Automating Security Analysis: Symbolic Equivalence of Constraint Systems

We consider security properties of cryptographic protocols, that are either trace properties (such as confidentiality or authenticity) or equivalence properties (such as anonymity or strong secrecy). Infinite sets of possible traces are symbolically represented using deducibility constraints. We give a new algorithm that decides the trace equivalence for the traces that are represented using such constraints, in the case of signatures, symmetric and asymmetric encryptions. Our algorithm is implemented and performs well on typical benchmarks. This is the first implemented algorithm, deciding symbolic trace equivalence

Trace Equivalence Decision: Negative Tests and Non-determinism

We consider security properties of cryptographic protocols that can be modeled using the notion of trace equivalence. The notion of equivalence is crucial when specifying privacy-type properties, like anonymity, vote-privacy, and unlinkability. In this paper, we give a calculus that is close to the applied pi calculus and that allows one to capture most existing protocols that rely on classical cryptographic primitives. First, we propose a symbolic semantics for our calculus relying on constraint systems to represent infinite sets of possible traces, and we reduce the decidability of trace equivalence to deciding a notion of symbolic equivalence between sets of constraint systems. Second, we develop an algorithm allowing us to decide whether two sets of constraint systems are in symbolic equivalence or not. Altogether, this yields the first decidability result of trace equivalence for a general class of processes that may involve else branches and/or private channels (for a bounded number of sessions)

The Equivalence Theorem in Effective Theories

The famous equivalence theorem is reexamined in order to make it applicable to the case of intrinsically quantum infinite-component effective theories. We slightly modify the formulation of this theorem and prove it basing on the notion of generating functional for Green functions. This allows one to trace (directly in terms of graphs) the mutual cancelation of different groups of contributions.Comment: 21 pages, 7 figures; v2: Section 4 is modified, plus minor corrections in other sections, version accepted for publication in PR

A Quantal Tolman Temperature

The conventional Tolman temperature based on the assumption of the traceless condition of energy-momentum tensor for matter fields is infinite at the horizon if Hawking radiation is involved. However, we note that the temperature associated with Hawking radiation is of relevance to the trace anomaly, which means that the traceless condition should be released. So, a trace anomaly-induced Stefan-Boltzmann law is newly derived by employing the first law of thermodynamics and the property of the temperature independence of the trace anomaly. Then, the Tolman temperature is quantum-mechanically generalized according to the anomaly-induced Stefan-Boltzmann law. In an exactly soluble model, we show that the Tolman factor does not appear in the generalized Tolman temperature which is eventually finite everywhere, in particular, vanishing at the horizon. It turns out that the equivalence principle survives at the horizon with the help of the quantum principle, and some puzzles related to the Tolman temperature are also resolved.Comment: 5 pages, 1 figure, version to appear in EPJ

A procedure for deciding symbolic equivalence between sets of constraint systems

We consider security properties of cryptographic protocols that can be modeled using the notion of trace equivalence. The notion of equivalence is crucial when specifying privacy-type properties, like anonymity, vote-privacy, and unlinkability. Infinite sets of possible traces are symbolically represented using deducibility constraints. We describe an algorithm that decides trace equivalence for protocols that use standard primitives (e.g., signatures, symmetric and asymmetric encryptions) and that can be represented using such constraints. More precisely, we consider symbolic equivalence between sets of constraint systems, and we also consider disequations. Considering sets and disequations is actually crucial to decide trace equivalence for a general class of processes that may involve else branches and/or private channels (for a bounded number of sessions). Our algorithm for deciding symbolic equivalence between sets of constraint systems is implemented and performs well in practice. Unfortunately, it does not scale up well for deciding trace equivalence between processes. This is however the first implemented algorithm deciding trace equivalence on such a large class of processes