Lawrence C. Paulson scite author profile

Informal arguments that cryptographic protocols are secure can be made rigorous using inductive definitions. The approach is based on ordinary predicate calculus and copes with infinite-state systems. Proofs are generated using Isabelle/HOL. The human effort required to analyze a protocol can be as little as a week or two, yielding a proof script that takes a few minutes to run.Protocols are inductively defined as sets of traces. A trace is a list of communication events, perhaps comprising many interleaved protocol runs. Protocol descriptions incorporate attacks and accidental losses. The model spy knows some private keys and can forge messages using components decrypted from previous traffic. Three protocols are analyzed below: OtwayRees (which uses shared-key encryption), Needham-Schroeder (which uses public-key encryption), and a recursive protocol [9] (which is of variable length).One can prove that event ev always precedes event ev or that property P holds provided X remains secret. Properties can be proved from the viewpoint of the various principals: say, if A receives a final message from B then the session key it conveys is good.

show abstract

The foundation of a generic theorem prover

Paulson

1989

J Autom Reasoning

261

144

View full text Add to dashboard Cite

Isabelle [28,30] is an interactive theorem prover that supports a variety of logics. It represents rules as propositions (not as functions) and builds proofs by combining rules. These operations constitute a meta-logic (or 'logical framework') in which the object-logics are formalized. Isabelle is now based on higher-order logic -a precise and well-understood foundation.Examples illustrate use of this meta-logic to formalize logics and proofs. Axioms for first-order logic are shown sound and complete. Backwards proof is formalized by meta-reasoning about object-level entailment.Higher-order logic has several practical advantages over other meta-logics. Many proof techniques are known, such as Huet's higher-order unification procedure.

show abstract

Translating Higher-Order Clauses to First-Order Clauses

2007

View full text Add to dashboard Cite

Abstract. Interactive provers typically use higher-order logic, while automatic provers typically use first-order logic. In order to integrate interactive provers with automatic ones, it is necessary to translate higher-order formulae to first-order form. The translation should ideally be both sound and practical. We have investigated several methods of translating function applications, types and λ-abstractions. Omitting some type information improves the success rate, but can be unsound, so the interactive prover must verify the proofs. This paper presents experimental data that compares the translations in respect of their success rates for three automatic provers.

show abstract

MetiTarski: An Automatic Theorem Prover for Real-Valued Special Functions

2009

View full text Add to dashboard Cite

Many theorems involving special functions such as ln, exp and sin can be proved automatically by MetiTarski: a resolution theorem prover modified to call a decision procedure for the theory of real closed fields. Special functions are approximated by upper and lower bounds, which are typically rational functions derived from Taylor or continued fraction expansions. The decision procedure simplifies clauses by deleting literals that are inconsistent with other algebraic facts. MetiTarski simplifies arithmetic expressions by conversion to a recursive representation, followed by flattening of nested quotients. Applications include verifying hybrid and control systems.

show abstract

ML for the Working Programmer

Paulson

1996

209

118

View full text Add to dashboard Cite

Proving properties of security protocols by induction

Paulson

162

108

View full text Add to dashboard Cite

Extending Sledgehammer with SMT Solvers

2013

View full text Add to dashboard Cite

Abstract. Sledgehammer is a component of Isabelle/HOL that employs firstorder automatic theorem provers (ATPs) to discharge goals arising in interactive proofs. It heuristically selects relevant facts and, if an ATP is successful, produces a snippet that replays the proof in Isabelle. We extended Sledgehammer to invoke satisfiability modulo theories (SMT) solvers as well, exploiting its relevance filter and parallel architecture. Isabelle users are now pleasantly surprised by SMT proofs for problems beyond the ATPs' reach. Remarkably, the best SMT solver performs better than the best ATP on most of our benchmarks.

show abstract

Isabelle: The next seven hundred theorem provers

Paulson

View full text Add to dashboard Cite

Isabelle[2] is a theorem prover for a large class of logics. The object-logics are formalized within Isabelle's meta-logic, which is intuitionistic higher-order logic with implication, universal quantifiers, and equality. 1 The implication φ =⇒ ψ means 'φ implies ψ', and expresses logical entailment. The quantification x.φ means 'φ is true for all x', and expresses generality in rules and axiom schemes. The equality a ≡ b means 'a equals b', and allows new symbols to be defined as abbreviations.Isabelle takes many ideas from lcf [1]. Formulae are manipulated through the meta-language Standard ML; proofs can be developed in the backwards direction via tactics and tacticals. But lcf represents the inference rule A B A&B by a function that maps the theorems A and B to the theorem A & B, while Isabelle represents this rule by an axiom in the meta-logic: A. B. [[A]] =⇒ ([[B]] =⇒ [[A & B]])Observe how object-logic formulae are enclosed in brackets:Higher-order logic uses the typed λ-calculus, whose notions of free and bound variables handle quantifiers. So ∀x.A can be represented by All(λx.A), where All is a new constant and A is a formula containing x. More precisely, ∀x.F (x) can be represented by All(F ), where the variable F denotes a truth-valued function. Isabelle represents the rule A ∀x.A by the axiomThe introduction rule is subject to the proviso that x is not free in the assumptions.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.