Flat and One-Variable Clauses for Single Blind Copying Protocols: The XOR Case

In cryptographic protocols with the single blind copying restriction, at most one piece of unknown data is allowed to be copied in each step of the protocol. The secrecy problem for such protocols can be modeled as the satisfiability problem for the class of first-order Horn clauses called flat and one-variable Horn clauses, and is known to be DEXPTIME-complete. We show that when an XOR operator is additionally present, then the secrecy problem is decidable in 3-EXPTIME. We also note that replacing XOR by the theory of associativity-commutativity or by the theory of Abelian groups, or removing some of the syntactic restrictions on the clauses, leads to undecidability.

[1]  Yannick Chevalier,et al.  Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents , 2003, FSTTCS.

[2]  Véronique Cortier,et al.  A survey of algebraic properties used in cryptographic protocols , 2006, J. Comput. Secur..

[3]  Véronique Cortier,et al.  New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols , 2003, RTA.

[4]  Kumar Neeraj Verma,et al.  Alternation in Equational Tree Automata Modulo XOR , 2004, FSTTCS.

[5]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[6]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[7]  Jaikumar Radhakrishnan,et al.  FST TCS 2003: Foundations of Software Technology and Theoretical Computer Science , 2004, Lecture Notes in Computer Science.

[8]  Véronique Cortier,et al.  Automatic Analysis of the Security of XOR-Based Key Management Schemes , 2007, TACAS.

[9]  Graham Steel,et al.  Deduction with XOR Constraints in Security API Modelling , 2005, CADE.

[10]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[11]  Hubert Comon,et al.  Tree automata techniques and applications , 1997 .

[12]  Kumar Neeraj Verma,et al.  Two-Way Equational Tree Automata for AC-Like Theories: Decidability and Closure Properties , 2003, RTA.

[13]  Thomas Schwentick,et al.  On the Complexity of Equational Horn Clauses , 2005, CADE.

[14]  Ralf Küsters,et al.  Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach , 2008, CCS.

[15]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[16]  Helmut Seidl,et al.  Flat and one-variable clauses: Complexity of verifying cryptographic protocols with single blind copying , 2005, TOCL.

[17]  Véronique Cortier Vérification automatique des protocoles cryptographiques , 2003 .

[18]  Véronique Cortier,et al.  Security properties: two agents are sufficient , 2004, Sci. Comput. Program..

[19]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[20]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[21]  Kousha Etessami,et al.  Verifying Probabilistic Procedural Programs , 2004, FSTTCS.

[22]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).