2005
DOI: 10.3233/jcs-2005-13306
|View full text |Cite
|
Sign up to set email alerts
|

Symbolic protocol analysis with an Abelian group operator or Diffie–Hellman exponentiation

Abstract: We demonstrate that for any well-defined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully automated formal analysis of protocols that employ primitives such as Diffie-Hellman exponentiation, multiplication, and xor, with a bounded number of role instances, but without imposing any bounds on the size of term… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
17
0

Year Published

2006
2006
2017
2017

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 17 publications
(17 citation statements)
references
References 35 publications
(59 reference statements)
0
17
0
Order By: Relevance
“…For example, this is the case for the DES and for the more recent AES that rely on the properties of exclusive or. Therefore, a current trend in the formal model approach is to relax the perfect cryptography hypothesis in order to accommodate for these algebraic properties, and several new decidability results have been obtained, for instance in the case of exclusive or (ACUN), Abelian groups (AG), and weak models of modular exponentiation [CKRT03,CLS03,CKR + 03, MS05]. A weakness of these approaches is their lack of generality since each new theory requires a new complex proof.…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations
“…For example, this is the case for the DES and for the more recent AES that rely on the properties of exclusive or. Therefore, a current trend in the formal model approach is to relax the perfect cryptography hypothesis in order to accommodate for these algebraic properties, and several new decidability results have been obtained, for instance in the case of exclusive or (ACUN), Abelian groups (AG), and weak models of modular exponentiation [CKRT03,CLS03,CKR + 03, MS05]. A weakness of these approaches is their lack of generality since each new theory requires a new complex proof.…”
Section: Introductionmentioning
confidence: 99%
“…As far as we know this is the most general result for theories involving AC axioms. Our procedure is inspired by the work done by J. Millen and V. Shmatikov for the Abelian group theory [MS05] but it is different in several aspects: it handles monoidal theories, and we have devised a characterization of welldefined systems that relies on classical linear algebra concepts. Furthermore, our resolution for solving quadratic Diophantine equations is different and more general than the procedure of [MS05].…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…SALARY SUM, IKA.1, MAKEP [21] ). [18,15,32,23,35] The IDP for Abelian Groups (and XOR) can be decided in non-deterministic polynomial time; Comon-Lundh and Shmatikov [18] prove this result using the strategy of normal proofs and McAllester's locality property [34].…”
Section: Related Workmentioning
confidence: 99%
“…Millen and Shmatikov [35] investigate a constraint solving technique that reduces the security problem for active intruders for Abelian Groups to a system of quadratic Diophantine equations, but the decidability was obtained by Shmatikov in [38], by reducing the initial problem to the solvability of a particular system of quadratic Diophantine equations, for the case of bounded number of sessions. [13,30] The IDP for the equational theory modelling an electronic purse protocol was investigated in [13].…”
Section: Ag: Comparison Withmentioning
confidence: 99%