Results 1  10
of
15
A probabilistic polynomialtime calculus for analysis of cryptographic protocols
 Electronic Notes in Theoretical Computer Science
, 2001
"... We prove properties of a process calculus that is designed for analyzing security protocols. Our longterm goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomialtime protocol steps, a spec ..."
Abstract

Cited by 45 (8 self)
 Add to MetaCart
We prove properties of a process calculus that is designed for analyzing security protocols. Our longterm goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomialtime protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence. The process calculus is a variant of CCS, with bounded replication and probabilistic polynomialtime expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over possible environments that might interact with the protocol. We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, wellknown in cryptography, that ElGamal encryption’s semantic security is equivalent to the (computational) Decision DiffieHellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security.
The Expressive Power of Higherorder Types or, Life without CONS
, 2001
"... Compare firstorder functional programs with higherorder programs allowing functions as function parameters. Can the the first program class solve fewer problems than the second? The answer is no: both classes are Turing complete, meaning that they can compute all partial recursive functions. In pa ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
Compare firstorder functional programs with higherorder programs allowing functions as function parameters. Can the the first program class solve fewer problems than the second? The answer is no: both classes are Turing complete, meaning that they can compute all partial recursive functions. In particular, higherorder values may be firstorder simulated by use of the list constructor ‘cons’ to build function closures. This paper uses complexity theory to prove some expressivity results about small programming languages that are less than Turing complete. Complexity classes of decision problems are used to characterize the expressive power of functional programming language features. An example: secondorder programs are more powerful than firstorder, since a function f of type &lsqb;Bool&rsqb;〉Bool is computable by a consfree firstorder functional program if and only if f is in PTIME, whereas f is computable by a consfree secondorder program if and only if f is in EXPTIME. Exact characterizations are given for those problems of type &lsqb;Bool&rsqb;〉Bool solvable by programs with several combinations of operations on data: presence or absence of constructors; the order of data values: 0, 1, or higher; and program control structures: general recursion, tail recursion, primitive recursion.
Theories With SelfApplication and Computational Complexity
 Information and Computation
, 2002
"... Applicative theories form the basis of Feferman's systems of explicit mathematics, which have been introduced in the early seventies. In an applicative universe, all individuals may be thought of as operations, which can freely be applied to each other: selfapplication is meaningful, but n ..."
Abstract

Cited by 12 (9 self)
 Add to MetaCart
Applicative theories form the basis of Feferman's systems of explicit mathematics, which have been introduced in the early seventies. In an applicative universe, all individuals may be thought of as operations, which can freely be applied to each other: selfapplication is meaningful, but not necessarily total. It has turned out that theories with selfapplication provide a natural setting for studying notions of abstract computability, especially from a prooftheoretic perspective.
A ProofTheoretic Characterization of the Basic Feasible Functionals
 Theoretical Computer Science
, 2002
"... We provide a natural characterization of the type two MehlhornCookUrquhart basic feasible functionals as the provably total type two functionals of our (classical) applicative theory PT introduced in [27], thus providing a proof of a result claimed in the conclusion of [27]. ..."
Abstract

Cited by 7 (6 self)
 Add to MetaCart
We provide a natural characterization of the type two MehlhornCookUrquhart basic feasible functionals as the provably total type two functionals of our (classical) applicative theory PT introduced in [27], thus providing a proof of a result claimed in the conclusion of [27].
Unifying equivalencebased definitions of protocol security
 In WITS 2004
, 2004
"... , and Vitaly Shmatikov 2 1 Stanford University ..."
Realizability Models for BLLlike languages
, 2000
"... We give a realizability model of GirardScedrovScott's Bounded Linear Logic (BLL). This gives a new proof that all numerical functions representable in that system are polytime. Our analysis naturally justifies the design of the BLL syntax and suggests further extensions. 1 Introduction Boun ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
We give a realizability model of GirardScedrovScott's Bounded Linear Logic (BLL). This gives a new proof that all numerical functions representable in that system are polytime. Our analysis naturally justifies the design of the BLL syntax and suggests further extensions. 1 Introduction Bounded Linear Logic (BLL) [3] was an early attempt to provide an intrinsic notion of polynomial time computation within a logical system. That is, the aim was not merely to express polynomial time computability in terms of provability of certain restricted formulas, but rather to provide a typed logical system in which computation via cutelimination or proof normalization is inherently polytime. Since the appearance of this paper, several di#erent typed functional systems for analyzing ptime computability have appeared in the literature [5, 4, 10, 11, 6, 7]. For deeper foundational purposes, we should mention Girard's Light Linear Logic (LLL) [4] as a major improvement of the syntax of BLL, in that...
Weak theories of operations and types
"... This is a survey paper on various weak systems of Feferman’s explicit mathematics and their proof theory. The strength of the systems considered in measured in terms of their provably terminating operations typically belonging to some natural classes of computational time or space complexity. Keywor ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
This is a survey paper on various weak systems of Feferman’s explicit mathematics and their proof theory. The strength of the systems considered in measured in terms of their provably terminating operations typically belonging to some natural classes of computational time or space complexity. Keywords: Proof theory, Feferman’s explicit mathematics, applicative theories, higher types, types and names, partial truth, feasible operations 1