
Symbolic Protocol Analysis with Products and DiffieHellman Exponentiation
by J. Millen & V. Shmatikov.
From 16th IEEE Computer Security Foundations Workshop. IEEE Computer Society. 2003. Pages 47–61.
Abstract
We demonstrate that for any welldefined cryptographic
protocol, the symbolic trace reachability problem in the
presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a particular system of
quadratic Diophantine equations. This result enables formal analysis of protocols that employ primitives such as
DiffieHellman exponentiation, products, and xor, with a
bounded number of role instances, but without imposing
any bounds on the size of terms created by the attacker. In
the case of xor, the resulting system of Diophantine equations is decidable. In the case of a general Abelian group,
decidability remains an open question, but our reduction
demonstrates that standard mathematical techniques for
solving systems of Diophantine equations are sufficient for
the discovery of protocol insecurities.
BibT_{E}X Entry
@InProceedings{MS03,
AUTHOR = {{J.} Millen and {V.} Shmatikov},
TITLE = {Symbolic protocol analysis with products and DiffieHellman exponentiation},
YEAR = {2003},
PAGES = {4761},
URL = {http://www.csl.sri.com/papers/csags/},
BOOKTITLE = {16th {IEEE} Computer Security Foundations Workshop},
ORGANIZATION = {{IEEE} Computer Society}
}
Files

