Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Knowledge Problems in Protocol Analysis: Extending the Notion of Subterm Convergent (2401.17226v1)

Published 30 Jan 2024 in cs.LO

Abstract: We introduce a new form of restricted term rewrite system, the graph-embedded term rewrite system. These systems, and thus the name, are inspired by the graph minor relation and are more flexible extensions of the well-known homeomorphic-embedded property of term rewrite systems. As a motivating application area, we consider the symbolic analysis of security protocols, and more precisely the two knowledge problems defined by the deduction problem and the static equivalence problem. In this field restricted term rewrite systems, such as subterm convergent ones, have proven useful since the knowledge problems are decidable for such systems. Many of the same decision procedures still work for examples of systems which are "beyond subterm convergent". However, the applicability of the corresponding decision procedures to these examples must often be proven on an individual basis. This is due to the problem that they don't fit into an existing syntactic definition for which the procedures are known to work. Here we show that many of these systems belong to a particular subclass of graph-embedded convergent systems, called contracting convergent systems. On the one hand, we show that the knowledge problems are decidable for the subclass of contracting convergent systems. On the other hand, we show that the knowledge problems are undecidable for the class of graph-embedded systems. Going further, we compare and contrast these graph embedded systems with several notions and properties already known in the protocol analysis literature. Finally, we provide several combination results, both for the combination of multiple contracting convergent systems, and then for the combination of contracting convergent systems with particular permutative equational theories.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. Deciding knowledge in security protocols under equational theories. Theor. Comput. Sci., 367(1-2):2–32, 2006.
  2. Mobile values, new names, and secure communication. In Chris Hankin and Dave Schmidt, editors, Conference Record of POPL 2001: The 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, London, UK, January 17-19, 2001, pages 104–115. ACM, 2001.
  3. Intruder deduction problem for locally stable theories with normal forms and inverses. Theor. Comput. Sci., 672:64–100, 2017.
  4. Unification modulo homomorphic encryption. J. Autom. Reason., 48(2):135–158, 2012.
  5. Intruders with caps. In Franz Baader, editor, Term Rewriting and Applications, 18th International Conference, RTA 2007, Paris, France, June 26-28, 2007, Proceedings, volume 4533 of Lecture Notes in Computer Science, pages 20–35. Springer, 2007.
  6. Intruders with caps. Research report, Laboratoire d’Informatique Fondamentale d’Orléans, 2007. URL: https://hal.science/hal-00144178.
  7. YAPA: A generic tool for computing intruder knowledge. ACM Trans. Comput. Log., 14(1):4, 2013.
  8. On forward closure and the finite variant property. In Pascal Fontaine, Christophe Ringeissen, and Renate A. Schmidt, editors, Frontiers of Combining Systems - 9th International Symposium, FroCoS 2013, Nancy, France, September 18-20, 2013. Proceedings, volume 8152 of Lecture Notes in Computer Science, pages 327–342. Springer, 2013.
  9. Bruno Blanchet. Automatic proof of strong secrecy for security protocols. In 2004 IEEE Symposium on Security and Privacy (S&P 2004), 9-12 May 2004, Berkeley, CA, USA, pages 86–100. IEEE Computer Society, 2004.
  10. Term rewriting and all that. Cambridge University Press, 1998.
  11. Unification theory. In John Alan Robinson and Andrei Voronkov, editors, Handbook of Automated Reasoning, pages 445–532. Elsevier and MIT Press, 2001.
  12. Automated verification of equivalence properties of cryptographic protocols. ACM Trans. Comput. Log., 17(4):23:1–23:32, 2016.
  13. Computing knowledge in security protocols under convergent equational theories. J. Autom. Reasoning, 48(2):219–262, 2012.
  14. On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In David Lie, Mohammad Mannan, Michael Backes, and XiaoFeng Wang, editors, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15-19, 2018, pages 1802–1819. ACM, 2018.
  15. The finite variant property: How to get rid of some algebraic properties. In Jürgen Giesl, editor, Term Rewriting and Applications, 16th International Conference, RTA 2005, Nara, Japan, April 19-21, 2005, Proceedings, volume 3467 of Lecture Notes in Computer Science, pages 294–307. Springer, 2005.
  16. A survey of algebraic properties used in cryptographic protocols. J. Comput. Secur., 14(1):1–43, 2006.
  17. Beyond subterm-convergent equational theories in automated verification of stateful protocols. In Matteo Maffei and Mark Ryan, editors, Principles of Security and Trust - 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, April 22-29, 2017, Proceedings, volume 10204 of Lecture Notes in Computer Science, pages 117–140. Springer, 2017.
  18. Reinhard Diestel. Graph Theory, volume 173 of Graduate Texts in Mathematics. Springer, third edition, 2006.
  19. Notions of knowledge in combinations of theories sharing constructors. In Leonardo de Moura, editor, Automated Deduction - CADE 26 - 26th International Conference on Automated Deduction, Gothenburg, Sweden, Proceedings, volume 10395 of LNCS, pages 60–76. Springer, 2017.
  20. Computing knowledge in equational extensions of subterm convergent theories. Math. Struct. Comput. Sci., 30(6):683–709, 2020.
  21. Folding variant narrowing and optimal variant termination. J. Log. Algebr. Program., 81(7-8):898–928, 2012.
  22. Basic syntactic mutation. In Andrei Voronkov, editor, Automated Deduction - CADE-18, 18th International Conference on Automated Deduction, Copenhagen, Denmark, July 27-30, 2002, Proceedings, volume 2392 of Lecture Notes in Computer Science, pages 471–485. Springer, 2002.
  23. Aart Middeldorp. Modular Properties of Term Rewriting Systems. PhD thesis, Vrije Universiteit, Amsterdam, 1990.
  24. Ky Nguyen. Formal verification of a messaging protocol. Internship report, 2019. Work done under the supervision of Vincent Cheval and Véronique Cortier.
  25. Single versus simultaneous equational unification and equational unification for variable-permuting theories. J. Autom. Reason., 19(1):87–115, 1997.
  26. Manfred Schmidt-Schauß. Unification in permutative equational theories is undecidable. J. Symb. Comput., 8(4):415–421, 1989.
  27. Knowledge problems in security protocols: Going beyond subterm convergent theories. In Marco Gaboardi and Femke van Raamsdonk, editors, 8th International Conference on Formal Structures for Computation and Deduction, FSCD 2023, July 3-6, 2023, Rome, Italy, volume 260 of LIPIcs, pages 30:1–30:19. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2023. URL: https://doi.org/10.4230/LIPIcs.FSCD.2023.30, doi:10.4230/LIPICS.FSCD.2023.30.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now