Paper Info
Title
Transducer-based analysis of cryptographic protocols
Abstract
Cryptographic protocols can be divided into (1) protocols where the protocol steps are simple from a computational point of view and can thus be modeled by simple means, for instance, by single rewrite rules-we call these protocols non-looping-and (2) protocols, such as group protocols, where the protocol steps are complex and typically involve an iterative or recursive computation-we call them recursive. While much is known on the decidability of security for non-looping protocols, only little is known for recursive protocols. In this paper, we prove decidability of security (with respect to the standard Dolev-Yao intruder) for a core class of recursive protocols and undecidability for several extensions. The key ingredient of our protocol model is specifically designed tree transducers which work over infinite signatures and have the ability to generate new constants (which allow us to mimic key generation). The decidability result is based on an automata-theoretic construction which involves a new notion of regularity, designed to work well with the infinite signatures we use.
Year
DOI
Venue
2007
10.1016/j.ic.2007.08.003
Inf. Comput.
Keywords
Field
DocType
non-looping protocol,automatic analysis,transducers,recursive protocol,infinite signature,decidability result,cryptographic protocol,group protocol,cryptographic protocols,decidability,protocols non-looping-and,transducer-based analysis,protocol step,protocol model,recursive computation-we
Transducer,Discrete mathematics,Key generation,Cryptographic protocol,Iterative method,Computer science,Automaton,Algorithm,Decidability,Cryptographic primitive,Theoretical computer science,Recursion
Journal
Volume
Issue
ISSN
205
12
Information and Computation
Citations 
PageRank 
References 
2
0.37
31
Authors
2
Name
Order
Citations
PageRank
Ralf Küsters1101469.62
Thomas Wilke21028.76