Results 1 
2 of
2
A Bisimulation Method for Cryptographic Protocols
, 1998
"... We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts. Bisimulation is the basis of an effective proof technique, which yields proofs of classical security properti ..."
Abstract

Cited by 79 (5 self)
 Add to MetaCart
We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts. Bisimulation is the basis of an effective proof technique, which yields proofs of classical security properties of protocols and also justifies certain protocol optimizations. The setting for our work is the spi calculus, an extension of the pi calculus with cryptographic primitives. We prove the soundness of the bisimulation proof technique within the spi calculus.
The Game of the Name in Cryptographic Tables
, 1999
"... We present a namepassing calculus that can be regarded as a simplified picalculus equipped with a cryptographic table. The latter is a data structure representing the relationships among names. We illustrate how the calculus may be used for modelling cryptographic protocols relying on symmetric sh ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
We present a namepassing calculus that can be regarded as a simplified picalculus equipped with a cryptographic table. The latter is a data structure representing the relationships among names. We illustrate how the calculus may be used for modelling cryptographic protocols relying on symmetric shared keys and verifying secrecy and authenticity properties. Following classical approaches [3], we formulate the verification task as a reachability problem and prove its decidability assuming finite principals and bounds on the sorts of the messages synthesized by the attacker.