Task-structured probabilistic I/O automata

Modeling frameworks such as probabilistic I/O automata (PIOA) and Markov decision processes permit both probabilistic and nondeterministic choices. In order to use such frameworks to express claims about probabilities of events, one needs mechanisms for resolving the nondeterministic choices. For PIOAs, nondeterministic choices have traditionally been resolved by schedulers that have perfect information about the past execution. However, such schedulers are too powerful for certain settings, such as cryptographic protocol analysis, where information must sometimes be hidden. Here, we propose a new, less powerful nondeterminism-resolution mechanism for PIOAs, consisting of tasks and local schedulers. Tasks are equivalence classes of system actions that are scheduled by oblivious, global task sequences. Local schedulers resolve nondeterminism within system components, based on local information only. The resulting task-PIOA framework yields simple notions of external behavior and implementation, and supports simple compositionality results. We also define a new kind of simulation relation, and show it to be sound for proving implementation. We illustrate the potential of the task-PIOA framework by outlining its use in verifying an oblivious transfer protocol.

[1]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[2]  Leonid A. Levin,et al.  Fair Computation of General Functions in Presence of Immoral Majority , 1990, CRYPTO.

[3]  Nancy A. Lynch,et al.  Observing Branching Structure through Probabilistic Contexts , 2007, SIAM J. Comput..

[4]  John C. Mitchell,et al.  Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus , 2003, CONCUR.

[5]  Nancy A. Lynch,et al.  Using Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol , 2005, IACR Cryptol. ePrint Arch..

[6]  Ran Canetti,et al.  Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols , 2006, DISC.

[7]  Birgit Pfitzmann,et al.  A General Framework for Formal Notions of "Secure" Systems , 1994 .

[8]  Birgit Pfitzmann,et al.  Secure Asynchronous Reactive Systems , 2004 .

[9]  Donald Beaver,et al.  Secure multiparty protocols and zero-knowledge proof systems tolerating a faulty minority , 2004, Journal of Cryptology.

[10]  Nancy A. Lynch,et al.  Forward and Backward Simulations: I. Untimed Systems , 1995, Inf. Comput..

[11]  John C. Mitchell,et al.  A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols , 2005, Theor. Comput. Sci..

[12]  Ralf Küsters,et al.  On the Relationships Between Notions of Simulation-Based Security , 2005, TCC.

[13]  L. D. Alfaro The Verification of Probabilistic Systems Under Memoryless Partial-Information Policies is Hard , 1999 .

[14]  Birgit Pfitzmann,et al.  The reactive simulatability (RSIM) framework for asynchronous systems , 2007, Inf. Comput..

[15]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[16]  Nancy A. Lynch,et al.  Probabilistic Timed I/O Automata with Continuous State Spaces , 2006 .

[17]  Michael O. Rabin,et al.  The choice coordination problem , 1982, Acta Informatica.

[18]  Erik P. de Vink,et al.  Probabilistic Automata: System Types, Parallel Composition and Comparison , 2004, Validation of Stochastic Systems.

[19]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[20]  L. Kantorovitch,et al.  On the Translocation of Masses , 1958 .

[21]  Ling Cheung,et al.  Causal Dependencies in Parallel Composition of Stochastic Processes , 2005 .

[22]  Nancy A. Lynch,et al.  Proving Approximate Implementations for Probabilistic I/O Automata , 2007, PDPAR/PaUL@FLoC.

[23]  James Aspnes,et al.  Randomized protocols for asynchronous consensus , 2002, Distributed Computing.

[24]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[25]  Christel Baier,et al.  Model checking for a probabilistic branching time logic with fairness , 1998, Distributed Computing.

[26]  Nancy A. Lynch,et al.  Proving time bounds for randomized distributed algorithms , 1994, PODC '94.

[27]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[28]  Jacques Stern,et al.  On the Fly Authentication and Signature Schemes Based on Groups of Unknown Order , 2006, Journal of Cryptology.

[29]  Kim Guldstrand Larsen,et al.  Specification and refinement of probabilistic processes , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[30]  Maurice Herlihy,et al.  Fast Randomized Consensus Using Shared Memory , 1990, J. Algorithms.

[31]  Ling Cheung,et al.  Verifying Statistical Zero Knowledge with Approximate Implementations , 2007, IACR Cryptol. ePrint Arch..

[32]  Tushar Deepak Chandra Polylog randomized wait-free consensus , 1996, PODC '96.

[33]  Michael A. Bender,et al.  Efficient low-contention asynchronous consensus with the value-oblivious adversary scheduler , 2004, Distributed Computing.

[34]  Ran Canetti,et al.  Using task-structured probabilistic I/O automata to analyze cryptographic protocols , 2006 .

[35]  Frits W. Vaandrager,et al.  Root Contention in IEEE 1394 , 1999, ARTS.

[36]  Martin L. Puterman,et al.  Markov Decision Processes: Discrete Stochastic Dynamic Programming , 1994 .

[37]  Cyrus Derman,et al.  Finite State Markovian Decision Processes , 1970 .

[38]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[39]  Roberto Segala,et al.  Verification of the randomized consensus algorithm of Aspnes and Herlihy: a case study , 2000, Distributed Computing.

[40]  Nancy A. Lynch,et al.  Approximate Simulations for Task-Structured Probabilistic I/O Automata , 2006 .

[41]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[42]  Ran Canetti,et al.  Compositional Security for Task-PIOAs , 2007, CSF.

[43]  Leslie Pack Kaelbling,et al.  Planning and Acting in Partially Observable Stochastic Domains , 1998, Artif. Intell..

[44]  Roberto Segala,et al.  Modeling and verification of randomized distributed real-time systems , 1996 .

[45]  Nancy A. Lynch,et al.  Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[46]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[47]  Nancy A. Lynch,et al.  Using Task-Structured Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol , 2006 .

[48]  Ming-Deh A. Huang,et al.  Proof of proposition 1 , 1992 .

[49]  Nancy A. Lynch,et al.  Switched PIOA: Parallel composition via distributed scheduling , 2006, Theor. Comput. Sci..

[50]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.

[51]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[52]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[53]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[54]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[55]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[56]  John C. Mitchell,et al.  Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols , 2004, FoSSaCS.

[57]  Nancy A. Lynch,et al.  Compositionality for Probabilistic Automata , 2003, CONCUR.

[58]  Nancy A. Lynch,et al.  On the Role of Scheduling in Simulation-Based Security , 2007, IACR Cryptol. ePrint Arch..