Rémy Chrétien, Véronique Cortier, and Stéphanie Delaune. Checking trace equivalence: How to get rid of nonces?. In Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS'15), pp. 230–251, Lecture Notes in Computer Science, Springer, Vienna, Austria, September 2015.
Security protocols can be successfully analysed using formal methods. When proving security in symbolic settings for an unbounded number of sessions, a typical technique consists in abstracting away fresh nonces and keys by a bounded set of constants. While this abstraction is clearly sound in the context of secrecy properties (for protocols without else branches), this is no longer the case for equivalence properties.
In this paper, we study how to soundly get rid of nonces in the context of equivalence properties. We show that nonces can be replaced by constants provided that each nonce is associated to two constants (instead of typically one constant for secrecy properties). Our result holds for deterministic (simple) protocols and a large class of primitives that includes e.g. standard primitives, blind signatures, and zero-knowledge proofs.
@inproceedings{CCD-esorics15,
abstract = {Security protocols can be successfully analysed using
formal methods. When proving security in symbolic
settings for an unbounded number of sessions, a
typical technique consists in abstracting away fresh
nonces and keys by a bounded set of constants. While
this abstraction is clearly sound in the context of
secrecy properties (for protocols without else
branches), this is no longer the case for equivalence
properties.\par In this paper, we study how to
soundly get rid of nonces in the context of
equivalence properties. We show that nonces can be
replaced by constants provided that each nonce is
associated to two constants (instead of typically one
constant for secrecy properties). Our result holds
for deterministic (simple) protocols and a large
class of primitives that includes e.g. standard
primitives, blind signatures, and zero-knowledge
proofs.},
address = {Vienna, Austria},
author = {Chr{\'e}tien, R{\'e}my and Cortier, V{\'e}ronique and
Delaune, St{\'e}phanie},
booktitle = {{P}roceedings of the 20th {E}uropean {S}ymposium on
{R}esearch in {C}omputer {S}ecurity ({ESORICS}'15)},
OPTDOI = {10.1007/978-3-319-24177-7_12},
editor = {Ryan, Peter and Weippl, Edgar},
month = sep,
pages = {230-251},
publisher = {Springer},
series = {Lecture Notes in Computer Science},
title = {Checking trace equivalence: How to get rid of
nonces?},
year = {2015},
acronym = {{ESORICS}'15},
nmonth = {9},
OPTLONGPDF = {https://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/
rr-lsv-2015-07.pdf},
lsv-category = {intc},
wwwpublic = {public and ccsb},
}