A framework for proving the correctness of cryptographic protocol properties by linear temporal logic

In this paper, a framework for cryptographic protocol analysis using linear temporal logic is proposed. The framework can be used to specify and analyse security protocols. It aims to investigate and analyse the security protocols properties that are secure or have any flaws. The framework extends the linear temporal logic by including the knowledge of participants in each status that may change over the time. It includes two main parts, the Language of Temporal Logic (LTL) and the domain knowledge. The ability of the framework is demonstrated by analysing the Needham-Schroeder public key protocol and the Andrew Secure RPC protocol as examples

On non-abelian homomorphic public-key cryptosystems

An important problem of modern cryptography concerns secret public-key computations in algebraic structures. We construct homomorphic cryptosystems being (secret) epimorphisms f:G --> H, where G, H are (publically known) groups and H is finite. A letter of a message to be encrypted is an element h element of H, while its encryption g element of G is such that f(g)=h. A homomorphic cryptosystem allows one to perform computations (operating in a group G) with encrypted information (without knowing the original message over H). In this paper certain homomorphic cryptosystems are constructed for the first time for non-abelian groups H (earlier, homomorphic cryptosystems were known only in the Abelian case). In fact, we present such a system for any solvable (fixed) group H.Comment: 15 pages, LaTe

Homomorphic public-key cryptosystems and encrypting boolean circuits

In this paper homomorphic cryptosystems are designed for the first time over any finite group. Applying Barrington's construction we produce for any boolean circuit of the logarithmic depth its encrypted simulation of a polynomial size over an appropriate finitely generated group

Modeling Adversaries in a Logic for Security Protocol Analysis

Logics for security protocol analysis require the formalization of an adversary model that specifies the capabilities of adversaries. A common model is the Dolev-Yao model, which considers only adversaries that can compose and replay messages, and decipher them with known keys. The Dolev-Yao model is a useful abstraction, but it suffers from some drawbacks: it cannot handle the adversary knowing protocol-specific information, and it cannot handle probabilistic notions, such as the adversary attempting to guess the keys. We show how we can analyze security protocols under different adversary models by using a logic with a notion of algorithmic knowledge. Roughly speaking, adversaries are assumed to use algorithms to compute their knowledge; adversary capabilities are captured by suitable restrictions on the algorithms used. We show how we can model the standard Dolev-Yao adversary in this setting, and how we can capture more general capabilities including protocol-specific knowledge and guesses.Comment: 23 pages. A preliminary version appeared in the proceedings of FaSec'0

Nondeterministic functions and the existence of optimal proof systems

We provide new characterizations of two previously studied questions on nondeterministic function classes: Q1: Do nondeterministic functions admit efficient deterministic refinements? Q2: Do nondeterministic function classes contain complete functions? We show that Q1 for the class is equivalent to the question whether the standard proof system for SAT is p-optimal, and to the assumption that every optimal proof system is p-optimal. Assuming only the existence of a p-optimal proof system for SAT, we show that every set with an optimal proof system has a p-optimal proof system. Under the latter assumption, we also obtain a positive answer to Q2 for the class . An alternative view on nondeterministic functions is provided by disjoint sets and tuples. We pursue this approach for disjoint -pairs and its generalizations to tuples of sets from and with disjointness conditions of varying strength. In this way, we obtain new characterizations of Q2 for the class . Question Q1 for is equivalent to the question of whether every disjoint -pair is easy to separate. In addition, we characterize this problem by the question of whether every propositional proof system has the effective interpolation property. Again, these interpolation properties are intimately connected to disjoint -pairs, and we show how different interpolation properties can be modeled by -pairs associated with the underlying proof system

Discovering, quantifying, and displaying attacks

In the design of software and cyber-physical systems, security is often perceived as a qualitative need, but can only be attained quantitatively. Especially when distributed components are involved, it is hard to predict and confront all possible attacks. A main challenge in the development of complex systems is therefore to discover attacks, quantify them to comprehend their likelihood, and communicate them to non-experts for facilitating the decision process. To address this three-sided challenge we propose a protection analysis over the Quality Calculus that (i) computes all the sets of data required by an attacker to reach a given location in a system, (ii) determines the cheapest set of such attacks for a given notion of cost, and (iii) derives an attack tree that displays the attacks graphically. The protection analysis is first developed in a qualitative setting, and then extended to quantitative settings following an approach applicable to a great many contexts. The quantitative formulation is implemented as an optimisation problem encoded into Satisfiability Modulo Theories, allowing us to deal with complex cost structures. The usefulness of the framework is demonstrated on a national-scale authentication system, studied through a Java implementation of the framework.Comment: LMCS SPECIAL ISSUE FORTE 201

The Art of Tokenization: Blockchain Affordances and the Invention of Future Milieus

International audienceTen years after the introduction of the Bitcoin protocol, an increasing number of art-tech startups and more or less independent initiatives have begun to explore second-generation blockchains such as Ethereum and the emergent practice of tokenization (i.e., the issuance of new cryptoassets primarily to self-fund decentralized projects) as a means to intervene in the structures and processes underlying the rampant financialization of art. Yet amidst the volatility of the cryptocurrency market, tokenization has been critiqued as a way to reinscribe and proliferate current financial logics in this new space. Acknowledging such critiques, in this essay I foreground the novelty of cryptotokens and blockchains by exploring different examples of how tokenization has been deployed in the art market-milieu. In spite of recent attempts to extend the scarcity-based paradigm to blockchains, I argue that cryptotokens do introduce differences in kind in the ways in which value generation and distribution are expressed and accounted for in digital environments. In this context, artistic approaches to tokenization can illuminate new aspects of the affordances of these technologies, toward the disintermediation of art production and its networked value from the current institutional-financial milieu. This can open up new ways to reimagine and reprogram financial and social relations, and gesture toward new opportunities and challenges for a practice of digital design focused on the ideation and realization of cryptoeconomic systems