Results 1 
3 of
3
Symbolic protocol analysis with products and DiffieHellman exponentiation
, 2003
"... We demonstrate that for any welldefined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully aut ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
We demonstrate that for any welldefined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully automated formal analysis of protocols that employ primitives such as DiffieHellman exponentiation, multiplication, andxor, with a bounded number of role instances, but without imposing any bounds on the size of terms created by the attacker. 1
An Eunification algorithm for analyzing protocols that use modular exponentiation
, 2003
"... Modular multiplication and exponentiation are common operations in modern cryptography. Uni cation problems with respect to some equational theories that these operations satisfy are investigated. Two dierent but related equational theories are analyzed. A uni cation algorithm is given for one of ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
Modular multiplication and exponentiation are common operations in modern cryptography. Uni cation problems with respect to some equational theories that these operations satisfy are investigated. Two dierent but related equational theories are analyzed. A uni cation algorithm is given for one of the theories which relies on solving syzygies over multivariate integral polynomials with noncommuting indeterminates. For the other theory, in which the distributivity property of exponentiation over multiplication is assumed, the uni ability problem is shown to be undecidable by adapting a construction developed by one of the authors to reduce Hilbert's 10th problem to the solvability problem for linear equations over semirings. A new algorithm for computing strong Grobner bases of right ideals over the polynomial semiring Z<X 1 ; : : : ; Xn> is proposed; unlike earlier algorithms proposed by Baader as well as by Madlener and Reinert which work only for right admissible term orderings with the boundedness property, this algorithm works for any right admissible term ordering. The algorithms for some of these uni cation problems are expected to be integrated into Research supported in part by the NSF grant nos. CCR0098114 and CDA9503064, the ONR grant no. N000140110429, and a grant from the Computer Science Research Institute at Sandia National Labs.
Symbolic protocol analysis with an abelian group operator or DiffieHellman exponentiation
 Journal of Computer Security
, 2005
"... We demonstrate that for any welldefined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully aut ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
We demonstrate that for any welldefined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully automated formal analysis of protocols that employ primitives such as DiffieHellman exponentiation, multiplication, and xor, with a bounded number of role instances, but without imposing any bounds on the size of terms created by the attacker. 1