We prove properties of a process calculus that is designed for analyzing security protocols. Our long-term goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomial-time protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence. The process calculus is a variant of CCS, with bounded replication and probabilistic polynomial-time expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over possible environments that might interact with the protocol. We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, well-known in cryptography, that ElGamal encryption’s semantic security is equivalent to the (computational) Decision Diffie-Hellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security.

Compare first-order functional programs with higher-order programs allowing functions as function parameters. Can the the first program class solve fewer problems than the second? The answer is no: both classes are Turing complete, meaning that they can compute all partial recursive functions. In particular, higher-order values may be first-order simulated by use of the list constructor ‘cons’ to build function closures. This paper uses complexity theory to prove some expressivity results about small programming languages that are less than Turing complete. Complexity classes of decision problems are used to characterize the expressive power of functional programming language features. An example: second-order programs are more powerful than first-order, since a function f of type [Bool]-〉Bool is computable by a cons-free first-order functional program if and only if f is in PTIME, whereas f is computable by a cons-free second-order program if and only if f is in EXPTIME. Exact characterizations are given for those problems of type [Bool]-〉Bool solvable by programs with several combinations of operations on data: presence or absence of constructors; the order of data values: 0, 1, or higher; and program control structures: general recursion, tail recursion, primitive recursion.

Applicative theories form the basis of Feferman's systems of explicit mathematics, which have been introduced in the early seventies. In an applicative universe, all individuals may be thought of as operations, which can freely be applied to each other: self-application is meaningful, but not necessarily total. It has turned out that theories with self-application provide a natural setting for studying notions of abstract computability, especially from a proof-theoretic perspective.

, and Vitaly Shmatikov 2 1 Stanford University

We provide a natural characterization of the type two Mehlhorn-CookUrquhart basic feasible functionals as the provably total type two functionals of our (classical) applicative theory PT introduced in [27], thus providing a proof of a result claimed in the conclusion of [27].

We give a realizability model of Girard-Scedrov-Scott's Bounded Linear Logic (BLL). This gives a new proof that all numerical functions representable in that system are polytime. Our analysis naturally justifies the design of the BLL syntax and suggests further extensions. 1 Introduction Bounded Linear Logic (BLL) [3] was an early attempt to provide an intrinsic notion of polynomial time computation within a logical system. That is, the aim was not merely to express polynomial time computability in terms of provability of certain restricted formulas, but rather to provide a typed logical system in which computation via cut-elimination or proof normalization is inherently polytime. Since the appearance of this paper, several di#erent typed functional systems for analyzing ptime computability have appeared in the literature [5, 4, 10, 11, 6, 7]. For deeper foundational purposes, we should mention Girard's Light Linear Logic (LLL) [4] as a major improvement of the syntax of BLL, in that...

Abstract not found

This is a survey paper on various weak systems of Feferman’s explicit mathematics and their proof theory. The strength of the systems considered in measured in terms of their provably terminating operations typically belonging to some natural classes of computational time or space complexity. Keywords: Proof theory, Feferman’s explicit mathematics, applicative theories, higher types, types and names, partial truth, feasible operations 1

We give a realizability model of Girard-Scedrov-Scott's Bounded Linear Logic (BLL). This gives a new proof that all numerical functions representable in that system are polytime. Our analysis naturally justifies the design of the BLL syntax and suggests further extensions. 1 Introduction Bounded Linear Logic (BLL) [3] was an early attempt to provide an intrinsic notion of polynomial time computation within a logical system. That is, the aim was not merely to express polynomial time computability in terms of provability of certain restricted formulas, but rather to provide a typed logical system in which computation via cut-elimination or proof normalization is inherently polytime. Since the appearance of this paper, several di#erent typed functional systems for analyzing ptime computability have appeared in the literature [5, 4, 10, 11, 6, 7]. For deeper foundational purposes, we should mention Girard's Light Linear Logic (LLL) [4] as a major improvement of the syntax of BLL, in that...