXBFe457gQeJgZBdgQedI628/zBMRrLtXrvhglGEnqKx5yB81B77mMLRNIH+mKDunZI82eNtiTv0saSWx5FI4rPtgSos9fahaQ253M48BNYOqh+GF9TwFu05XDgm82ohaGlpxPZ3EJQDVZqq+sBDarP1tdWg5CG1aA4Z8ECGZ9Ge37mU6urWSpROSbA2mYYJC7KwDjOBJ5WWqnFBNgR9LDpQwUSbZQVX+2ULnqkS2PfdayVowX6pyIDae1QdjxTguvb87kc/Fuumbp4Lcq4SlKHio0uilNBnab5CmiXG2RODH0AzHDfK2V9MMCcX1RlqlRd7foOtIiy4poE2dRQBWpsbKfRgXADZ8CDXYwhFS4fMEZwqUGb1SFJuOpt+B08zffgaRadBK5yWjPKtrq6g/QtKqsVbRg9IfgGcsbSjveOevKK97izy81dBgI36uBYf0efoGHejf+v8dogHv1LXOeKT2SLE52R2XYfEjAGxO+KIIQFVdS0l2rFC6VW+pJCpY0E/1viMRjvHGlHY3F10ucOrV8Aeg8GQVTxZr5g3YvBfq0aBtXw3crC5suxrWfJQ/KYLJGQPCeb5A1pkD3CyI/SgxItPSp/Ln8tfyt/H1FnSmPNfTJ1yj9/AQIybFw=</latexit><latexit sha1_base64="mzxs69VYpBl8GvGw66VVljVj7dQ=">AAAEPHiclVPLbtNAFJ00PEp4tbBgwWagqtRKENmhKi1SpZYigVAjBZU+pMSKbibXyajzsGbGbSKr/ABfwM/wH+zZIRZsWDN2kkJaEOosrOtzz7lzr+9xJxHcuiD4UpopX7l67frsjcrNW7fv3J2bv7dvdWoY7jEttDnsgEXBFe457gQeJgZBdgQedI628/zBMRrLtXrvhglGEnqKx5yB81B77mMLRNIH+mKDunZI82eNtiTv0saSWx5FI4rPtgSos9fahaQ253M48BNYOqh+GF9TwFu05XDgm82ohaGlpxPZ3EJQDVZqq+sBDarP1tdWg5CG1aA4Z8ECGZ9Ge37mU6urWSpROSbA2mYYJC7KwDjOBJ5WWqnFBNgR9LDpQwUSbZQVX+2ULnqkS2PfdayVowX6pyIDae1QdjxTguvb87kc/Fuumbp4Lcq4SlKHio0uilNBnab5CmiXG2RODH0AzHDfK2V9MMCcX1RlqlRd7foOtIiy4poE2dRQBWpsbKfRgXADZ8CDXYwhFS4fMEZwqUGb1SFJuOpt+B08zffgaRadBK5yWjPKtrq6g/QtKqsVbRg9IfgGcsbSjveOevKK97izy81dBgI36uBYf0efoGHejf+v8dogHv1LXOeKT2SLE52R2XYfEjAGxO+KIIQFVdS0l2rFC6VW+pJCpY0E/1viMRjvHGlHY3F10ucOrV8Aeg8GQVTxZr5g3YvBfq0aBtXw3crC5suxrWfJQ/KYLJGQPCeb5A1pkD3CyI/SgxItPSp/Ln8tfyt/H1FnSmPNfTJ1yj9/AQIybFw=</latexit><latexit sha1_base64="mzxs69VYpBl8GvGw66VVljVj7dQ=">AAAEPHiclVPLbtNAFJ00PEp4tbBgwWagqtRKENmhKi1SpZYigVAjBZU+pMSKbibXyajzsGbGbSKr/ABfwM/wH+zZIRZsWDN2kkJaEOosrOtzz7lzr+9xJxHcuiD4UpopX7l67frsjcrNW7fv3J2bv7dvdWoY7jEttDnsgEXBFe457gQeJgZBdgQedI628/zBMRrLtXrvhglGEnqKx5yB81B77mMLRNIH+mKDunZI82eNtiTv0saSWx5FI4rPtgSos9fahaQ253M48BNYOqh+GF9TwFu05XDgm82ohaGlpxPZ3EJQDVZqq+sBDarP1tdWg5CG1aA4Z8ECGZ9Ge37mU6urWSpROSbA2mYYJC7KwDjOBJ5WWqnFBNgR9LDpQwUSbZQVX+2ULnqkS2PfdayVowX6pyIDae1QdjxTguvb87kc/Fuumbp4Lcq4SlKHio0uilNBnab5CmiXG2RODH0AzHDfK2V9MMCcX1RlqlRd7foOtIiy4poE2dRQBWpsbKfRgXADZ8CDXYwhFS4fMEZwqUGb1SFJuOpt+B08zffgaRadBK5yWjPKtrq6g/QtKqsVbRg9IfgGcsbSjveOevKK97izy81dBgI36uBYf0efoGHejf+v8dogHv1LXOeKT2SLE52R2XYfEjAGxO+KIIQFVdS0l2rFC6VW+pJCpY0E/1viMRjvHGlHY3F10ucOrV8Aeg8GQVTxZr5g3YvBfq0aBtXw3crC5suxrWfJQ/KYLJGQPCeb5A1pkD3CyI/SgxItPSp/Ln8tfyt/H1FnSmPNfTJ1yj9/AQIybFw=</latexit>

→ ∶ { } ,∃ .[{ } = { } ∧ ( = ∨ = )]<latexit sha1_base64="SqCVkoNJv1DKd0cC4KT05Wi/hsg=">AAAEIniclVPbahRBEO1kvcR4S/TRl8YQSCAus1FiIgRyERTJQiTmAjPDUttbs9tsT/fQ3ZPMMuRv/AOf/QHfxCfBN1/1H6zZbNQ1iqRgoOZUnbrNmXampPNB8Hlisnbl6rXrUzemb966fefuzOy9A2dyK3BfGGXsURscKqlx30uv8CizCGlb4WG7v13FD4/ROmn0Gz/IME6hq2UiBXiCWjOHUcg3eWRlt+fBWnPCt57xqEyj01Z/iUdY0AiOF4N6OAL5OoUL8gY8UqA7fKEgCOjFWF657cWYR3FrZi6oB0+WV9YCHtQfr62uBA3eqAdD++nMsZHttmYn30UdI/IUtRcKnAsbQebjEqyXQuHpdJQ7zED0oYth51hmTkOKLi6L4RFO+TzFOzyhKRKjPR+iv5NKSJ0bpG3KTMH33J+xCvxbLMx9shqXUme5Ry3OGiW54t7w6qK8Iy0KrwbkgLCSxuWiBxaEp7uPdcmsMYm3SNuMdWjqPRrMqLgcds9QjK07RK1L3DhaKF94CwR2MIFc+WrvBMHnFl3ZhCyTurvusXhEj6c0hz4Fqau0MC43O6aN/BVqZzTfteY8gQaoMhZ2SCF66bnsSu8Wwz0BCteb4EVvx5ygFaS5/9d4Qbv2/0VuSi3PafPnPJuW2z3ISIqgflUEpRzoYU13qVGImBptLknUxqZAPx8egyVBpe5sLalPetKjow+ApM4giKdJ5hdEfdE5WK43gnrj9fLcxtZI8FPsAXvIFliDPWUb7CXbZftMsPfsK/vGvtfe1j7UPtY+naVOTow499mY1b78AAp+Zlw=</latexit><latexit sha1_base64="SqCVkoNJv1DKd0cC4KT05Wi/hsg=">AAAEIniclVPbahRBEO1kvcR4S/TRl8YQSCAus1FiIgRyERTJQiTmAjPDUttbs9tsT/fQ3ZPMMuRv/AOf/QHfxCfBN1/1H6zZbNQ1iqRgoOZUnbrNmXampPNB8Hlisnbl6rXrUzemb966fefuzOy9A2dyK3BfGGXsURscKqlx30uv8CizCGlb4WG7v13FD4/ROmn0Gz/IME6hq2UiBXiCWjOHUcg3eWRlt+fBWnPCt57xqEyj01Z/iUdY0AiOF4N6OAL5OoUL8gY8UqA7fKEgCOjFWF657cWYR3FrZi6oB0+WV9YCHtQfr62uBA3eqAdD++nMsZHttmYn30UdI/IUtRcKnAsbQebjEqyXQuHpdJQ7zED0oYth51hmTkOKLi6L4RFO+TzFOzyhKRKjPR+iv5NKSJ0bpG3KTMH33J+xCvxbLMx9shqXUme5Ry3OGiW54t7w6qK8Iy0KrwbkgLCSxuWiBxaEp7uPdcmsMYm3SNuMdWjqPRrMqLgcds9QjK07RK1L3DhaKF94CwR2MIFc+WrvBMHnFl3ZhCyTurvusXhEj6c0hz4Fqau0MC43O6aN/BVqZzTfteY8gQaoMhZ2SCF66bnsSu8Wwz0BCteb4EVvx5ygFaS5/9d4Qbv2/0VuSi3PafPnPJuW2z3ISIqgflUEpRzoYU13qVGImBptLknUxqZAPx8egyVBpe5sLalPetKjow+ApM4giKdJ5hdEfdE5WK43gnrj9fLcxtZI8FPsAXvIFliDPWUb7CXbZftMsPfsK/vGvtfe1j7UPtY+naVOTow499mY1b78AAp+Zlw=</latexit><latexit sha1_base64="SqCVkoNJv1DKd0cC4KT05Wi/hsg=">AAAEIniclVPbahRBEO1kvcR4S/TRl8YQSCAus1FiIgRyERTJQiTmAjPDUttbs9tsT/fQ3ZPMMuRv/AOf/QHfxCfBN1/1H6zZbNQ1iqRgoOZUnbrNmXampPNB8Hlisnbl6rXrUzemb966fefuzOy9A2dyK3BfGGXsURscKqlx30uv8CizCGlb4WG7v13FD4/ROmn0Gz/IME6hq2UiBXiCWjOHUcg3eWRlt+fBWnPCt57xqEyj01Z/iUdY0AiOF4N6OAL5OoUL8gY8UqA7fKEgCOjFWF657cWYR3FrZi6oB0+WV9YCHtQfr62uBA3eqAdD++nMsZHttmYn30UdI/IUtRcKnAsbQebjEqyXQuHpdJQ7zED0oYth51hmTkOKLi6L4RFO+TzFOzyhKRKjPR+iv5NKSJ0bpG3KTMH33J+xCvxbLMx9shqXUme5Ry3OGiW54t7w6qK8Iy0KrwbkgLCSxuWiBxaEp7uPdcmsMYm3SNuMdWjqPRrMqLgcds9QjK07RK1L3DhaKF94CwR2MIFc+WrvBMHnFl3ZhCyTurvusXhEj6c0hz4Fqau0MC43O6aN/BVqZzTfteY8gQaoMhZ2SCF66bnsSu8Wwz0BCteb4EVvx5ygFaS5/9d4Qbv2/0VuSi3PafPnPJuW2z3ISIqgflUEpRzoYU13qVGImBptLknUxqZAPx8egyVBpe5sLalPetKjow+ApM4giKdJ5hdEfdE5WK43gnrj9fLcxtZI8FPsAXvIFliDPWUb7CXbZftMsPfsK/vGvtfe1j7UPtY+naVOTow499mY1b78AAp+Zlw=</latexit><latexit sha1_base64="SqCVkoNJv1DKd0cC4KT05Wi/hsg=">AAAEIniclVPbahRBEO1kvcR4S/TRl8YQSCAus1FiIgRyERTJQiTmAjPDUttbs9tsT/fQ3ZPMMuRv/AOf/QHfxCfBN1/1H6zZbNQ1iqRgoOZUnbrNmXampPNB8Hlisnbl6rXrUzemb966fefuzOy9A2dyK3BfGGXsURscKqlx30uv8CizCGlb4WG7v13FD4/ROmn0Gz/IME6hq2UiBXiCWjOHUcg3eWRlt+fBWnPCt57xqEyj01Z/iUdY0AiOF4N6OAL5OoUL8gY8UqA7fKEgCOjFWF657cWYR3FrZi6oB0+WV9YCHtQfr62uBA3eqAdD++nMsZHttmYn30UdI/IUtRcKnAsbQebjEqyXQuHpdJQ7zED0oYth51hmTkOKLi6L4RFO+TzFOzyhKRKjPR+iv5NKSJ0bpG3KTMH33J+xCvxbLMx9shqXUme5Ry3OGiW54t7w6qK8Iy0KrwbkgLCSxuWiBxaEp7uPdcmsMYm3SNuMdWjqPRrMqLgcds9QjK07RK1L3DhaKF94CwR2MIFc+WrvBMHnFl3ZhCyTurvusXhEj6c0hz4Fqau0MC43O6aN/BVqZzTfteY8gQaoMhZ2SCF66bnsSu8Wwz0BCteb4EVvx5ygFaS5/9d4Qbv2/0VuSi3PafPnPJuW2z3ISIqgflUEpRzoYU13qVGImBptLknUxqZAPx8egyVBpe5sLalPetKjow+ApM4giKdJ5hdEfdE5WK43gnrj9fLcxtZI8FPsAXvIFliDPWUb7CXbZftMsPfsK/vGvtfe1j7UPtY+naVOTow499mY1b78AAp+Zlw=</latexit>

Page 13: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Existential Quantification

When exactly can one existentially quantify out a term

from an assertion?

m from m = t? m from {m}k = t?

Quantification becomes complicated in the presence of

encryption!

Page 14: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Abstractability

A position p is ‘abstractable’ inside a term t if we can

replace the subterm at p with something else and build

the rest of t back up.

We can also consider a notion of abstractability w.r.t. a set

of terms S, if we can use (some of the) terms in S to build

the relevant parts of t.

abs(S, t): Set of abstractable positions of t w.r.t S.

Page 15: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

AbstractabilityX = {m, r, p, pair(senc(pair(m, x), k), n)}

t = pair(aenc(m, r, p), pair(senc(pair(m, x), k), n))

abs(X, t) = {ε, 0, 00, 01, 02, 1, 10, 11}

<latexit sha1_base64="CyKMVZkSiEt2QxwuFNFIpEX83tg=">AAAK+nicrVbbbttGEGWSNg7ZW9w89mVRy4ADqAYpX+qgEJAiRVsUMeAidRKAEowlOZIWXu4SuytLKsuf6VvR135H3/s3nSWpO103RQlIWu2cOXNmdoZklHGmje//de/+g/fef7jzyPU++PCjjz95vPvpay3HKobLWHKp3kZUA2cCLg0zHN5mCmgacXgTXb+w9jc3oDST4iczy6Cf0qFgAxZTg1tXuw//7EUwZCI37PrnjMVmrKAIOdwAJwmGpyIG0iWBn6Z9j5CehWkz45AjRM2IkAkU3TBRdNIVUkDbCiETlphR1z882vKqmAN00SxC7HARpXtax9jfgnea4Ecnt5AfNaGDOdoKPoCnJO8ZmJo8o0wVBRoIiUeMJ6Rc5tUPXiXcX8ApiLiGzz22Ytly1dHIOplbsVm6Vtpa0NRhwgi4nKC3fxikKZED4vttUlb2W6lAm+8UgOjnvr/w/M9KFpkFVotqFZuWBjFBo5jgfxTTsWKyfyWm0yimsxSzdoIhjeQNrBE0+JO8ruxKP2y0QyU02GifpfnW1Ds29SVuhdGtuiJYNpmumsx164503dx+rQrw/S0Jc0Ale/4vX6zmYZbt51aht6trQXV9FCRtsjLTiOjn1l4siIs7Q68JLztu2iq2rY1CgjuEBE1CSjYOA1OS+ScLtjvILENB3HnpbeU3C1/Kv25txFJsONoMdofyUnhhSbz6HLaaNGic/6DuUrf+ubXnjstxq5qnUl+KF6X4jYL785CNUx4EpVCsTBWYLP/805A1cZE8WB2yZkdoEtHq3VAFmWZcYgqu9xVWrgciWXt0XT3ew2SOO6fPfKQ7enZ26gckOPTLa7HYc+rr4mr3wZNeIuNxCsLEnGodBn5m+jlVhsUcCq831pDR+JoOIUxuWKYFTUH382n58C3IPtoTMpAKP8KQcnfVKaep1rM0QmRKzUhv2uxmky0cm8FZP2ciGxt7QygDDcacGEnskxxPWkFs+AwXNFYM5eIAUkVjg8/7tSi2QFUidsVZpKiaYYZKTnRbj2gG+jAdc8MyzLpNUIpi0zbJpGb2LQHbatu7dhuCTAHhcTumPC68tQzOxStMXPJ+XmaXQbxWznJX6YFe351yMzWK4mYCA4qybF0HQO356vycZhkK6uK97wt7/0MYCkspExYW9vOvExkB+QGEloJcKDkHoACLOHiJbz6i/Q0bMqOfhq9QNnTPqYlHL+UEVIzvUndz2I68vs35nAk2d9uf+6k0f4EVw5pTvmSknGsqSk79TlLQMZVCvqOjkCql+FIJOEjYsKmu0mJiMmIGNB4AhPbe3vdwjLaGZnvxunMY4Mz+eLz3/KweqEfOZ87nzoETOF86z53vnQvn0ol3TnbCnWQHvF+8X73fvN8r6P17tc8TZ+3y/vgbppJZ0w==</latexit><latexit sha1_base64="CyKMVZkSiEt2QxwuFNFIpEX83tg=">AAAK+nicrVbbbttGEGWSNg7ZW9w89mVRy4ADqAYpX+qgEJAiRVsUMeAidRKAEowlOZIWXu4SuytLKsuf6VvR135H3/s3nSWpO103RQlIWu2cOXNmdoZklHGmje//de/+g/fef7jzyPU++PCjjz95vPvpay3HKobLWHKp3kZUA2cCLg0zHN5mCmgacXgTXb+w9jc3oDST4iczy6Cf0qFgAxZTg1tXuw//7EUwZCI37PrnjMVmrKAIOdwAJwmGpyIG0iWBn6Z9j5CehWkz45AjRM2IkAkU3TBRdNIVUkDbCiETlphR1z882vKqmAN00SxC7HARpXtax9jfgnea4Ecnt5AfNaGDOdoKPoCnJO8ZmJo8o0wVBRoIiUeMJ6Rc5tUPXiXcX8ApiLiGzz22Ytly1dHIOplbsVm6Vtpa0NRhwgi4nKC3fxikKZED4vttUlb2W6lAm+8UgOjnvr/w/M9KFpkFVotqFZuWBjFBo5jgfxTTsWKyfyWm0yimsxSzdoIhjeQNrBE0+JO8ruxKP2y0QyU02GifpfnW1Ds29SVuhdGtuiJYNpmumsx164503dx+rQrw/S0Jc0Ale/4vX6zmYZbt51aht6trQXV9FCRtsjLTiOjn1l4siIs7Q68JLztu2iq2rY1CgjuEBE1CSjYOA1OS+ScLtjvILENB3HnpbeU3C1/Kv25txFJsONoMdofyUnhhSbz6HLaaNGic/6DuUrf+ubXnjstxq5qnUl+KF6X4jYL785CNUx4EpVCsTBWYLP/805A1cZE8WB2yZkdoEtHq3VAFmWZcYgqu9xVWrgciWXt0XT3ew2SOO6fPfKQ7enZ26gckOPTLa7HYc+rr4mr3wZNeIuNxCsLEnGodBn5m+jlVhsUcCq831pDR+JoOIUxuWKYFTUH382n58C3IPtoTMpAKP8KQcnfVKaep1rM0QmRKzUhv2uxmky0cm8FZP2ciGxt7QygDDcacGEnskxxPWkFs+AwXNFYM5eIAUkVjg8/7tSi2QFUidsVZpKiaYYZKTnRbj2gG+jAdc8MyzLpNUIpi0zbJpGb2LQHbatu7dhuCTAHhcTumPC68tQzOxStMXPJ+XmaXQbxWznJX6YFe351yMzWK4mYCA4qybF0HQO356vycZhkK6uK97wt7/0MYCkspExYW9vOvExkB+QGEloJcKDkHoACLOHiJbz6i/Q0bMqOfhq9QNnTPqYlHL+UEVIzvUndz2I68vs35nAk2d9uf+6k0f4EVw5pTvmSknGsqSk79TlLQMZVCvqOjkCql+FIJOEjYsKmu0mJiMmIGNB4AhPbe3vdwjLaGZnvxunMY4Mz+eLz3/KweqEfOZ87nzoETOF86z53vnQvn0ol3TnbCnWQHvF+8X73fvN8r6P17tc8TZ+3y/vgbppJZ0w==</latexit><latexit sha1_base64="CyKMVZkSiEt2QxwuFNFIpEX83tg=">AAAK+nicrVbbbttGEGWSNg7ZW9w89mVRy4ADqAYpX+qgEJAiRVsUMeAidRKAEowlOZIWXu4SuytLKsuf6VvR135H3/s3nSWpO103RQlIWu2cOXNmdoZklHGmje//de/+g/fef7jzyPU++PCjjz95vPvpay3HKobLWHKp3kZUA2cCLg0zHN5mCmgacXgTXb+w9jc3oDST4iczy6Cf0qFgAxZTg1tXuw//7EUwZCI37PrnjMVmrKAIOdwAJwmGpyIG0iWBn6Z9j5CehWkz45AjRM2IkAkU3TBRdNIVUkDbCiETlphR1z882vKqmAN00SxC7HARpXtax9jfgnea4Ecnt5AfNaGDOdoKPoCnJO8ZmJo8o0wVBRoIiUeMJ6Rc5tUPXiXcX8ApiLiGzz22Ytly1dHIOplbsVm6Vtpa0NRhwgi4nKC3fxikKZED4vttUlb2W6lAm+8UgOjnvr/w/M9KFpkFVotqFZuWBjFBo5jgfxTTsWKyfyWm0yimsxSzdoIhjeQNrBE0+JO8ruxKP2y0QyU02GifpfnW1Ds29SVuhdGtuiJYNpmumsx164503dx+rQrw/S0Jc0Ale/4vX6zmYZbt51aht6trQXV9FCRtsjLTiOjn1l4siIs7Q68JLztu2iq2rY1CgjuEBE1CSjYOA1OS+ScLtjvILENB3HnpbeU3C1/Kv25txFJsONoMdofyUnhhSbz6HLaaNGic/6DuUrf+ubXnjstxq5qnUl+KF6X4jYL785CNUx4EpVCsTBWYLP/805A1cZE8WB2yZkdoEtHq3VAFmWZcYgqu9xVWrgciWXt0XT3ew2SOO6fPfKQ7enZ26gckOPTLa7HYc+rr4mr3wZNeIuNxCsLEnGodBn5m+jlVhsUcCq831pDR+JoOIUxuWKYFTUH382n58C3IPtoTMpAKP8KQcnfVKaep1rM0QmRKzUhv2uxmky0cm8FZP2ciGxt7QygDDcacGEnskxxPWkFs+AwXNFYM5eIAUkVjg8/7tSi2QFUidsVZpKiaYYZKTnRbj2gG+jAdc8MyzLpNUIpi0zbJpGb2LQHbatu7dhuCTAHhcTumPC68tQzOxStMXPJ+XmaXQbxWznJX6YFe351yMzWK4mYCA4qybF0HQO356vycZhkK6uK97wt7/0MYCkspExYW9vOvExkB+QGEloJcKDkHoACLOHiJbz6i/Q0bMqOfhq9QNnTPqYlHL+UEVIzvUndz2I68vs35nAk2d9uf+6k0f4EVw5pTvmSknGsqSk79TlLQMZVCvqOjkCql+FIJOEjYsKmu0mJiMmIGNB4AhPbe3vdwjLaGZnvxunMY4Mz+eLz3/KweqEfOZ87nzoETOF86z53vnQvn0ol3TnbCnWQHvF+8X73fvN8r6P17tc8TZ+3y/vgbppJZ0w==</latexit><latexit sha1_base64="CyKMVZkSiEt2QxwuFNFIpEX83tg=">AAAK+nicrVbbbttGEGWSNg7ZW9w89mVRy4ADqAYpX+qgEJAiRVsUMeAidRKAEowlOZIWXu4SuytLKsuf6VvR135H3/s3nSWpO103RQlIWu2cOXNmdoZklHGmje//de/+g/fef7jzyPU++PCjjz95vPvpay3HKobLWHKp3kZUA2cCLg0zHN5mCmgacXgTXb+w9jc3oDST4iczy6Cf0qFgAxZTg1tXuw//7EUwZCI37PrnjMVmrKAIOdwAJwmGpyIG0iWBn6Z9j5CehWkz45AjRM2IkAkU3TBRdNIVUkDbCiETlphR1z882vKqmAN00SxC7HARpXtax9jfgnea4Ecnt5AfNaGDOdoKPoCnJO8ZmJo8o0wVBRoIiUeMJ6Rc5tUPXiXcX8ApiLiGzz22Ytly1dHIOplbsVm6Vtpa0NRhwgi4nKC3fxikKZED4vttUlb2W6lAm+8UgOjnvr/w/M9KFpkFVotqFZuWBjFBo5jgfxTTsWKyfyWm0yimsxSzdoIhjeQNrBE0+JO8ruxKP2y0QyU02GifpfnW1Ds29SVuhdGtuiJYNpmumsx164503dx+rQrw/S0Jc0Ale/4vX6zmYZbt51aht6trQXV9FCRtsjLTiOjn1l4siIs7Q68JLztu2iq2rY1CgjuEBE1CSjYOA1OS+ScLtjvILENB3HnpbeU3C1/Kv25txFJsONoMdofyUnhhSbz6HLaaNGic/6DuUrf+ubXnjstxq5qnUl+KF6X4jYL785CNUx4EpVCsTBWYLP/805A1cZE8WB2yZkdoEtHq3VAFmWZcYgqu9xVWrgciWXt0XT3ew2SOO6fPfKQ7enZ26gckOPTLa7HYc+rr4mr3wZNeIuNxCsLEnGodBn5m+jlVhsUcCq831pDR+JoOIUxuWKYFTUH382n58C3IPtoTMpAKP8KQcnfVKaep1rM0QmRKzUhv2uxmky0cm8FZP2ciGxt7QygDDcacGEnskxxPWkFs+AwXNFYM5eIAUkVjg8/7tSi2QFUidsVZpKiaYYZKTnRbj2gG+jAdc8MyzLpNUIpi0zbJpGb2LQHbatu7dhuCTAHhcTumPC68tQzOxStMXPJ+XmaXQbxWznJX6YFe351yMzWK4mYCA4qybF0HQO356vycZhkK6uK97wt7/0MYCkspExYW9vOvExkB+QGEloJcKDkHoACLOHiJbz6i/Q0bMqOfhq9QNnTPqYlHL+UEVIzvUndz2I68vs35nAk2d9uf+6k0f4EVw5pTvmSknGsqSk79TlLQMZVCvqOjkCql+FIJOEjYsKmu0mJiMmIGNB4AhPbe3vdwjLaGZnvxunMY4Mz+eLz3/KweqEfOZ87nzoETOF86z53vnQvn0ol3TnbCnWQHvF+8X73fvN8r6P17tc8TZ+3y/vgbppJZ0w==</latexit>

Page 16: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Abstractability: Assertions

Can provide a similar definition of abstractability for

assertions.

A term-position p is abstractable from an assertion α if

we can replace the term at p with something else and

build the rest of α back up.

abs(S, α): Set of abstractable positions of α w.r.t S.

Page 17: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Abstractability: For assertions

( , =′) = { ⋅ � ∈ ( , )} ∪ { ⋅ � ∈ ( , )}

( , ∧ ) = ( , ∨ ) = { ⋅ � ∈ ( , )} ∪ { ⋅ � ∈ ( , )}

( ,∃ . ) = { ⋅ � ∈ ( ∪ { }, ), ∉ ( � )}

( , ) = { } ∪ { ⋅ � ∈ ( , )}<latexit sha1_base64="zqydxWYmnzy0Kb+u4Bb6NbjCgS8=">AAAF6HiclVRdTxQxFB1WV3H9An30pRGIbIKbWTAIDyQYNBrDJhjkI9nZkDudu7uVTjtpO7BrHX6Db0bjk7/EV/0H/hs7+wGuQIAmM9Pce869p9PThgln2vj+n7HCtevFGzfHb5Vu37l77/7E5INtLVNFcYtKLtVuCBo5E7hlmOG4myiEOOS4E+6v5fmdA1SaSfHedBNsxNASrMkoGBfamywslIIQW0xYZjBmHzErBfmMTAcGO8ZCqLPZzTliyAoxT8ruHVg/oJE0JCFBzKL8wwQZQZtykJGApi5lq5cBT5/dNACetCHgICIn0kCv/ZkIqU4AF+vrs64isl/9fKHYcVulbSerDGpfSsiwfSfIhprmAhKQDgmENEMwM/YAlMPbPib7tGeTrEzOVQNHQ56Grs6ORiVdftHk+D+5RiiiY4vsTUz5Ff/Z/OKyT/zKwvLSol8l1YrfG8eTKW8wNpzNvgeRpGmMwlAOWterfmIaFpRhlOeeSzUmQPehhfXogCVaQIy6YTs9h2dkxuUj0pTKPcKQXvRfkoVY624cOmQMpq3/z+XBs3L11DSXGpaJJDUoaL9RM+XESJIfFxIxhdTwrpsAVczJJbQNCqhxh6o0UqomNp0CyRu21yZBOrKuXlTpph6NdrjpGAUuGGETUm7yBTYRTKpQ2xokCROtFbctT/OtcTCNJgYmcli9YV9EMkTyFoWWgmwoOQQ4ATlidt2dczH3krWY0eX6JgWOKzUwtL0uD1FRd3NcXOO1Qtw/j1xjgg1pM0Oeiu1aGxJQCvhJReBcg+jV1FeS4oixFPKKRCFVDO4KRXd6nHNi3V8WE4dtZ2TtNgCdDX2/UXJ+PuXe05Pt+UrVr1TfzU+tvho4e9x75D32Zr2q99xb9d54G96WRwvfCj8Lvwq/ix+Kn4tfil/70MLYgPPQGxnFH38B9vEEvw==</latexit><latexit sha1_base64="zqydxWYmnzy0Kb+u4Bb6NbjCgS8=">AAAF6HiclVRdTxQxFB1WV3H9An30pRGIbIKbWTAIDyQYNBrDJhjkI9nZkDudu7uVTjtpO7BrHX6Db0bjk7/EV/0H/hs7+wGuQIAmM9Pce869p9PThgln2vj+n7HCtevFGzfHb5Vu37l77/7E5INtLVNFcYtKLtVuCBo5E7hlmOG4myiEOOS4E+6v5fmdA1SaSfHedBNsxNASrMkoGBfamywslIIQW0xYZjBmHzErBfmMTAcGO8ZCqLPZzTliyAoxT8ruHVg/oJE0JCFBzKL8wwQZQZtykJGApi5lq5cBT5/dNACetCHgICIn0kCv/ZkIqU4AF+vrs64isl/9fKHYcVulbSerDGpfSsiwfSfIhprmAhKQDgmENEMwM/YAlMPbPib7tGeTrEzOVQNHQ56Grs6ORiVdftHk+D+5RiiiY4vsTUz5Ff/Z/OKyT/zKwvLSol8l1YrfG8eTKW8wNpzNvgeRpGmMwlAOWterfmIaFpRhlOeeSzUmQPehhfXogCVaQIy6YTs9h2dkxuUj0pTKPcKQXvRfkoVY624cOmQMpq3/z+XBs3L11DSXGpaJJDUoaL9RM+XESJIfFxIxhdTwrpsAVczJJbQNCqhxh6o0UqomNp0CyRu21yZBOrKuXlTpph6NdrjpGAUuGGETUm7yBTYRTKpQ2xokCROtFbctT/OtcTCNJgYmcli9YV9EMkTyFoWWgmwoOQQ4ATlidt2dczH3krWY0eX6JgWOKzUwtL0uD1FRd3NcXOO1Qtw/j1xjgg1pM0Oeiu1aGxJQCvhJReBcg+jV1FeS4oixFPKKRCFVDO4KRXd6nHNi3V8WE4dtZ2TtNgCdDX2/UXJ+PuXe05Pt+UrVr1TfzU+tvho4e9x75D32Zr2q99xb9d54G96WRwvfCj8Lvwq/ix+Kn4tfil/70MLYgPPQGxnFH38B9vEEvw==</latexit><latexit sha1_base64="zqydxWYmnzy0Kb+u4Bb6NbjCgS8=">AAAF6HiclVRdTxQxFB1WV3H9An30pRGIbIKbWTAIDyQYNBrDJhjkI9nZkDudu7uVTjtpO7BrHX6Db0bjk7/EV/0H/hs7+wGuQIAmM9Pce869p9PThgln2vj+n7HCtevFGzfHb5Vu37l77/7E5INtLVNFcYtKLtVuCBo5E7hlmOG4myiEOOS4E+6v5fmdA1SaSfHedBNsxNASrMkoGBfamywslIIQW0xYZjBmHzErBfmMTAcGO8ZCqLPZzTliyAoxT8ruHVg/oJE0JCFBzKL8wwQZQZtykJGApi5lq5cBT5/dNACetCHgICIn0kCv/ZkIqU4AF+vrs64isl/9fKHYcVulbSerDGpfSsiwfSfIhprmAhKQDgmENEMwM/YAlMPbPib7tGeTrEzOVQNHQ56Grs6ORiVdftHk+D+5RiiiY4vsTUz5Ff/Z/OKyT/zKwvLSol8l1YrfG8eTKW8wNpzNvgeRpGmMwlAOWterfmIaFpRhlOeeSzUmQPehhfXogCVaQIy6YTs9h2dkxuUj0pTKPcKQXvRfkoVY624cOmQMpq3/z+XBs3L11DSXGpaJJDUoaL9RM+XESJIfFxIxhdTwrpsAVczJJbQNCqhxh6o0UqomNp0CyRu21yZBOrKuXlTpph6NdrjpGAUuGGETUm7yBTYRTKpQ2xokCROtFbctT/OtcTCNJgYmcli9YV9EMkTyFoWWgmwoOQQ4ATlidt2dczH3krWY0eX6JgWOKzUwtL0uD1FRd3NcXOO1Qtw/j1xjgg1pM0Oeiu1aGxJQCvhJReBcg+jV1FeS4oixFPKKRCFVDO4KRXd6nHNi3V8WE4dtZ2TtNgCdDX2/UXJ+PuXe05Pt+UrVr1TfzU+tvho4e9x75D32Zr2q99xb9d54G96WRwvfCj8Lvwq/ix+Kn4tfil/70MLYgPPQGxnFH38B9vEEvw==</latexit><latexit sha1_base64="zqydxWYmnzy0Kb+u4Bb6NbjCgS8=">AAAF6HiclVRdTxQxFB1WV3H9An30pRGIbIKbWTAIDyQYNBrDJhjkI9nZkDudu7uVTjtpO7BrHX6Db0bjk7/EV/0H/hs7+wGuQIAmM9Pce869p9PThgln2vj+n7HCtevFGzfHb5Vu37l77/7E5INtLVNFcYtKLtVuCBo5E7hlmOG4myiEOOS4E+6v5fmdA1SaSfHedBNsxNASrMkoGBfamywslIIQW0xYZjBmHzErBfmMTAcGO8ZCqLPZzTliyAoxT8ruHVg/oJE0JCFBzKL8wwQZQZtykJGApi5lq5cBT5/dNACetCHgICIn0kCv/ZkIqU4AF+vrs64isl/9fKHYcVulbSerDGpfSsiwfSfIhprmAhKQDgmENEMwM/YAlMPbPib7tGeTrEzOVQNHQ56Grs6ORiVdftHk+D+5RiiiY4vsTUz5Ff/Z/OKyT/zKwvLSol8l1YrfG8eTKW8wNpzNvgeRpGmMwlAOWterfmIaFpRhlOeeSzUmQPehhfXogCVaQIy6YTs9h2dkxuUj0pTKPcKQXvRfkoVY624cOmQMpq3/z+XBs3L11DSXGpaJJDUoaL9RM+XESJIfFxIxhdTwrpsAVczJJbQNCqhxh6o0UqomNp0CyRu21yZBOrKuXlTpph6NdrjpGAUuGGETUm7yBTYRTKpQ2xokCROtFbctT/OtcTCNJgYmcli9YV9EMkTyFoWWgmwoOQQ4ATlidt2dczH3krWY0eX6JgWOKzUwtL0uD1FRd3NcXOO1Qtw/j1xjgg1pM0Oeiu1aGxJQCvhJReBcg+jV1FeS4oixFPKKRCFVDO4KRXd6nHNi3V8WE4dtZ2TtNgCdDX2/UXJ+PuXe05Pt+UrVr1TfzU+tvho4e9x75D32Zr2q99xb9d54G96WRwvfCj8Lvwq/ix+Kn4tfil/70MLYgPPQGxnFH38B9vEEvw==</latexit>

Page 18: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Abstractability: AssertionsX = {senc(m, k), k}

α = ∃x.[senc(x, k) = senc(m, k)]

abs(X, α) = {001, 01, 010, 011}

<latexit sha1_base64="02JoJoPEeZZoHrlomJStyT+EEdQ=">AAAJL3icnVbdbts2FFabebO8nzbt5W6IxQVSwDMkZ8UKDAa6dtiGoQEydGkL2EJAUcc2Z4oUSDq2J+gderu9xZ5m2M2w273FDmUriWI7a0cgNn34fed855CHTJwJbmwQ/Hnr9t57jfc/aPqtDz/6+JM7d/fvvTRqphmcMiWUfh1TA4JLOLXcCnidaaBpLOBVPH3m1l+dgzZcyZ/sMoMopWPJR5xRi6az/cbeMIYxl7nl018yzuxMQzEQcA6CJBieSgakT8JemkYtQoYOZuxSQI4QvSRSJVD0B4mm875UEjoWFrYfC8qmHaeJzHliJ/2ge7ThYBUkRLbhMWLHFwH7jx7tQPe2oY92oY+2oXvBDvQX29BhhXaJHsJDkreHsMBVQxbtAhcIYRMuElJO89VXOUpCgAQyxAIOSdHyK3A5yyuo76+gDjt05csNSFYUl64caEWsmfL6z8qN89OuxNVXBzEINUc5QTdMU6JGBOEdUu6ehqRDrmwZAqIcl6/5+d+yQidr+taywrWsb5UGY7/TANLJCW+Q41/UHQ/wyNb93Zxl5cYnBakFIJsJ1nYZKav8wm2751+pj78ujF9VJCw3Km0XV81bShEGW0sRBhXxbWLVqn9DrO1lD8N6rMtR+tF8PKmXe4eb62xyYdjhZ+2mvE8ikq9TXn1up0CNgt16TjVkhgsl24Xf+oqQ1hBkUrvvzu4eBN2gHGRzEq4nB956nJzt790fJorNUpCWCWrMIAwyG+VUW84EFK3hzECGAugYBsk5z4ykKZgoX5Q3dkEe4HpCRkrjn7SktF4l5TQ1ZpnGiEypnZjra864bW0ws6PHUc5lNrPuGJaBRjNBrCLu+seLTQOzYokTyjRHuXjCqabM4iNRi+IKtErEzQSPNdVLzFCruemYCc3AdNOZsDzDrDsEpWi+6JBMGe6eFrxFN9lr2hhUCghnHUYFK1q1DI7lC0xciSgvs8uA1cpZWrUZmbp1IezCaorGBEYUZbm6joC6/TX5Mc0yFNTH/vzc9SjCUFhKuXSwQZR/nagYyA8gjZLkRKsKgAIc4vA5Ppey8w0fc2seDl6gbOgfU8smz9UcNMMH+L99uC6Y7iIfc8kr2oOKp9P8GVYMa07FpUcqhKGy9GneSQoSUyXVOxKl0inF/0QAGwkPbGpWaXE5n3ALBjcA8PQHQdTCNgqvN83m5GWvG2K3/tg7ePJ03VBN71PvM+/QC70vvSfe996Jd+qxxs+NN41fG781f2/+0fyr+fcKevvWmnPfq43mP/8CLxbPNA==</latexit><latexit sha1_base64="02JoJoPEeZZoHrlomJStyT+EEdQ=">AAAJL3icnVbdbts2FFabebO8nzbt5W6IxQVSwDMkZ8UKDAa6dtiGoQEydGkL2EJAUcc2Z4oUSDq2J+gderu9xZ5m2M2w273FDmUriWI7a0cgNn34fed855CHTJwJbmwQ/Hnr9t57jfc/aPqtDz/6+JM7d/fvvTRqphmcMiWUfh1TA4JLOLXcCnidaaBpLOBVPH3m1l+dgzZcyZ/sMoMopWPJR5xRi6az/cbeMIYxl7nl018yzuxMQzEQcA6CJBieSgakT8JemkYtQoYOZuxSQI4QvSRSJVD0B4mm875UEjoWFrYfC8qmHaeJzHliJ/2ge7ThYBUkRLbhMWLHFwH7jx7tQPe2oY92oY+2oXvBDvQX29BhhXaJHsJDkreHsMBVQxbtAhcIYRMuElJO89VXOUpCgAQyxAIOSdHyK3A5yyuo76+gDjt05csNSFYUl64caEWsmfL6z8qN89OuxNVXBzEINUc5QTdMU6JGBOEdUu6ehqRDrmwZAqIcl6/5+d+yQidr+taywrWsb5UGY7/TANLJCW+Q41/UHQ/wyNb93Zxl5cYnBakFIJsJ1nYZKav8wm2751+pj78ujF9VJCw3Km0XV81bShEGW0sRBhXxbWLVqn9DrO1lD8N6rMtR+tF8PKmXe4eb62xyYdjhZ+2mvE8ikq9TXn1up0CNgt16TjVkhgsl24Xf+oqQ1hBkUrvvzu4eBN2gHGRzEq4nB956nJzt790fJorNUpCWCWrMIAwyG+VUW84EFK3hzECGAugYBsk5z4ykKZgoX5Q3dkEe4HpCRkrjn7SktF4l5TQ1ZpnGiEypnZjra864bW0ws6PHUc5lNrPuGJaBRjNBrCLu+seLTQOzYokTyjRHuXjCqabM4iNRi+IKtErEzQSPNdVLzFCruemYCc3AdNOZsDzDrDsEpWi+6JBMGe6eFrxFN9lr2hhUCghnHUYFK1q1DI7lC0xciSgvs8uA1cpZWrUZmbp1IezCaorGBEYUZbm6joC6/TX5Mc0yFNTH/vzc9SjCUFhKuXSwQZR/nagYyA8gjZLkRKsKgAIc4vA5Ppey8w0fc2seDl6gbOgfU8smz9UcNMMH+L99uC6Y7iIfc8kr2oOKp9P8GVYMa07FpUcqhKGy9GneSQoSUyXVOxKl0inF/0QAGwkPbGpWaXE5n3ALBjcA8PQHQdTCNgqvN83m5GWvG2K3/tg7ePJ03VBN71PvM+/QC70vvSfe996Jd+qxxs+NN41fG781f2/+0fyr+fcKevvWmnPfq43mP/8CLxbPNA==</latexit><latexit sha1_base64="02JoJoPEeZZoHrlomJStyT+EEdQ=">AAAJL3icnVbdbts2FFabebO8nzbt5W6IxQVSwDMkZ8UKDAa6dtiGoQEydGkL2EJAUcc2Z4oUSDq2J+gderu9xZ5m2M2w273FDmUriWI7a0cgNn34fed855CHTJwJbmwQ/Hnr9t57jfc/aPqtDz/6+JM7d/fvvTRqphmcMiWUfh1TA4JLOLXcCnidaaBpLOBVPH3m1l+dgzZcyZ/sMoMopWPJR5xRi6az/cbeMIYxl7nl018yzuxMQzEQcA6CJBieSgakT8JemkYtQoYOZuxSQI4QvSRSJVD0B4mm875UEjoWFrYfC8qmHaeJzHliJ/2ge7ThYBUkRLbhMWLHFwH7jx7tQPe2oY92oY+2oXvBDvQX29BhhXaJHsJDkreHsMBVQxbtAhcIYRMuElJO89VXOUpCgAQyxAIOSdHyK3A5yyuo76+gDjt05csNSFYUl64caEWsmfL6z8qN89OuxNVXBzEINUc5QTdMU6JGBOEdUu6ehqRDrmwZAqIcl6/5+d+yQidr+taywrWsb5UGY7/TANLJCW+Q41/UHQ/wyNb93Zxl5cYnBakFIJsJ1nYZKav8wm2751+pj78ujF9VJCw3Km0XV81bShEGW0sRBhXxbWLVqn9DrO1lD8N6rMtR+tF8PKmXe4eb62xyYdjhZ+2mvE8ikq9TXn1up0CNgt16TjVkhgsl24Xf+oqQ1hBkUrvvzu4eBN2gHGRzEq4nB956nJzt790fJorNUpCWCWrMIAwyG+VUW84EFK3hzECGAugYBsk5z4ykKZgoX5Q3dkEe4HpCRkrjn7SktF4l5TQ1ZpnGiEypnZjra864bW0ws6PHUc5lNrPuGJaBRjNBrCLu+seLTQOzYokTyjRHuXjCqabM4iNRi+IKtErEzQSPNdVLzFCruemYCc3AdNOZsDzDrDsEpWi+6JBMGe6eFrxFN9lr2hhUCghnHUYFK1q1DI7lC0xciSgvs8uA1cpZWrUZmbp1IezCaorGBEYUZbm6joC6/TX5Mc0yFNTH/vzc9SjCUFhKuXSwQZR/nagYyA8gjZLkRKsKgAIc4vA5Ppey8w0fc2seDl6gbOgfU8smz9UcNMMH+L99uC6Y7iIfc8kr2oOKp9P8GVYMa07FpUcqhKGy9GneSQoSUyXVOxKl0inF/0QAGwkPbGpWaXE5n3ALBjcA8PQHQdTCNgqvN83m5GWvG2K3/tg7ePJ03VBN71PvM+/QC70vvSfe996Jd+qxxs+NN41fG781f2/+0fyr+fcKevvWmnPfq43mP/8CLxbPNA==</latexit><latexit sha1_base64="02JoJoPEeZZoHrlomJStyT+EEdQ=">AAAJL3icnVbdbts2FFabebO8nzbt5W6IxQVSwDMkZ8UKDAa6dtiGoQEydGkL2EJAUcc2Z4oUSDq2J+gderu9xZ5m2M2w273FDmUriWI7a0cgNn34fed855CHTJwJbmwQ/Hnr9t57jfc/aPqtDz/6+JM7d/fvvTRqphmcMiWUfh1TA4JLOLXcCnidaaBpLOBVPH3m1l+dgzZcyZ/sMoMopWPJR5xRi6az/cbeMIYxl7nl018yzuxMQzEQcA6CJBieSgakT8JemkYtQoYOZuxSQI4QvSRSJVD0B4mm875UEjoWFrYfC8qmHaeJzHliJ/2ge7ThYBUkRLbhMWLHFwH7jx7tQPe2oY92oY+2oXvBDvQX29BhhXaJHsJDkreHsMBVQxbtAhcIYRMuElJO89VXOUpCgAQyxAIOSdHyK3A5yyuo76+gDjt05csNSFYUl64caEWsmfL6z8qN89OuxNVXBzEINUc5QTdMU6JGBOEdUu6ehqRDrmwZAqIcl6/5+d+yQidr+taywrWsb5UGY7/TANLJCW+Q41/UHQ/wyNb93Zxl5cYnBakFIJsJ1nYZKav8wm2751+pj78ujF9VJCw3Km0XV81bShEGW0sRBhXxbWLVqn9DrO1lD8N6rMtR+tF8PKmXe4eb62xyYdjhZ+2mvE8ikq9TXn1up0CNgt16TjVkhgsl24Xf+oqQ1hBkUrvvzu4eBN2gHGRzEq4nB956nJzt790fJorNUpCWCWrMIAwyG+VUW84EFK3hzECGAugYBsk5z4ykKZgoX5Q3dkEe4HpCRkrjn7SktF4l5TQ1ZpnGiEypnZjra864bW0ws6PHUc5lNrPuGJaBRjNBrCLu+seLTQOzYokTyjRHuXjCqabM4iNRi+IKtErEzQSPNdVLzFCruemYCc3AdNOZsDzDrDsEpWi+6JBMGe6eFrxFN9lr2hhUCghnHUYFK1q1DI7lC0xciSgvs8uA1cpZWrUZmbp1IezCaorGBEYUZbm6joC6/TX5Mc0yFNTH/vzc9SjCUFhKuXSwQZR/nagYyA8gjZLkRKsKgAIc4vA5Ppey8w0fc2seDl6gbOgfU8smz9UcNMMH+L99uC6Y7iIfc8kr2oOKp9P8GVYMa07FpUcqhKGy9GneSQoSUyXVOxKl0inF/0QAGwkPbGpWaXE5n3ALBjcA8PQHQdTCNgqvN83m5GWvG2K3/tg7ePJ03VBN71PvM+/QC70vvSfe996Jd+qxxs+NN41fG781f2/+0fyr+fcKevvWmnPfq43mP/8CLxbPNA==</latexit>

Page 19: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Inference system for Assertions

Sequents now of the form S; A ⊢ α.

Simple equality rule: if t derivable from S, can state t = t.

Some rules for manipulating equality make use of

abstractability.

Page 20: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Inference system for AssertionsAbstractability used by projection, substitution,

existential introduction etc.

Can go from α(t) to α(u) if all occurrences of t

abstractable from α w.r.t. the set of terms S.

Restricted contradiction rule: two terms t and u such

that the structure of t and u can be determined (maybe

using abstractability!) to be different, but S; A ⊢ t = u.

Page 21: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

; ∪ { } �

; � =

; � ( , . . , ) = ( , . . , )[ , ]

; � =

; � =

� [ � � ]; �

; � [ ] ; � =

[ , � ]; � [ ]

<latexit sha1_base64="9C2DlkkDbrq6LpZRHDXhFP/fzTY=">AAAKlHicrVbrbuNEFPYW2CzmtgWJP/wZUaVqpRKcgpauoNKuCgKhLSoK7a4Um2hsj5PZjMfuXNpEw/SleAlegbfh2LG7SRonFOEo8syc23fO+WbGYc6oVJ7394Ott95+52Hr0bvue+9/8OFHj7c/vpCZFhE5jzKWiVchloRRTs4VVYy8ygXBacjIy3B8UshfXhEhacZ/U9OcBCkecprQCCtYGmw//MuXKWbM9UMypNwoHGqGhTV/RPCzrj8qPLt+qpmiEE6n3ByWUmus768W1M5SrEa2nuQiyxIlCIGV11oqAEEkcnvfoufIj3SOfONjlo+wb5F/FWM5QrM58rWkfIh8RSaQocET8EB4vOCxmM/CwaQBVol3ls9uMVwPslehGJg6cDy1Fql59DPwM7AKHcN/CSu5XIt1dyOIuQClT5mYxO6pgenaA+SzOFN59TpAsCrsPsCY09QrNXWp2ZjJwFALbnT5dquUbssA8F5bW8r8S41j1FcDWvikN6WKwaFUAkdAJUbQdUd0VMfe9IJ1hYB27N6vO0uV103JLHEozFSNGhp8UdmXy3otwvYCoPZdRO0GwoyreHdBgZcGzGUZ87HdG+/f1M4knkp7s3pLlDJwtwS//V+pVu1E21fBwJzZFRmUNUdNRb+115X9ElwNDHnDnrW0Ae6ihsqub9gipdrF+F/0cC6J8crSNzdtZWc0B+MNrWnv3hPZ/38SNCW1dBS0N58FvvH8CHwjOBK61Qj5KY2LFyOXSBTne8EAomBWO0qg+zbYUKeihbM+VrdSIatvrMHjHa/jfX345KmHvM5XT4+eeF3U7XjlczvYcarnbLC99acfZ5FOCVcRw1L2u16uAoMF3BysIJOWJMfRGA9JP76iueQ4JTIwk/LatagN8hglmYA/V6hcnTcyOJVymoagWSQgl2VlVitkfa2So8BQnmtFeDQLlGiGVIaKOxzFVJBIsSkMcCQowEXRCBd7B276hShzlVyIcMp7ACxjQVlamZNoId1yVchELq5OmJrAFoXFmCQYbtgi74RgpQWR5hTnOZDjGDr6RdFVUIMep5jyQq0fmOdxFhL0M+Ey4+hMZLUCACg09l7ANwk/+J4OqZL7/V6EGTk+xSoavciuiYjgK2ezjx8h13GT8SnltDZr13YiNScjnGMhMHvjET6JJOalT3kvKGCYZjy7pyHPBHyFUUmusABCpXKWFuXXI6qIhAYQYKfnBS7Q/A6p7w4uDjtdr9P99XDn2VFF+EfOZ87nzp7Tdb5xnjk/OWfOuRO1vmydt35vDdxP3e/cE/eHmerWg8rmE2fhcX/5B6hywtw=</latexit><latexit sha1_base64="9C2DlkkDbrq6LpZRHDXhFP/fzTY=">AAAKlHicrVbrbuNEFPYW2CzmtgWJP/wZUaVqpRKcgpauoNKuCgKhLSoK7a4Um2hsj5PZjMfuXNpEw/SleAlegbfh2LG7SRonFOEo8syc23fO+WbGYc6oVJ7394Ott95+52Hr0bvue+9/8OFHj7c/vpCZFhE5jzKWiVchloRRTs4VVYy8ygXBacjIy3B8UshfXhEhacZ/U9OcBCkecprQCCtYGmw//MuXKWbM9UMypNwoHGqGhTV/RPCzrj8qPLt+qpmiEE6n3ByWUmus768W1M5SrEa2nuQiyxIlCIGV11oqAEEkcnvfoufIj3SOfONjlo+wb5F/FWM5QrM58rWkfIh8RSaQocET8EB4vOCxmM/CwaQBVol3ls9uMVwPslehGJg6cDy1Fql59DPwM7AKHcN/CSu5XIt1dyOIuQClT5mYxO6pgenaA+SzOFN59TpAsCrsPsCY09QrNXWp2ZjJwFALbnT5dquUbssA8F5bW8r8S41j1FcDWvikN6WKwaFUAkdAJUbQdUd0VMfe9IJ1hYB27N6vO0uV103JLHEozFSNGhp8UdmXy3otwvYCoPZdRO0GwoyreHdBgZcGzGUZ87HdG+/f1M4knkp7s3pLlDJwtwS//V+pVu1E21fBwJzZFRmUNUdNRb+115X9ElwNDHnDnrW0Ae6ihsqub9gipdrF+F/0cC6J8crSNzdtZWc0B+MNrWnv3hPZ/38SNCW1dBS0N58FvvH8CHwjOBK61Qj5KY2LFyOXSBTne8EAomBWO0qg+zbYUKeihbM+VrdSIatvrMHjHa/jfX345KmHvM5XT4+eeF3U7XjlczvYcarnbLC99acfZ5FOCVcRw1L2u16uAoMF3BysIJOWJMfRGA9JP76iueQ4JTIwk/LatagN8hglmYA/V6hcnTcyOJVymoagWSQgl2VlVitkfa2So8BQnmtFeDQLlGiGVIaKOxzFVJBIsSkMcCQowEXRCBd7B276hShzlVyIcMp7ACxjQVlamZNoId1yVchELq5OmJrAFoXFmCQYbtgi74RgpQWR5hTnOZDjGDr6RdFVUIMep5jyQq0fmOdxFhL0M+Ey4+hMZLUCACg09l7ANwk/+J4OqZL7/V6EGTk+xSoavciuiYjgK2ezjx8h13GT8SnltDZr13YiNScjnGMhMHvjET6JJOalT3kvKGCYZjy7pyHPBHyFUUmusABCpXKWFuXXI6qIhAYQYKfnBS7Q/A6p7w4uDjtdr9P99XDn2VFF+EfOZ87nzp7Tdb5xnjk/OWfOuRO1vmydt35vDdxP3e/cE/eHmerWg8rmE2fhcX/5B6hywtw=</latexit><latexit sha1_base64="9C2DlkkDbrq6LpZRHDXhFP/fzTY=">AAAKlHicrVbrbuNEFPYW2CzmtgWJP/wZUaVqpRKcgpauoNKuCgKhLSoK7a4Um2hsj5PZjMfuXNpEw/SleAlegbfh2LG7SRonFOEo8syc23fO+WbGYc6oVJ7394Ott95+52Hr0bvue+9/8OFHj7c/vpCZFhE5jzKWiVchloRRTs4VVYy8ygXBacjIy3B8UshfXhEhacZ/U9OcBCkecprQCCtYGmw//MuXKWbM9UMypNwoHGqGhTV/RPCzrj8qPLt+qpmiEE6n3ByWUmus768W1M5SrEa2nuQiyxIlCIGV11oqAEEkcnvfoufIj3SOfONjlo+wb5F/FWM5QrM58rWkfIh8RSaQocET8EB4vOCxmM/CwaQBVol3ls9uMVwPslehGJg6cDy1Fql59DPwM7AKHcN/CSu5XIt1dyOIuQClT5mYxO6pgenaA+SzOFN59TpAsCrsPsCY09QrNXWp2ZjJwFALbnT5dquUbssA8F5bW8r8S41j1FcDWvikN6WKwaFUAkdAJUbQdUd0VMfe9IJ1hYB27N6vO0uV103JLHEozFSNGhp8UdmXy3otwvYCoPZdRO0GwoyreHdBgZcGzGUZ87HdG+/f1M4knkp7s3pLlDJwtwS//V+pVu1E21fBwJzZFRmUNUdNRb+115X9ElwNDHnDnrW0Ae6ihsqub9gipdrF+F/0cC6J8crSNzdtZWc0B+MNrWnv3hPZ/38SNCW1dBS0N58FvvH8CHwjOBK61Qj5KY2LFyOXSBTne8EAomBWO0qg+zbYUKeihbM+VrdSIatvrMHjHa/jfX345KmHvM5XT4+eeF3U7XjlczvYcarnbLC99acfZ5FOCVcRw1L2u16uAoMF3BysIJOWJMfRGA9JP76iueQ4JTIwk/LatagN8hglmYA/V6hcnTcyOJVymoagWSQgl2VlVitkfa2So8BQnmtFeDQLlGiGVIaKOxzFVJBIsSkMcCQowEXRCBd7B276hShzlVyIcMp7ACxjQVlamZNoId1yVchELq5OmJrAFoXFmCQYbtgi74RgpQWR5hTnOZDjGDr6RdFVUIMep5jyQq0fmOdxFhL0M+Ey4+hMZLUCACg09l7ANwk/+J4OqZL7/V6EGTk+xSoavciuiYjgK2ezjx8h13GT8SnltDZr13YiNScjnGMhMHvjET6JJOalT3kvKGCYZjy7pyHPBHyFUUmusABCpXKWFuXXI6qIhAYQYKfnBS7Q/A6p7w4uDjtdr9P99XDn2VFF+EfOZ87nzp7Tdb5xnjk/OWfOuRO1vmydt35vDdxP3e/cE/eHmerWg8rmE2fhcX/5B6hywtw=</latexit><latexit sha1_base64="9C2DlkkDbrq6LpZRHDXhFP/fzTY=">AAAKlHicrVbrbuNEFPYW2CzmtgWJP/wZUaVqpRKcgpauoNKuCgKhLSoK7a4Um2hsj5PZjMfuXNpEw/SleAlegbfh2LG7SRonFOEo8syc23fO+WbGYc6oVJ7394Ott95+52Hr0bvue+9/8OFHj7c/vpCZFhE5jzKWiVchloRRTs4VVYy8ygXBacjIy3B8UshfXhEhacZ/U9OcBCkecprQCCtYGmw//MuXKWbM9UMypNwoHGqGhTV/RPCzrj8qPLt+qpmiEE6n3ByWUmus768W1M5SrEa2nuQiyxIlCIGV11oqAEEkcnvfoufIj3SOfONjlo+wb5F/FWM5QrM58rWkfIh8RSaQocET8EB4vOCxmM/CwaQBVol3ls9uMVwPslehGJg6cDy1Fql59DPwM7AKHcN/CSu5XIt1dyOIuQClT5mYxO6pgenaA+SzOFN59TpAsCrsPsCY09QrNXWp2ZjJwFALbnT5dquUbssA8F5bW8r8S41j1FcDWvikN6WKwaFUAkdAJUbQdUd0VMfe9IJ1hYB27N6vO0uV103JLHEozFSNGhp8UdmXy3otwvYCoPZdRO0GwoyreHdBgZcGzGUZ87HdG+/f1M4knkp7s3pLlDJwtwS//V+pVu1E21fBwJzZFRmUNUdNRb+115X9ElwNDHnDnrW0Ae6ihsqub9gipdrF+F/0cC6J8crSNzdtZWc0B+MNrWnv3hPZ/38SNCW1dBS0N58FvvH8CHwjOBK61Qj5KY2LFyOXSBTne8EAomBWO0qg+zbYUKeihbM+VrdSIatvrMHjHa/jfX345KmHvM5XT4+eeF3U7XjlczvYcarnbLC99acfZ5FOCVcRw1L2u16uAoMF3BysIJOWJMfRGA9JP76iueQ4JTIwk/LatagN8hglmYA/V6hcnTcyOJVymoagWSQgl2VlVitkfa2So8BQnmtFeDQLlGiGVIaKOxzFVJBIsSkMcCQowEXRCBd7B276hShzlVyIcMp7ACxjQVlamZNoId1yVchELq5OmJrAFoXFmCQYbtgi74RgpQWR5hTnOZDjGDr6RdFVUIMep5jyQq0fmOdxFhL0M+Ey4+hMZLUCACg09l7ANwk/+J4OqZL7/V6EGTk+xSoavciuiYjgK2ezjx8h13GT8SnltDZr13YiNScjnGMhMHvjET6JJOalT3kvKGCYZjy7pyHPBHyFUUmusABCpXKWFuXXI6qIhAYQYKfnBS7Q/A6p7w4uDjtdr9P99XDn2VFF+EfOZ87nzp7Tdb5xnjk/OWfOuRO1vmydt35vDdxP3e/cE/eHmerWg8rmE2fhcX/5B6hywtw=</latexit>

Page 22: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Inference system for Assertions

A says is essentially a signature with A’s private key, can

be removed by an unsay rule.

Rules for logical operators ∧, ∨ and ∃ are as in standard

intuitionistic logic (caveat of abstractability for ∃i).

Page 23: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

� ; �

; � ( )

; �

; �

; � ; �

; � ∧

; � ∧

; �

; �

; � ∨

; � ∨ ; ∪ { } � ; ∪ { } �∨

; �

; � [ ]∃ [ ]

; � ∃ .

; � ∃ . [ ] ∪ { }; ∪ { [ ] } �∃ [ ]

; �

<latexit sha1_base64="9B4N1vQNE9FSphxpPLFkLR0mDww=">AAAKI3ictVZNj9tEGHYXCI356sKRy4hV260EkbOgshWq1KpIINSVFoXtVoqtdDx+HQ8Zz5iZ8W6iYfbf8Au48we4IS4cuHGF38DYcdJkk+yHoJOLM+/X8z7Pa8/EBaNKB8EfN7Zee/2N1ps32/5bb7/z7nu3tt9/pkQpCRwRwYR8HmMFjHI40lQzeF5IwHnM4DgePansxycgFRX8Oz0pIMrxkNOUEqzd1mC7dRyqHDPmhzEMKTcaxyXD0pofiftZP8yqzP6dMJx55FhndvankEKkWgJYv4fCkwSrbGBCDWMHxSQTa9EIhT+UOEG9L9DjxgOFmBUZ9sPvS6UdFlDL1ircFCO7O7p3Nsul8ETZs2kgCktF+RAt2fwQeLKIp/4/BXvnUuwL5Udra24EuxZRyV3shZAcnzWnV6d3pejABHYjuQPTtRdjnoYzzJOFkHkj1f5USEPt/0fuBaUvQ0vXggNrK9Mrp5pejU0h15Ip5Cvjsikag8ZLw0DKAoVm6hPaeUwCbL1jlWDFb2PPTZqV/uDi/q4tRXuxatON7etoYA6tj9zaBBDG7tupzNh2zr2hjWEuR8NFX09fe4NjpSUm7jvIAJ12ZEd37Fkv+k+qtddBsxW4eUvjuqWZMDNVJqFd0GjuPKmdz6vlt6+m1hID8JKBScMAVejFi1SCyu7etRG6up61YXaADG7tBJ3gs737DwIUdD59sH8/6KJuJ6jX/GHHa9bhYHvr5zARpMyBa8KwUv1uUOjIYKkpYVXdUkGByQgPoZ+c0EJxnIOKzLg+BS267ewJSt3bkAquUb27GGRwrtQkj51nhV6dt9UtrbH1S53uR4byotTAybRQWjKkBaqOVJRQCUSziXvARFIHF5EMV0PkDt6lKgssLlU44D0HTLCo5lUVQJbarXelStXy7pjpsZtVt5lAikumq75TwLp04pkDXBRO74dO008qXZ2bAp1jyiu3fmQeJyIG9A1wJTg6lGLm4ABUHrtP3RWBf/wlHVKt7vV7BDN4eIA1yZ6KU5DEXTouz/GV63W0KfiAcjoLuz2Lk7l5kuECS4nZy4zuhqIwr3Oqa0Fxgbng4pqBXEh3KaIKTrB0A5WraVuUn2ZUg3ICgJvOIIh8N+YrQ7368Gyv0w063W/3dh7tNwN/0/vQ+8jb9bre594j72vv0DvySOuX1l+tv1v/tH9q/9r+rf371HXrRhPzgbe02n/+C3L8n64=</latexit><latexit sha1_base64="9B4N1vQNE9FSphxpPLFkLR0mDww=">AAAKI3ictVZNj9tEGHYXCI356sKRy4hV260EkbOgshWq1KpIINSVFoXtVoqtdDx+HQ8Zz5iZ8W6iYfbf8Au48we4IS4cuHGF38DYcdJkk+yHoJOLM+/X8z7Pa8/EBaNKB8EfN7Zee/2N1ps32/5bb7/z7nu3tt9/pkQpCRwRwYR8HmMFjHI40lQzeF5IwHnM4DgePansxycgFRX8Oz0pIMrxkNOUEqzd1mC7dRyqHDPmhzEMKTcaxyXD0pofiftZP8yqzP6dMJx55FhndvankEKkWgJYv4fCkwSrbGBCDWMHxSQTa9EIhT+UOEG9L9DjxgOFmBUZ9sPvS6UdFlDL1ircFCO7O7p3Nsul8ETZs2kgCktF+RAt2fwQeLKIp/4/BXvnUuwL5Udra24EuxZRyV3shZAcnzWnV6d3pejABHYjuQPTtRdjnoYzzJOFkHkj1f5USEPt/0fuBaUvQ0vXggNrK9Mrp5pejU0h15Ip5Cvjsikag8ZLw0DKAoVm6hPaeUwCbL1jlWDFb2PPTZqV/uDi/q4tRXuxatON7etoYA6tj9zaBBDG7tupzNh2zr2hjWEuR8NFX09fe4NjpSUm7jvIAJ12ZEd37Fkv+k+qtddBsxW4eUvjuqWZMDNVJqFd0GjuPKmdz6vlt6+m1hID8JKBScMAVejFi1SCyu7etRG6up61YXaADG7tBJ3gs737DwIUdD59sH8/6KJuJ6jX/GHHa9bhYHvr5zARpMyBa8KwUv1uUOjIYKkpYVXdUkGByQgPoZ+c0EJxnIOKzLg+BS267ewJSt3bkAquUb27GGRwrtQkj51nhV6dt9UtrbH1S53uR4byotTAybRQWjKkBaqOVJRQCUSziXvARFIHF5EMV0PkDt6lKgssLlU44D0HTLCo5lUVQJbarXelStXy7pjpsZtVt5lAikumq75TwLp04pkDXBRO74dO008qXZ2bAp1jyiu3fmQeJyIG9A1wJTg6lGLm4ABUHrtP3RWBf/wlHVKt7vV7BDN4eIA1yZ6KU5DEXTouz/GV63W0KfiAcjoLuz2Lk7l5kuECS4nZy4zuhqIwr3Oqa0Fxgbng4pqBXEh3KaIKTrB0A5WraVuUn2ZUg3ICgJvOIIh8N+YrQ7368Gyv0w063W/3dh7tNwN/0/vQ+8jb9bre594j72vv0DvySOuX1l+tv1v/tH9q/9r+rf371HXrRhPzgbe02n/+C3L8n64=</latexit><latexit sha1_base64="9B4N1vQNE9FSphxpPLFkLR0mDww=">AAAKI3ictVZNj9tEGHYXCI356sKRy4hV260EkbOgshWq1KpIINSVFoXtVoqtdDx+HQ8Zz5iZ8W6iYfbf8Au48we4IS4cuHGF38DYcdJkk+yHoJOLM+/X8z7Pa8/EBaNKB8EfN7Zee/2N1ps32/5bb7/z7nu3tt9/pkQpCRwRwYR8HmMFjHI40lQzeF5IwHnM4DgePansxycgFRX8Oz0pIMrxkNOUEqzd1mC7dRyqHDPmhzEMKTcaxyXD0pofiftZP8yqzP6dMJx55FhndvankEKkWgJYv4fCkwSrbGBCDWMHxSQTa9EIhT+UOEG9L9DjxgOFmBUZ9sPvS6UdFlDL1ircFCO7O7p3Nsul8ETZs2kgCktF+RAt2fwQeLKIp/4/BXvnUuwL5Udra24EuxZRyV3shZAcnzWnV6d3pejABHYjuQPTtRdjnoYzzJOFkHkj1f5USEPt/0fuBaUvQ0vXggNrK9Mrp5pejU0h15Ip5Cvjsikag8ZLw0DKAoVm6hPaeUwCbL1jlWDFb2PPTZqV/uDi/q4tRXuxatON7etoYA6tj9zaBBDG7tupzNh2zr2hjWEuR8NFX09fe4NjpSUm7jvIAJ12ZEd37Fkv+k+qtddBsxW4eUvjuqWZMDNVJqFd0GjuPKmdz6vlt6+m1hID8JKBScMAVejFi1SCyu7etRG6up61YXaADG7tBJ3gs737DwIUdD59sH8/6KJuJ6jX/GHHa9bhYHvr5zARpMyBa8KwUv1uUOjIYKkpYVXdUkGByQgPoZ+c0EJxnIOKzLg+BS267ewJSt3bkAquUb27GGRwrtQkj51nhV6dt9UtrbH1S53uR4byotTAybRQWjKkBaqOVJRQCUSziXvARFIHF5EMV0PkDt6lKgssLlU44D0HTLCo5lUVQJbarXelStXy7pjpsZtVt5lAikumq75TwLp04pkDXBRO74dO008qXZ2bAp1jyiu3fmQeJyIG9A1wJTg6lGLm4ABUHrtP3RWBf/wlHVKt7vV7BDN4eIA1yZ6KU5DEXTouz/GV63W0KfiAcjoLuz2Lk7l5kuECS4nZy4zuhqIwr3Oqa0Fxgbng4pqBXEh3KaIKTrB0A5WraVuUn2ZUg3ICgJvOIIh8N+YrQ7368Gyv0w063W/3dh7tNwN/0/vQ+8jb9bre594j72vv0DvySOuX1l+tv1v/tH9q/9r+rf371HXrRhPzgbe02n/+C3L8n64=</latexit><latexit sha1_base64="9B4N1vQNE9FSphxpPLFkLR0mDww=">AAAKI3ictVZNj9tEGHYXCI356sKRy4hV260EkbOgshWq1KpIINSVFoXtVoqtdDx+HQ8Zz5iZ8W6iYfbf8Au48we4IS4cuHGF38DYcdJkk+yHoJOLM+/X8z7Pa8/EBaNKB8EfN7Zee/2N1ps32/5bb7/z7nu3tt9/pkQpCRwRwYR8HmMFjHI40lQzeF5IwHnM4DgePansxycgFRX8Oz0pIMrxkNOUEqzd1mC7dRyqHDPmhzEMKTcaxyXD0pofiftZP8yqzP6dMJx55FhndvankEKkWgJYv4fCkwSrbGBCDWMHxSQTa9EIhT+UOEG9L9DjxgOFmBUZ9sPvS6UdFlDL1ircFCO7O7p3Nsul8ETZs2kgCktF+RAt2fwQeLKIp/4/BXvnUuwL5Udra24EuxZRyV3shZAcnzWnV6d3pejABHYjuQPTtRdjnoYzzJOFkHkj1f5USEPt/0fuBaUvQ0vXggNrK9Mrp5pejU0h15Ip5Cvjsikag8ZLw0DKAoVm6hPaeUwCbL1jlWDFb2PPTZqV/uDi/q4tRXuxatON7etoYA6tj9zaBBDG7tupzNh2zr2hjWEuR8NFX09fe4NjpSUm7jvIAJ12ZEd37Fkv+k+qtddBsxW4eUvjuqWZMDNVJqFd0GjuPKmdz6vlt6+m1hID8JKBScMAVejFi1SCyu7etRG6up61YXaADG7tBJ3gs737DwIUdD59sH8/6KJuJ6jX/GHHa9bhYHvr5zARpMyBa8KwUv1uUOjIYKkpYVXdUkGByQgPoZ+c0EJxnIOKzLg+BS267ewJSt3bkAquUb27GGRwrtQkj51nhV6dt9UtrbH1S53uR4byotTAybRQWjKkBaqOVJRQCUSziXvARFIHF5EMV0PkDt6lKgssLlU44D0HTLCo5lUVQJbarXelStXy7pjpsZtVt5lAikumq75TwLp04pkDXBRO74dO008qXZ2bAp1jyiu3fmQeJyIG9A1wJTg6lGLm4ABUHrtP3RWBf/wlHVKt7vV7BDN4eIA1yZ6KU5DEXTouz/GV63W0KfiAcjoLuz2Lk7l5kuECS4nZy4zuhqIwr3Oqa0Fxgbng4pqBXEh3KaIKTrB0A5WraVuUn2ZUg3ICgJvOIIh8N+YrQ7368Gyv0w063W/3dh7tNwN/0/vQ+8jb9bre594j72vv0DvySOuX1l+tv1v/tH9q/9r+rf371HXrRhPzgbe02n/+C3L8n64=</latexit>

Page 24: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Assertions: Actions

As with terms, agents can send and receive assertions.

Can now branch based on the derivability of assertions:

confirm and deny actions.

Can add new instances of predicates: insert action.

Internal action, specified by protocol description.

Page 25: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Runtime Model

An A-action is a send, receive, confirm or deny by A.

Actions specified with as much pattern as possible for

terms, with variables standing for unknowns.

An A-role is a sequence of A-actions.

Page 26: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Runtime Model (Contd.)

Each agent accumulates terms and assertions generated

and received, in a knowledge state (X; Φ).

Knowledge states used to enable actions, and possibly

updated after performing actions.

Page 27: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Enabling & Updates

=′( )

+ ∶ (�) �, � + ∶ (�) ,

∪ {�} �′

= ∪ {�}′

= ∪ { }

; �

= ∪ { }′

= ∪ {[�� � ]}

− ∶ �, � − ∶ ,

= ∪ { }′

= ∪ { }

, �

= ∪ {[�� �]}′

= ∪ {[�� �]}

∶ � ∶ ; �

∶ � ∶ ; �<latexit sha1_base64="SQzBZJMASXS+ucZav8Pa9n+izqc=">AAAJXnicnVZtb9s2EFazxovddW3aLwP2hVjcNNkSQ06LLt0QoEY3bBmawUOXNoBlGBRF2UQkUiApxy6r/r/9hH0b0D+y01v8EjtOK8MAfXzu7uE9J57dKGBK2/a/t9a+uL1e+XKjWrvz1d2v793ffPBGiVgSekpEIOSZixUNGKenmumAnkWS4tAN6Fv3/GW6/3ZIpWKC/63HEe2GuM+ZzwjWYOptrr93XNpn3BDKNZVJzVEhDoKaIymnF0SEIeaecbCUeKy0pJoMEtNsPAFg7qexGwdYJuY9KT6wNUjp1IyT8TPtIA4TxxdCc6GpYu+oaZE0Paq79SRB2+gaZB2jI+Qo1g/x4x13dyX+V45dyN5HRHCPpVnUKpfTyMOwTBLHKak7YRxoJsWFeZqY7xNT/6HVM83kJ7TjDCkx42T3g+6ZYp3sIQcH0QBPLPU05YIgZYAwDVC6zYEPcvBZz7QS5JA4Qo4pnBwwDD2sBpBJ0xHobTzIhnQWon72OPM5Qot96wgOuI22S+hxAT2+hOop0GJCPyOnPWB5+IzJ9Bnq6V4ZOMdNYue4WRaFrpcKl1jUKQoJLHCktEDFIbqoCLBMp/1Cp1Kd0c3V2Qd1Vmty/DkS6Llj52VqTcrUWl6mxST2puq7QIfr6zqaq2s8qevnCTO8IoypF0KURYLX0WcyTD4sFAPgS6EFYHX7/SlQnL3K1/HwKB/fhMQ0bhkDfiMKDoUbtLwm81/lZdu7v2U37KcHz57byG48eX74zG6iZsPOnsvFllU87d7m2j+OJ0gcQgASYKU6TTvSXYOlZiSgED5WNMLkHPdpxxuySHEcUtU1o+z2S9Aj2PeQLyR8uUaZddrJ4FCpcegCMsR6oOb3UuOivU6s/cOuYTyKNeUkT+THAYIWSecO8pikRAdjWGAi4WImiAywxAQKMZslkkL4MGpmT2PK1yCpzeQ94a+Brgi6JuMUUTLnBlapfDVrHQV6pCUGo0d9DJHTavgU61hSZU5wFMEIOYJW2E/bIZ2KVIeY8RTW6ZqWJ1yK/qBcwRBrS1ECgECK2HkF05Xv/cL6TKvdzmuCA3p0gmF2vhIXVBKY16tj/AYVOF/mfMI4K90elX4yNC8HOEpndTCJCNNcYZ7FVJ9EBRxDwcUnOnIh4Q8EU3SIJbRZqPJjMX4xYDBkQQAKPWvb3bT5r7T61cWbg0bTbjT/Oth6cVi8BhvWt9Z31o7VtH60Xli/W23r1CLrHyvVyoPKw43/qpXq3eq9HLp2q/B5aM081W/+B8NqQj0=</latexit><latexit sha1_base64="SQzBZJMASXS+ucZav8Pa9n+izqc=">AAAJXnicnVZtb9s2EFazxovddW3aLwP2hVjcNNkSQ06LLt0QoEY3bBmawUOXNoBlGBRF2UQkUiApxy6r/r/9hH0b0D+y01v8EjtOK8MAfXzu7uE9J57dKGBK2/a/t9a+uL1e+XKjWrvz1d2v793ffPBGiVgSekpEIOSZixUNGKenmumAnkWS4tAN6Fv3/GW6/3ZIpWKC/63HEe2GuM+ZzwjWYOptrr93XNpn3BDKNZVJzVEhDoKaIymnF0SEIeaecbCUeKy0pJoMEtNsPAFg7qexGwdYJuY9KT6wNUjp1IyT8TPtIA4TxxdCc6GpYu+oaZE0Paq79SRB2+gaZB2jI+Qo1g/x4x13dyX+V45dyN5HRHCPpVnUKpfTyMOwTBLHKak7YRxoJsWFeZqY7xNT/6HVM83kJ7TjDCkx42T3g+6ZYp3sIQcH0QBPLPU05YIgZYAwDVC6zYEPcvBZz7QS5JA4Qo4pnBwwDD2sBpBJ0xHobTzIhnQWon72OPM5Qot96wgOuI22S+hxAT2+hOop0GJCPyOnPWB5+IzJ9Bnq6V4ZOMdNYue4WRaFrpcKl1jUKQoJLHCktEDFIbqoCLBMp/1Cp1Kd0c3V2Qd1Vmty/DkS6Llj52VqTcrUWl6mxST2puq7QIfr6zqaq2s8qevnCTO8IoypF0KURYLX0WcyTD4sFAPgS6EFYHX7/SlQnL3K1/HwKB/fhMQ0bhkDfiMKDoUbtLwm81/lZdu7v2U37KcHz57byG48eX74zG6iZsPOnsvFllU87d7m2j+OJ0gcQgASYKU6TTvSXYOlZiSgED5WNMLkHPdpxxuySHEcUtU1o+z2S9Aj2PeQLyR8uUaZddrJ4FCpcegCMsR6oOb3UuOivU6s/cOuYTyKNeUkT+THAYIWSecO8pikRAdjWGAi4WImiAywxAQKMZslkkL4MGpmT2PK1yCpzeQ94a+Brgi6JuMUUTLnBlapfDVrHQV6pCUGo0d9DJHTavgU61hSZU5wFMEIOYJW2E/bIZ2KVIeY8RTW6ZqWJ1yK/qBcwRBrS1ECgECK2HkF05Xv/cL6TKvdzmuCA3p0gmF2vhIXVBKY16tj/AYVOF/mfMI4K90elX4yNC8HOEpndTCJCNNcYZ7FVJ9EBRxDwcUnOnIh4Q8EU3SIJbRZqPJjMX4xYDBkQQAKPWvb3bT5r7T61cWbg0bTbjT/Oth6cVi8BhvWt9Z31o7VtH60Xli/W23r1CLrHyvVyoPKw43/qpXq3eq9HLp2q/B5aM081W/+B8NqQj0=</latexit><latexit sha1_base64="SQzBZJMASXS+ucZav8Pa9n+izqc=">AAAJXnicnVZtb9s2EFazxovddW3aLwP2hVjcNNkSQ06LLt0QoEY3bBmawUOXNoBlGBRF2UQkUiApxy6r/r/9hH0b0D+y01v8EjtOK8MAfXzu7uE9J57dKGBK2/a/t9a+uL1e+XKjWrvz1d2v793ffPBGiVgSekpEIOSZixUNGKenmumAnkWS4tAN6Fv3/GW6/3ZIpWKC/63HEe2GuM+ZzwjWYOptrr93XNpn3BDKNZVJzVEhDoKaIymnF0SEIeaecbCUeKy0pJoMEtNsPAFg7qexGwdYJuY9KT6wNUjp1IyT8TPtIA4TxxdCc6GpYu+oaZE0Paq79SRB2+gaZB2jI+Qo1g/x4x13dyX+V45dyN5HRHCPpVnUKpfTyMOwTBLHKak7YRxoJsWFeZqY7xNT/6HVM83kJ7TjDCkx42T3g+6ZYp3sIQcH0QBPLPU05YIgZYAwDVC6zYEPcvBZz7QS5JA4Qo4pnBwwDD2sBpBJ0xHobTzIhnQWon72OPM5Qot96wgOuI22S+hxAT2+hOop0GJCPyOnPWB5+IzJ9Bnq6V4ZOMdNYue4WRaFrpcKl1jUKQoJLHCktEDFIbqoCLBMp/1Cp1Kd0c3V2Qd1Vmty/DkS6Llj52VqTcrUWl6mxST2puq7QIfr6zqaq2s8qevnCTO8IoypF0KURYLX0WcyTD4sFAPgS6EFYHX7/SlQnL3K1/HwKB/fhMQ0bhkDfiMKDoUbtLwm81/lZdu7v2U37KcHz57byG48eX74zG6iZsPOnsvFllU87d7m2j+OJ0gcQgASYKU6TTvSXYOlZiSgED5WNMLkHPdpxxuySHEcUtU1o+z2S9Aj2PeQLyR8uUaZddrJ4FCpcegCMsR6oOb3UuOivU6s/cOuYTyKNeUkT+THAYIWSecO8pikRAdjWGAi4WImiAywxAQKMZslkkL4MGpmT2PK1yCpzeQ94a+Brgi6JuMUUTLnBlapfDVrHQV6pCUGo0d9DJHTavgU61hSZU5wFMEIOYJW2E/bIZ2KVIeY8RTW6ZqWJ1yK/qBcwRBrS1ECgECK2HkF05Xv/cL6TKvdzmuCA3p0gmF2vhIXVBKY16tj/AYVOF/mfMI4K90elX4yNC8HOEpndTCJCNNcYZ7FVJ9EBRxDwcUnOnIh4Q8EU3SIJbRZqPJjMX4xYDBkQQAKPWvb3bT5r7T61cWbg0bTbjT/Oth6cVi8BhvWt9Z31o7VtH60Xli/W23r1CLrHyvVyoPKw43/qpXq3eq9HLp2q/B5aM081W/+B8NqQj0=</latexit><latexit sha1_base64="SQzBZJMASXS+ucZav8Pa9n+izqc=">AAAJXnicnVZtb9s2EFazxovddW3aLwP2hVjcNNkSQ06LLt0QoEY3bBmawUOXNoBlGBRF2UQkUiApxy6r/r/9hH0b0D+y01v8EjtOK8MAfXzu7uE9J57dKGBK2/a/t9a+uL1e+XKjWrvz1d2v793ffPBGiVgSekpEIOSZixUNGKenmumAnkWS4tAN6Fv3/GW6/3ZIpWKC/63HEe2GuM+ZzwjWYOptrr93XNpn3BDKNZVJzVEhDoKaIymnF0SEIeaecbCUeKy0pJoMEtNsPAFg7qexGwdYJuY9KT6wNUjp1IyT8TPtIA4TxxdCc6GpYu+oaZE0Paq79SRB2+gaZB2jI+Qo1g/x4x13dyX+V45dyN5HRHCPpVnUKpfTyMOwTBLHKak7YRxoJsWFeZqY7xNT/6HVM83kJ7TjDCkx42T3g+6ZYp3sIQcH0QBPLPU05YIgZYAwDVC6zYEPcvBZz7QS5JA4Qo4pnBwwDD2sBpBJ0xHobTzIhnQWon72OPM5Qot96wgOuI22S+hxAT2+hOop0GJCPyOnPWB5+IzJ9Bnq6V4ZOMdNYue4WRaFrpcKl1jUKQoJLHCktEDFIbqoCLBMp/1Cp1Kd0c3V2Qd1Vmty/DkS6Llj52VqTcrUWl6mxST2puq7QIfr6zqaq2s8qevnCTO8IoypF0KURYLX0WcyTD4sFAPgS6EFYHX7/SlQnL3K1/HwKB/fhMQ0bhkDfiMKDoUbtLwm81/lZdu7v2U37KcHz57byG48eX74zG6iZsPOnsvFllU87d7m2j+OJ0gcQgASYKU6TTvSXYOlZiSgED5WNMLkHPdpxxuySHEcUtU1o+z2S9Aj2PeQLyR8uUaZddrJ4FCpcegCMsR6oOb3UuOivU6s/cOuYTyKNeUkT+THAYIWSecO8pikRAdjWGAi4WImiAywxAQKMZslkkL4MGpmT2PK1yCpzeQ94a+Brgi6JuMUUTLnBlapfDVrHQV6pCUGo0d9DJHTavgU61hSZU5wFMEIOYJW2E/bIZ2KVIeY8RTW6ZqWJ1yK/qBcwRBrS1ECgECK2HkF05Xv/cL6TKvdzmuCA3p0gmF2vhIXVBKY16tj/AYVOF/mfMI4K90elX4yNC8HOEpndTCJCNNcYZ7FVJ9EBRxDwcUnOnIh4Q8EU3SIJbRZqPJjMX4xYDBkQQAKPWvb3bT5r7T61cWbg0bTbjT/Oth6cVi8BhvWt9Z31o7VtH60Xli/W23r1CLrHyvVyoPKw43/qpXq3eq9HLp2q/B5aM081W/+B8NqQj0=</latexit>

Page 28: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Runtime Model (Contd.)

A protocol is just a set of roles.

Can consider various instantiations of roles — sessions.

A run is an admissible (according to enabling conditions!)

interleaving of such sessions.

One can think of a transition system with states that keep track

of agents’ knowledge and all the sessions in progress, where

enabled actions induce transitions.

Page 29: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Example: FOO e-Voting Protocol

Proposed by Fujioka, Okamoto and Ohta in 1992. [FOO92]

Voter contacts admin, who checks voter’s id and authenticates.

Authenticated voter then sends vote anonymously to collector.

Admin should not know vote, collector should not know id.

Terms-only model ensures this via blind signatures.

FOO92: Fujioka, A.; Okamoto, T.; Ohta, K. (1992), “A Practical Secret Voting Scheme for Large Scale Elections”, Advances in Cryptology — AUSCRYPT ’92, 244–251.

Page 30: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Terms-only

→ ∶

→ ∶

� ∶

→ ∶

V, {blind({v}r, b)}sg(V)

{blind({v}r, b)}sg(A)

{{v}r}sg(A)

list, {{v}r}sg(A)

r

unblind({blind(t, b)}sg(A), b)

={t}sg(A)

� ∶

Page 31: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: What we want

→ ∶

→ ∶

� ∶

{v}k , “V wants to vote with this encryption of a valid vote”

“V is eligible and wants to vote with the term sent earlier”

{v}k’ , “Some eligible agent was authorised by A to vote with

a valid vote, this term is a re-encryption of that same vote.”

A does not have to modify V’s term (which contains the vote)

in order to certify it!

Page 32: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Assertions

→ ∶

→ ∶

� ∶

{ } , {∃ , ∶ { } = { } ∧ ( )}

Page 33: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Assertions

→ ∶

→ ∶

� ∶

{ } , {∃ , ∶ { } = { } ∧ ( )}

Both x, r visible

Not visible, rA not known to anyone but V

Page 34: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Assertions

→ ∶

→ ∶

� ∶

{ } , {∃ , ∶ { } = { } ∧ ( )}

� ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { } ∧ ( )}�

Page 35: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Assertions

→ ∶

→ ∶

� ∶

{ } , {∃ , ∶ { } = { } ∧ ( )}

� ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { } ∧ ( )}�{ } , ,

∃ , , ∶ � � ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { }∧ ( )}�

∧ = �

Page 36: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Assertions

→ ∶

→ ∶

� ∶

∶ ∃ ∶ ( , )

{ } , {∃ , ∶ { } = { } ∧ ( )}

� ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { } ∧ ( )}�{ } , ,

∃ , , ∶ � � ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { }∧ ( )}�

∧ = �

Page 37: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

FOO Protocol: Assertions

→ ∶

→ ∶

� ∶

∶ ∃ ∶ ( , )∶ ( ,{ } )

{ } , {∃ , ∶ { } = { } ∧ ( )}

� ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { } ∧ ( )}�{ } , ,

∃ , , ∶ � � ( ) ∧ ( ,{ } )

∧ {∃ , ∶ { } = { }∧ ( )}�

∧ = �

Page 38: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Verification

Derivability problem: Given a finite set of terms X, a

finite set of assertions Φ, and an assertion α, is it the

case whether X; Φ ⊢α?

Insecurity problem: Given a protocol Pr and a

designated secret assertion α, is there a run of Pr at the

end of which XI, ΦI ⊢α?

Page 39: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability Problem

Proof search: Start from the desired conclusion, try to build a

proof tree using inference system.

For assertions, slightly problematic because of two reasons:

∨e: Need to check that the conclusion of the rule is derivable

from each disjunct separately; two proofs to search for!

∃i: Need to pick appropriate term as witness; unbounded

search!

Page 40: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability ProblemGet around this problem by considering down-closures.

(S;A) said to be down-closed if the following hold:

S contains all bound variables of A

If β∧γ ∈ A, then {β, γ}⊆A

If β∨γ ∈ A, then β ∈ A or γ ∈ A

If ∃x.β ∈ A, then β ∈ A

If a says β ∈ A, then β ∈ A

(T;B) down-closure of (S;A) if it is a minimal down-closed set with S ⊆T & A⊆B.

(T; B) linear in the size of (S; A).

Page 41: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability Problem

Helpful because various “left” properties hold about this system.

Left conjunction: S; A∪{β∧γ} ⊢α iff S; A∪{β, γ} ⊢α.

Left disjunction: S; A∪{β∨γ} ⊢α iff S; A∪{β} ⊢α and S; A∪{γ} ⊢α.

Left exists: S; A∪{∃x.β} ⊢α iff S∪{x}; A∪{β} ⊢α. (Caveats on S, A, β, α)

Left says: S; A∪{a says β} ⊢α iff S; A∪{β, a says β} ⊢α.

Enough to consider trim(B) = {t = u | t = u ∈ B} for a dc (T; B).

Page 42: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability ProblemS; A ⊢α iff all down-closures T; B derive α — T; B ⊢α iff T; trim(B) derives α

using the subsystem core = {ax, eq, ⊥, subst, proj, ∧i, ∨i, ∃i}.

Proofs in core have a normal form — can be decomposed into two parts:

Proofs of S; A ⊢eq µ(t)=µ(u) for each t = u ∈ E, and

A (linear in the size of α) proof of S; µ(E) ⊢α using only ∧i, ∨i, ∃i

where µ is the ‘substitution’ assigning witnesses for the quantifiers, and

E is a set of equalities that are subformulas of α.

For every down-closure’s trim, guess a down-closure, a set E, a substitution µ, and a

proof of S; µ(E) ⊢α.

Page 43: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability Problem

Problem of µ assigning unboundedly large terms for

witnesses for ∃i remains.

Adapt idea of ‘small substitutions’, as presented by

[RT03] for the terms-only system.

Key notion there: If the intruder can achieve the same

‘view’ with a smaller term, no need to use a larger term.

RT03: Rusinowitch, M.; Turuani, M.(2003), “Protocol insecurity with a finite number of sessions and composed keys is np-complete”, Theoretical Computer Science, 299(1- 3):451–475.

Page 44: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability ProblemProblem: Given µ and a set st, find a small ν such that if S; A ⊢eq µ(t) = µ(u) for t, u

∈ st, then S; A ⊢eq ν(t) = ν(u).

Choose st as the set of all subterms (of S, A and α).

Consider a minimal variable x: no other variables occur in µ(x)

Set ν(x) = µ(x) if either µ(x) ∈ st, or S; A ⊢eq µ(x) = µ(t) for t ∈ st.

Otherwise, set ν(x) to be some new random value nt where µ(x) = t.

Cascade to non-minimal variables, to preserve equations.

Can show that ν is a small substitution (polynomial in the size of st) preserving

derivability under ⊢eq.

Page 45: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability Problem

For every down-closure, need: a set of equalities E, a small

substitution µ, and a proof of S; µ(E) ⊢α).

Down-closure is linear in the size of S; A

E polynomial in the size of α (since subformulas)

µ polynomial in the size of S; A and α (since small)

A proof of S; µ(E) ⊢α linear in the size of α.

Can obtain a Π2, i.e. a coNPNP procedure.

Page 46: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability Problem

This bound is tight — the problem is Π2-complete.

Reduction from the validity problem for QBF formulas

of the form ∀p1…pm∃q1…qnψ.

Can define for each such formula S, A and α such that

S; A ⊢ α iff ∀p1…pm∃q1…qnψ is valid.

Page 47: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Derivability Problem= { , � ≤ ≤ } ∪ { , � ≤ ≤ } ∪ { ( , ) � ≤ ≤ }

= {∃ ∶ [ = ( , ) ∧ ( = ∨ = )] � ≤ ≤

= ∃ . . . . . . � �, [⋅]

∶= = ( , )

¬ ∶= = ( , )

∶= =

¬ ∶= =

∧ ∶= ∧

∨ ∶= ∨

; � ∀�∃�<latexit sha1_base64="hunP7tPJ1naOk1jjWildVM3zkGk=">AAAHuHiclVVtb9s2EFZTb+68t6b7uC+HpR2SwTPkrOjSDAZadMCGoQEyZGkLWIJGUZTFhCIVkrKdCvqB+wMD9m92lOzUThwUIWCRfHj33PH4kI4LwY31/f/ubd3vfPJp98Fnvc+/+PKrrx9uP3pjVKkpO6VKKP0uJoYJLtmp5Vawd4VmJI8Fexufv3Lrb6dMG67kX/ayYGFOJpKnnBKLULR9/99gDCcwgqACEvE+xBGHIOcJDCEQDHjzzSGoIaBl4cxodNaHJDpbNTtrvnLVLLBsbivDJK13G+bzvduIwx4m8bJNImBz3LWBecQvMZVDGIPFfrTGN3d8uIyMgsjEUaXWoWhH3AZw29BOcT+B5pPM7kG4MX4TPCCiyIiL0oav3kfVsA5EotpxXtczhywhnEicxHwixoHCArv6V0FheAPqsL/Id5YxzeDxqhFFhjp8DNxAwlKEEuAyKanlUyYugRhIlRBqZgZtaWI24bIigk/kD3XvA1ERVbxGk4uSJPD94Wgxsg6+Vi/isD68dx3WLFhhCYRUtqrvQBbfTnaxmWW2YKFNvyn8RxyTDY5Y6/aMUADtZH8Dw02HeqmZayuN9+YISt81AMpvA38vYDK5Okmnu5NfUPfBNCEmW2qwLTXwNAVkSpUmQqAJo1VRX92OZn6Bc6S+8jAwRe6kkU30cMcf+E/3nz33wR/89PzgmT+E4cBv2tVgx1u042h7658gUbTMmbRUEGPGQ7+wYUW05VQwzL00rCD0nEzYOJnywkiSMxNW8+YRquEJricoXY0/aaFBV50qkhtzmcdomRObmetrDty0Ni5tehBWXBaldfprAqWlAKvAvWiQcM2oxZuTcEI1x3SBZkQTavHdW4tSaKVSq9n6bqq8FJZrNXNHshL3SJ5gukqEVZNTweg1N0S1Sc06Ohd2bjVBEC83QWZXjZQRW2pmqiNSFFxORnhiP7pTQzPDbE64dGbjsHqZqJjBH0waJeFYq6UBJuAsdl/juy37v/IJt2ZvfEKJYKMjYmn2Ws2YpvhP8HGO37AC57c5H3HJl25Pln46r15lpCAaxfiBEYVpiGw4zZ1SQcdcSXVHR6l0jvo2bEo0yiw37ba4nGXcMoMHwFCzvh/2UPw3pH5z8GZ/MPQHwz/3d14cLK7BA+9b7ztv1xt6P3svvN+9Y+/Uo51Rh3ZEJ+8edv/uTrq8Nd26t/D5xltrXf0/ywOvSQ==</latexit><latexit sha1_base64="hunP7tPJ1naOk1jjWildVM3zkGk=">AAAHuHiclVVtb9s2EFZTb+68t6b7uC+HpR2SwTPkrOjSDAZadMCGoQEyZGkLWIJGUZTFhCIVkrKdCvqB+wMD9m92lOzUThwUIWCRfHj33PH4kI4LwY31/f/ubd3vfPJp98Fnvc+/+PKrrx9uP3pjVKkpO6VKKP0uJoYJLtmp5Vawd4VmJI8Fexufv3Lrb6dMG67kX/ayYGFOJpKnnBKLULR9/99gDCcwgqACEvE+xBGHIOcJDCEQDHjzzSGoIaBl4cxodNaHJDpbNTtrvnLVLLBsbivDJK13G+bzvduIwx4m8bJNImBz3LWBecQvMZVDGIPFfrTGN3d8uIyMgsjEUaXWoWhH3AZw29BOcT+B5pPM7kG4MX4TPCCiyIiL0oav3kfVsA5EotpxXtczhywhnEicxHwixoHCArv6V0FheAPqsL/Id5YxzeDxqhFFhjp8DNxAwlKEEuAyKanlUyYugRhIlRBqZgZtaWI24bIigk/kD3XvA1ERVbxGk4uSJPD94Wgxsg6+Vi/isD68dx3WLFhhCYRUtqrvQBbfTnaxmWW2YKFNvyn8RxyTDY5Y6/aMUADtZH8Dw02HeqmZayuN9+YISt81AMpvA38vYDK5Okmnu5NfUPfBNCEmW2qwLTXwNAVkSpUmQqAJo1VRX92OZn6Bc6S+8jAwRe6kkU30cMcf+E/3nz33wR/89PzgmT+E4cBv2tVgx1u042h7658gUbTMmbRUEGPGQ7+wYUW05VQwzL00rCD0nEzYOJnywkiSMxNW8+YRquEJricoXY0/aaFBV50qkhtzmcdomRObmetrDty0Ni5tehBWXBaldfprAqWlAKvAvWiQcM2oxZuTcEI1x3SBZkQTavHdW4tSaKVSq9n6bqq8FJZrNXNHshL3SJ5gukqEVZNTweg1N0S1Sc06Ohd2bjVBEC83QWZXjZQRW2pmqiNSFFxORnhiP7pTQzPDbE64dGbjsHqZqJjBH0waJeFYq6UBJuAsdl/juy37v/IJt2ZvfEKJYKMjYmn2Ws2YpvhP8HGO37AC57c5H3HJl25Pln46r15lpCAaxfiBEYVpiGw4zZ1SQcdcSXVHR6l0jvo2bEo0yiw37ba4nGXcMoMHwFCzvh/2UPw3pH5z8GZ/MPQHwz/3d14cLK7BA+9b7ztv1xt6P3svvN+9Y+/Uo51Rh3ZEJ+8edv/uTrq8Nd26t/D5xltrXf0/ywOvSQ==</latexit><latexit sha1_base64="hunP7tPJ1naOk1jjWildVM3zkGk=">AAAHuHiclVVtb9s2EFZTb+68t6b7uC+HpR2SwTPkrOjSDAZadMCGoQEyZGkLWIJGUZTFhCIVkrKdCvqB+wMD9m92lOzUThwUIWCRfHj33PH4kI4LwY31/f/ubd3vfPJp98Fnvc+/+PKrrx9uP3pjVKkpO6VKKP0uJoYJLtmp5Vawd4VmJI8Fexufv3Lrb6dMG67kX/ayYGFOJpKnnBKLULR9/99gDCcwgqACEvE+xBGHIOcJDCEQDHjzzSGoIaBl4cxodNaHJDpbNTtrvnLVLLBsbivDJK13G+bzvduIwx4m8bJNImBz3LWBecQvMZVDGIPFfrTGN3d8uIyMgsjEUaXWoWhH3AZw29BOcT+B5pPM7kG4MX4TPCCiyIiL0oav3kfVsA5EotpxXtczhywhnEicxHwixoHCArv6V0FheAPqsL/Id5YxzeDxqhFFhjp8DNxAwlKEEuAyKanlUyYugRhIlRBqZgZtaWI24bIigk/kD3XvA1ERVbxGk4uSJPD94Wgxsg6+Vi/isD68dx3WLFhhCYRUtqrvQBbfTnaxmWW2YKFNvyn8RxyTDY5Y6/aMUADtZH8Dw02HeqmZayuN9+YISt81AMpvA38vYDK5Okmnu5NfUPfBNCEmW2qwLTXwNAVkSpUmQqAJo1VRX92OZn6Bc6S+8jAwRe6kkU30cMcf+E/3nz33wR/89PzgmT+E4cBv2tVgx1u042h7658gUbTMmbRUEGPGQ7+wYUW05VQwzL00rCD0nEzYOJnywkiSMxNW8+YRquEJricoXY0/aaFBV50qkhtzmcdomRObmetrDty0Ni5tehBWXBaldfprAqWlAKvAvWiQcM2oxZuTcEI1x3SBZkQTavHdW4tSaKVSq9n6bqq8FJZrNXNHshL3SJ5gukqEVZNTweg1N0S1Sc06Ohd2bjVBEC83QWZXjZQRW2pmqiNSFFxORnhiP7pTQzPDbE64dGbjsHqZqJjBH0waJeFYq6UBJuAsdl/juy37v/IJt2ZvfEKJYKMjYmn2Ws2YpvhP8HGO37AC57c5H3HJl25Pln46r15lpCAaxfiBEYVpiGw4zZ1SQcdcSXVHR6l0jvo2bEo0yiw37ba4nGXcMoMHwFCzvh/2UPw3pH5z8GZ/MPQHwz/3d14cLK7BA+9b7ztv1xt6P3svvN+9Y+/Uo51Rh3ZEJ+8edv/uTrq8Nd26t/D5xltrXf0/ywOvSQ==</latexit><latexit sha1_base64="hunP7tPJ1naOk1jjWildVM3zkGk=">AAAHuHiclVVtb9s2EFZTb+68t6b7uC+HpR2SwTPkrOjSDAZadMCGoQEyZGkLWIJGUZTFhCIVkrKdCvqB+wMD9m92lOzUThwUIWCRfHj33PH4kI4LwY31/f/ubd3vfPJp98Fnvc+/+PKrrx9uP3pjVKkpO6VKKP0uJoYJLtmp5Vawd4VmJI8Fexufv3Lrb6dMG67kX/ayYGFOJpKnnBKLULR9/99gDCcwgqACEvE+xBGHIOcJDCEQDHjzzSGoIaBl4cxodNaHJDpbNTtrvnLVLLBsbivDJK13G+bzvduIwx4m8bJNImBz3LWBecQvMZVDGIPFfrTGN3d8uIyMgsjEUaXWoWhH3AZw29BOcT+B5pPM7kG4MX4TPCCiyIiL0oav3kfVsA5EotpxXtczhywhnEicxHwixoHCArv6V0FheAPqsL/Id5YxzeDxqhFFhjp8DNxAwlKEEuAyKanlUyYugRhIlRBqZgZtaWI24bIigk/kD3XvA1ERVbxGk4uSJPD94Wgxsg6+Vi/isD68dx3WLFhhCYRUtqrvQBbfTnaxmWW2YKFNvyn8RxyTDY5Y6/aMUADtZH8Dw02HeqmZayuN9+YISt81AMpvA38vYDK5Okmnu5NfUPfBNCEmW2qwLTXwNAVkSpUmQqAJo1VRX92OZn6Bc6S+8jAwRe6kkU30cMcf+E/3nz33wR/89PzgmT+E4cBv2tVgx1u042h7658gUbTMmbRUEGPGQ7+wYUW05VQwzL00rCD0nEzYOJnywkiSMxNW8+YRquEJricoXY0/aaFBV50qkhtzmcdomRObmetrDty0Ni5tehBWXBaldfprAqWlAKvAvWiQcM2oxZuTcEI1x3SBZkQTavHdW4tSaKVSq9n6bqq8FJZrNXNHshL3SJ5gukqEVZNTweg1N0S1Sc06Ohd2bjVBEC83QWZXjZQRW2pmqiNSFFxORnhiP7pTQzPDbE64dGbjsHqZqJjBH0waJeFYq6UBJuAsdl/juy37v/IJt2ZvfEKJYKMjYmn2Ws2YpvhP8HGO37AC57c5H3HJl25Pln46r15lpCAaxfiBEYVpiGw4zZ1SQcdcSXVHR6l0jvo2bEo0yiw37ba4nGXcMoMHwFCzvh/2UPw3pH5z8GZ/MPQHwz/3d14cLK7BA+9b7ztv1xt6P3svvN+9Y+/Uo51Rh3ZEJ+8edv/uTrq8Nd26t/D5xltrXf0/ywOvSQ==</latexit>

Page 48: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Insecurity Problem

For the derivability problem, just one substitution µ for

the witnesses for ∃i. Here, the intruder can inject terms,

so a σ for the terms in (S; A) as well as µ.

Can get small ν instead of µ as earlier. But not yet clear

how to do that for σ.

Solve the insecurity problem for finitely many sessions

and bounded substitutions.

Page 49: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Insecurity Problem

Input: protocol Pr, bound k on the number of sessions,

bound n on the size of σ.

Σ3 algorithm: Guess a suitable σ of size ≤n, and a run with ≤k

sessions — both polynomial in input. Verifying enabledness

for actions uses Π2 algorithm for the derivability problem.

Tight bound: similar reduction as earlier from validity of

QBF formulas of the form ∃r1…rl∀p1…pm∃q1…qnψ.

Page 50: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Future Work

Procedure to obtain a small equivalent for the σ in the

insecurity problem; remove that parameter from input.

Implementation and tool support.

Derivability problem in the presence of non-trivial

equational theories.

Page 51: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Conclusion

Presented an abstract model for security protocols

involving certification.

Extended the Dolev-Yao model with assertions, and

modelled the FOO e-voting protocol in this system.

Provided algorithms and complexity results for the

verification problems of interest.

Page 52: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

References

Existential Assertions for Voting Protocols

R Ramanujam, Vaishnavi Sundararajan and S P Suresh

Proc. FC 2017 Workshops (Voting '17), Springer LNCS vol. 10323, 337–352.

The complexity of disjunction in intuitionistic logic

R Ramanujam, Vaishnavi Sundararajan and S P Suresh

Proc. LFCS 2016, Springer LNCS vol. 9537, 349–363.

Extending Dolev-Yao with assertions

R Ramanujam, Vaishnavi Sundararajan and S P Suresh

Proc. ICISS 2014, Springer LNCS vol. 8880, 50–68.

Page 53: A heory of Assertions for Dolev-Yao Modelsseminaire-dga.gforge.inria.fr/2017/20180608... · 2018-09-20 · A position p is ‘abstratable’ inside a term t if we can replace the

Thank you!


David Dolev Mit Israel Program

David Dolev Mit Israel Program

Technology
brochure-web(resized) 20180608 · Title: brochure-web(resized)_20180608.pdf Created Date: 20180608015707Z

brochure-web(resized) 20180608 · Title: brochure-web(resized)_20180608.pdf Created Date: 20180608015707Z

Documents
Deep Learning Explained - BGUmcv172/wiki.files/2017-06...Deep Learning Explained Dolev Pomeranz, Chief Architect Trax @ BGU 2017

Deep Learning Explained - BGUmcv172/wiki.files/2017-06...Deep Learning Explained Dolev Pomeranz, Chief Architect Trax @ BGU 2017

Documents
delhiassembly.nic.indelhiassembly.nic.in/VidhanSabhaQuestions/20180608/Starred/S-60... · Detail of Bus Routes in Mangol puri Vidhan Sabha Constituency Route Originating From Mangol

delhiassembly.nic.indelhiassembly.nic.in/VidhanSabhaQuestions/20180608/Starred/S-60... · Detail of Bus Routes in Mangol puri Vidhan Sabha Constituency Route Originating From Mangol

Documents
Trends and Trajectories Since the Decade of Hopelibrary.fes.de/pdf-files/bueros/fes-pscc/14514-20180608.pdf · African National Congress (ANC) assuming power, there was widespread

Trends and Trajectories Since the Decade of Hopelibrary.fes.de/pdf-files/bueros/fes-pscc/14514-20180608.pdf · African National Congress (ANC) assuming power, there was widespread

Documents
Chapter 3 - Motivating Self-Stabilization3-1 Chapter 3 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights Reserved

Chapter 3 - Motivating Self-Stabilization3-1 Chapter 3 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights Reserved

Documents
An advanced greedy square jigsaw puzzle solver Dolev Pomeranz

An advanced greedy square jigsaw puzzle solver Dolev Pomeranz

Documents
Recovery Oriented Programming Olga Brukman and Shlomi Dolev Ben-Gurion University Beer-Sheva Israel

Recovery Oriented Programming Olga Brukman and Shlomi Dolev Ben-Gurion University Beer-Sheva Israel

Documents
Combining static analyses for helping detection and ...seminaire-dga.gforge.inria.fr/2013/20131108_MarieLau...2013/11/08  · Combining static analyses for helping detection and exploitability

Combining static analyses for helping detection and ...seminaire-dga.gforge.inria.fr/2013/20131108_MarieLau...2013/11/08  · Combining static analyses for helping detection and exploitability

Documents
Security Models: Dolev-Yao, Semantic Security, Probabilistic Encryption and ZKIP

Security Models: Dolev-Yao, Semantic Security, Probabilistic Encryption and ZKIP

Documents
An introduction to Computer Virology - Inriaseminaire-dga.gforge.inria.fr/2010/20110218_JeanYvesMarion.pdf · An introduction to Computer Virology Jean-Yves Marion LORIA INPL - ENSMN

An introduction to Computer Virology - Inriaseminaire-dga.gforge.inria.fr/2010/20110218_JeanYvesMarion.pdf · An introduction to Computer Virology Jean-Yves Marion LORIA INPL - ENSMN

Documents
On the Security of Public Key Protocols - Hebrew …dolev/pubs/dolev-yao-ieee-01056650.pdfDANNY DOLEV AND ANDREW c. YAO, MEMBER, IEEE Abstract-Recently the use of public key encryption

On the Security of Public Key Protocols - Hebrew …dolev/pubs/dolev-yao-ieee-01056650.pdfDANNY DOLEV AND ANDREW c. YAO, MEMBER, IEEE Abstract-Recently the use of public key encryption

Documents
Allenby's Military Medicine - Life and Death in WWI Palestine - E. Dolev (I B Tauris, 2007) WW

Allenby's Military Medicine - Life and Death in WWI Palestine - E. Dolev (I B Tauris, 2007) WW

Documents
Self-Stabilizing Systems as a Base for Autonomic Computing Shlomi Dolev Yinnon Haviv, Reuven Yagel, Olga Brukman

Self-Stabilizing Systems as a Base for Autonomic Computing Shlomi Dolev Yinnon Haviv, Reuven Yagel, Olga Brukman

Documents
A TABLEAUX METHOD FOR DOLEV-YAO MULTI-AGENT … · A TABLEAUX METHOD FOR DOLEV-YAO MULTI-AGENT EPISTEMIC LOGIC Luiz Cl audio Frederico Fernandez Disserta˘c~ao de Mestrado apresentada

A TABLEAUX METHOD FOR DOLEV-YAO MULTI-AGENT … · A TABLEAUX METHOD FOR DOLEV-YAO MULTI-AGENT EPISTEMIC LOGIC Luiz Cl audio Frederico Fernandez Disserta˘c~ao de Mestrado apresentada

Documents
Towards a Quantitative Approach to Attack Responseseminaire-dga.gforge.inria.fr/2015/20151120_HerveDebar.pdf · 2016. 1. 14. · Initial Return On Response Investment (RORI) Index

Towards a Quantitative Approach to Attack Responseseminaire-dga.gforge.inria.fr/2015/20151120_HerveDebar.pdf · 2016. 1. 14. · Initial Return On Response Investment (RORI) Index

Documents
Magic: The Gathering Comprehensive Rulesmedia.wizards.com/2018/downloads/MagicCompRules 20180608.pdf · Magic: The Gathering Comprehensive Rules These rules are effective as of June

Magic: The Gathering Comprehensive Rulesmedia.wizards.com/2018/downloads/MagicCompRules 20180608.pdf · Magic: The Gathering Comprehensive Rules These rules are effective as of June

Documents
Shlomi Dolev and Reuven Yagel, Computer Science Department Ben-Gurion University of the Negev, Beer-Sheva, Israel {dolev|yagel}@cs.bgu.ac.il SSS06 11/06

Shlomi Dolev and Reuven Yagel, Computer Science Department Ben-Gurion University of the Negev, Beer-Sheva, Israel {dolev|yagel}@cs.bgu.ac.il SSS06 11/06

Documents
Evolutionary computation in cryptography and security - Inriaseminaire-dga.gforge.inria.fr/2016/20170425_DomagojJakobovic.pdf · Evolutionary computation in cryptography and security

Evolutionary computation in cryptography and security - Inriaseminaire-dga.gforge.inria.fr/2016/20170425_DomagojJakobovic.pdf · Evolutionary computation in cryptography and security

Documents
Formal Proof of Dynamic Memory Isolation Based on MMUseminaire-dga.gforge.inria.fr › 2016 › 20160923_DavidNowak.pdf · 9/23/2016  · | val : X! resultX | hlt : resultX | undef

Formal Proof of Dynamic Memory Isolation Based on MMUseminaire-dga.gforge.inria.fr › 2016 › 20160923_DavidNowak.pdf · 9/23/2016  · | val : X! resultX | hlt : resultX | undef

Documents
218.188.1.124218.188.1.124/now/activitiesweb/notice/20180608.pdf · Prof Rosanna Whitfield Whitgift British and Internation- al Federation of Festivals HONG KONG , monic Orchestra

218.188.1.124218.188.1.124/now/activitiesweb/notice/20180608.pdf · Prof Rosanna Whitfield Whitgift British and Internation- al Federation of Festivals HONG KONG , monic Orchestra

Documents
Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul

Information Security for Sensors Overwhelming Random Sequences and Permutations Shlomi Dolev, Niv Gilboa, Marina Kopeetsky, Giuseppe Persiano, and Paul

Documents
Large-scale value extraction in mobile applicationsseminaire-dga.gforge.inria.fr/2015/20160513_EricBodden.pdf · Harvesting Runtime Values in Android Applications That Feature Anti-Analysis

Large-scale value extraction in mobile applicationsseminaire-dga.gforge.inria.fr/2015/20160513_EricBodden.pdf · Harvesting Runtime Values in Android Applications That Feature Anti-Analysis

Documents
Dolev 6.pdf

Dolev 6.pdf

Documents
Autonomous Virtual Mobile Nodes Shlomi Dolev Seth Gilbert Elad Schiller Alex Shvartsman Jennifer Welch

Autonomous Virtual Mobile Nodes Shlomi Dolev Seth Gilbert Elad Schiller Alex Shvartsman Jennifer Welch

Documents
Formal Modelling and Analysis of Socio-technical Systemsseminaire-dga.gforge.inria.fr/2015/20160610_CProbst_SocioTechnical... · Formal Modelling and Analysis of Socio-technical Systems

Formal Modelling and Analysis of Socio-technical Systemsseminaire-dga.gforge.inria.fr/2015/20160610_CProbst_SocioTechnical... · Formal Modelling and Analysis of Socio-technical Systems

Documents
Justifying a Dolev-Yao Model under Active Attacks, and Limitations Thereof

Justifying a Dolev-Yao Model under Active Attacks, and Limitations Thereof

Documents
Saya Web Interface Project Edward Rafaelov & Vladimir Postel DEC. 2007 Advisors: Prof. Shlomi Dolev & Michael Orlov

Saya Web Interface Project Edward Rafaelov & Vladimir Postel DEC. 2007 Advisors: Prof. Shlomi Dolev & Michael Orlov

Documents
Giacomo dolev

Giacomo dolev

Documents
Adaptive and Self-Configurable Honeypotsseminaire-dga.gforge.inria.fr/2011/20110909_RaduState.pdf · Introduction Context •Honeypots are resources dedicated to be attacked [4] •The

Adaptive and Self-Configurable Honeypotsseminaire-dga.gforge.inria.fr/2011/20110909_RaduState.pdf · Introduction Context •Honeypots are resources dedicated to be attacked [4] •The

Documents