pattern matching spi calculus
play

Pattern-Matching Spi-Calculus A Type System for Cryptographic - PowerPoint PPT Presentation

Jul 21, 2023 •227 likes •779 views

Pattern-Matching Spi-Calculus A Type System for Cryptographic Protocols Christian Haack and Alan Jeffrey DePaul University, Chicago Pattern-Matching Spi-Calculus p.1/11 Types for Cryptographic Protocols Pattern-Matching Spi-Calculus

  1. Pattern-Matching Spi-Calculus A Type System for Cryptographic Protocols Christian Haack and Alan Jeffrey DePaul University, Chicago Pattern-Matching Spi-Calculus – p.1/11

  2. Types for Cryptographic Protocols Pattern-Matching Spi-Calculus – p.2/11

  3. Types for Cryptographic Protocols Spi-calculus: A small and abstract domain-specific language for cryptographic protocols: Abadi and Gordon [1997] Pattern-Matching Spi-Calculus – p.2/11

  4. Types for Cryptographic Protocols Spi-calculus: A small and abstract domain-specific language for cryptographic protocols: Abadi and Gordon [1997] Type systems for verifying secrecy or authenticity within the spi-calculus. Abadi [1999] Abadi and Blanchet [2001] Gordon and Jeffrey [2001, 2002] Pattern-Matching Spi-Calculus – p.2/11

  5. Types for Cryptographic Protocols Spi-calculus: A small and abstract domain-specific language for cryptographic protocols: Abadi and Gordon [1997] Type systems for verifying secrecy or authenticity within the spi-calculus. Abadi [1999] Abadi and Blanchet [2001] Gordon and Jeffrey [2001, 2002] Advantages of verification by type-checking: Type-checking is easier than proofs from first principles. Type-checking is automatable. Pattern-Matching Spi-Calculus – p.2/11

  6. Pattern-Matching Spi: Messages n | x | () | ( M, N ) | { | M | } N | { | M | } N − 1 ::= L, M, N | Enc ( M ) | Dec ( M ) Other constructors by translation to this core language: Pattern-Matching Spi-Calculus – p.3/11

  7. Pattern-Matching Spi: Messages n | x | () | ( M, N ) | { | M | } N | { | M | } N − 1 ::= L, M, N | Enc ( M ) | Dec ( M ) Other constructors by translation to this core language: Symmetric crypto: ∆ { M } k = { | M | } Enc ( k ) where k is a secret key pair Pattern-Matching Spi-Calculus – p.3/11

  8. Pattern-Matching Spi: Messages n | x | () | ( M, N ) | { | M | } N | { | M | } N − 1 ::= L, M, N | Enc ( M ) | Dec ( M ) Other constructors by translation to this core language: Symmetric crypto: ∆ { M } k = { | M | } Enc ( k ) where k is a secret key pair Message tagging: ∆ l ( M ) = { | M | } Enc ( l ) where l is a public “key” pair Pattern-Matching Spi-Calculus – p.3/11

  9. Pattern-Matching Spi: Messages n | x | () | ( M, N ) | { | M | } N | { | M | } N − 1 ::= L, M, N | Enc ( M ) | Dec ( M ) Other constructors by translation to this core language: Symmetric crypto: ∆ { M } k = { | M | } Enc ( k ) where k is a secret key pair Message tagging: ∆ l ( M ) = { | M | } Enc ( l ) where l is a public “key” pair Hashing: ∆ = hashtag ( { | M | } hashkey ) where hashkey is a public #( M ) encryption key with decryption part unknown to everybody Pattern-Matching Spi-Calculus – p.3/11

  10. Pattern-Matching Spi: Processes P, Q ::= out N M | inp N X ; P | new n : T ; P | ! P | P | Q | 0 Pattern-matching input; X is a pattern. Pattern-Matching Spi-Calculus – p.4/11

  11. Pattern-Matching Spi: Processes P, Q ::= out N M | inp N X ; P | new n : T ; P | ! P | P | Q | 0 Pattern-matching input; X is a pattern. x . M | ¯ where ¯ ::= { � A } A is a set of assertions X Pattern-Matching Spi-Calculus – p.4/11

  12. Pattern-Matching Spi: Processes P, Q ::= out N M | inp N X ; P | new n : T ; P | ! P | P | Q | 0 Pattern-matching input; X is a pattern. x . M | ¯ where ¯ ::= { � A } A is a set of assertions X Surface syntax has syntax sugar. For instance: ∆ } k − 1 | x : T } ; P inp N { | x : T | } k − 1 ; P = inp N { x . { | x | Pattern-Matching Spi-Calculus – p.4/11

  13. Pattern-Matching Spi: Processes P, Q ::= out N M | inp N X ; P | new n : T ; P | ! P | P | Q | 0 Pattern-matching input; X is a pattern. x . M | ¯ where ¯ ::= { � A } A is a set of assertions X Surface syntax has syntax sugar. For instance: ∆ } k − 1 | x : T } ; P inp N { | x : T | } k − 1 ; P = inp N { x . { | x | Syntactic restricitions: Members of binder � x must have a witness in M . Pattern-Matching Spi-Calculus – p.4/11

  14. Pattern-Matching Spi: Processes P, Q ::= out N M | inp N X ; P | new n : T ; P | ! P | P | Q | 0 Pattern-matching input; X is a pattern. x . M | ¯ where ¯ ::= { � A } A is a set of assertions X Surface syntax has syntax sugar. For instance: ∆ } k − 1 | x : T } ; P inp N { | x : T | } k − 1 ; P = inp N { x . { | x | Syntactic restricitions: Members of binder � x must have a witness in M . Input patterns must be Dolev-Yao-implementable. For } k − 1 | ¯ instance, { x, k . { | x | A } is not D-Y-implementable. Pattern-Matching Spi-Calculus – p.4/11

  15. Semantics of Pattern-Matching Dynamic semantics. x ← � x . M | ¯ x ← � out L M { � N } | inp L { � A } ; P → P { � N } Pattern-Matching Spi-Calculus – p.5/11

  16. Semantics of Pattern-Matching Dynamic semantics. x ← � x . M | ¯ x ← � out L M { � N } | inp L { � A } ; P → P { � N } Dynamic check that input message matches input message pattern M . Pattern-Matching Spi-Calculus – p.5/11

  17. Semantics of Pattern-Matching Dynamic semantics. x ← � x . M | ¯ x ← � out L M { � N } | inp L { � A } ; P → P { � N } Dynamic check that input message matches input message pattern M . Dynamic semantics ignores the assertion set ¯ A . Pattern-Matching Spi-Calculus – p.5/11

  18. Semantics of Pattern-Matching Dynamic semantics. x ← � x . M | ¯ x ← � out L M { � N } | inp L { � A } ; P → P { � N } Dynamic check that input message matches input message pattern M . Dynamic semantics ignores the assertion set ¯ A . Static semantics. E ⊢ ¯ x ← � A { � N } x . M | ¯ x ← � E ⊢ M { � N } ∈ { � A } Pattern-Matching Spi-Calculus – p.5/11

  19. Semantics of Pattern-Matching Dynamic semantics. x ← � x . M | ¯ x ← � out L M { � N } | inp L { � A } ; P → P { � N } Dynamic check that input message matches input message pattern M . Dynamic semantics ignores the assertion set ¯ A . Static semantics. E ⊢ ¯ x ← � A { � N } x . M | ¯ x ← � E ⊢ M { � N } ∈ { � A } Static check that assertion set ¯ A holds after input. Pattern-Matching Spi-Calculus – p.5/11

  20. Semantics of Pattern-Matching Dynamic semantics. x ← � x . M | ¯ x ← � out L M { � N } | inp L { � A } ; P → P { � N } Dynamic check that input message matches input message pattern M . Dynamic semantics ignores the assertion set ¯ A . Static semantics. E ⊢ ¯ x ← � A { � N } x . M | ¯ x ← � E ⊢ M { � N } ∈ { � A } Static check that assertion set ¯ A holds after input. ¯ A may be viewed as checked input post-condition. Pattern-Matching Spi-Calculus – p.5/11

  21. Correspondence Assertions A → B ( m, A, B ) ∆ = new m : T ; out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; P B Pattern-Matching Spi-Calculus – p.6/11

  22. Correspondence Assertions A !begins “ A sends m to B ” A → B ( m, A, B ) B ends “ A sends m to B ” ∆ = new m : T ; begin !( m, A, B ); out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; end ( x, p, B ) P B Pattern-Matching Spi-Calculus – p.6/11

  23. Correspondence Assertions A !begins “ A sends m to B ” A → B ( m, A, B ) B ends “ A sends m to B ” ∆ = new m : T ; begin !( m, A, B ); out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; end ( x, p, B ) P B A process is safe iff in every run every end-assertion is preceeded by a matching begin-assertion. Pattern-Matching Spi-Calculus – p.6/11

  24. Correspondence Assertions A !begins “ A sends m to B ” A → B ( m, A, B ) B ends “ A sends m to B ” ∆ = new m : T ; begin !( m, A, B ); out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; end ( x, p, B ) P B A process is safe iff in every run every end-assertion is preceeded by a matching begin-assertion. P A | P B is safe. Pattern-Matching Spi-Calculus – p.6/11

  25. Correspondence Assertions A !begins “ A sends m to B ” A → B ( m, A, B ) B ends “ A sends m to B ” ∆ = new m : T ; begin !( m, A, B ); out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; end ( x, p, B ) P B A process is safe iff in every run every end-assertion is preceeded by a matching begin-assertion. P A | P B is safe. A process P is robustly safe iff P | O is safe for all opponents O . Pattern-Matching Spi-Calculus – p.6/11

  26. Correspondence Assertions A !begins “ A sends m to B ” A → B ( m, A, B ) B ends “ A sends m to B ” ∆ = new m : T ; begin !( m, A, B ); out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; end ( x, p, B ) P B A process is safe iff in every run every end-assertion is preceeded by a matching begin-assertion. P A | P B is safe. A process P is robustly safe iff P | O is safe for all opponents O . P A | P B is not robustly safe. Pattern-Matching Spi-Calculus – p.6/11

  27. Correspondence Assertions A !begins “ A sends m to B ” A → B ( m, A, B ) B ends “ A sends m to B ” ∆ = new m : T ; begin !( m, A, B ); out net ( m, A, B ) P A inp net { x, p . ( x, p, B ) | ¯ ∆ = A ( x, p ) } ; end ( x, p, B ) P B A process is safe iff in every run every end-assertion is preceeded by a matching begin-assertion. P A | P B is safe. A process P is robustly safe iff P | O is safe for all opponents O . P A | P B is not robustly safe. Theorem: Every well-typed process is robustly safe. Pattern-Matching Spi-Calculus – p.6/11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern

Pattern Matching a b a c a a b 1 a b a c a b 4 3 2 a b a c a b Pattern Matching 1 Outline and Reading Strings (11.1) Pattern matching algorithms Brute-force algorithm (11.2.1) Boyer-Moore algorithm (11.2.2)

612 views • 14 slides
Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching

Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching

Introduction Background Deliverables & Methodology State of research Concurrent Pattern Matching: combining discovery, privacy and symmetry using pattern matching Thomas Given-Wilson, University of Technology, Sydney Supervisor:

559 views • 21 slides
Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

CSC209 Fall 2001 What is AWK? Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern matches, do something Many details handled automatically very easy to one off (write and throw away)

673 views • 12 slides
Globbing, pattern matching Globbing is the term used for bashs form of pattern matching in

Globbing, pattern matching Globbing is the term used for bashs form of pattern matching in

Globbing, pattern matching Globbing is the term used for bashs form of pattern matching in commands It is used when we want to use a pattern to describe a set of strings, e.g. all filenames ending in .c, all directories that have a

755 views • 5 slides
Quantum pattern matching fast on average Ashley Montanaro Department of Computer Science,

Quantum pattern matching fast on average Ashley Montanaro Department of Computer Science,

Quantum pattern matching fast on average Ashley Montanaro Department of Computer Science, University of Bristol, UK 12 January 2015 Pattern matching In the traditional pattern matching problem, we seek to find a pattern P : [ m ] within

1.25k views • 53 slides
LPEG: a new approach to pattern LPEG: a new approach to pattern matching in Lua matching in Lua

LPEG: a new approach to pattern LPEG: a new approach to pattern matching in Lua matching in Lua

LPEG: a new approach to pattern LPEG: a new approach to pattern matching in Lua matching in Lua Roberto Ierusalimschy (real) regular expressions (real) regular expressions inspiration for most pattern-matching tools Ken Thompson, 1968

1.05k views • 58 slides
CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix

CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix

CS 126 Lecture T1: Pattern Matching Outline Introduction Pattern matching in Unix Regular expressions in Unix Regular expressions as formal languages Finite State Automata Conclusions CS126 14-1 Randy Wang Introduction

431 views • 41 slides
Pattern matching and lexing Informatics 2A: Lecture 6 John Longley School of Informatics

Pattern matching and lexing Informatics 2A: Lecture 6 John Longley School of Informatics

Pattern matching Lexing Pattern matching and lexing Informatics 2A: Lecture 6 John Longley School of Informatics University of Edinburgh jrl@inf.ed.ac.uk 30 September, 2011 1 / 15 Pattern matching Lexing 1 Pattern matching grep and its

495 views • 15 slides
CSE182-L6 P-value and E-value Dicitionary matching Pattern matching October 09 CSE182 Why is

CSE182-L6 P-value and E-value Dicitionary matching Pattern matching October 09 CSE182 Why is

CSE182-L6 P-value and E-value Dicitionary matching Pattern matching October 09 CSE182 Why is BLAST fast? Assume that keyword searching does not consume any time and that alignment computation the expensive step. Query m=1000, random

433 views • 18 slides
CSE182-L7 Dicitionary matching Pattern matching October 09 CSE182 Dictionary Matching

CSE182-L7 Dicitionary matching Pattern matching October 09 CSE182 Dictionary Matching

CSE182-L7 Dicitionary matching Pattern matching October 09 CSE182 Dictionary Matching 1:POTATO P O T A S T P O T A T O 2:POTASSIUM 3:TASTE database dictionary Q: Given k words (s i has length l i ) , and a database of size n, find

1.35k views • 58 slides
Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p 1 p n and text t = t 1 t m Output: All positions 1< i < ( m n + 1) such that the n - letter substring of t starting at i matches p

657 views • 19 slides
Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p

Exact Pattern Matching p t Goal: Find all occurrences of a pattern in a text Input: Pattern p = p 1 p n and text t = t 1 t m Output: All positions 1< i < ( m n + 1) such that the n - letter substring of t starting at i matches p

486 views • 24 slides
CS 10: Problem solving via Object Oriented Programming Pattern Matching 2 Agenda 1. Pattern

CS 10: Problem solving via Object Oriented Programming Pattern Matching 2 Agenda 1. Pattern

CS 10: Problem solving via Object Oriented Programming Pattern Matching 2 Agenda 1. Pattern matching to validate input Regular expressions Deterministic/Non-Deterministic Finite Automata (DFA/NFA) 2. Finite State Machines (FSM)

927 views • 65 slides
String Matching String matching problem: string T (text) and string P (pattern) over an

String Matching String matching problem: string T (text) and string P (pattern) over an

String Matching String matching problem: string T (text) and string P (pattern) over an alphabet . String Matching |T| = n, |P| = m. Report all starting positions of occurrences of P in T. Inge Li Grtz P = a b a b a c a T

468 views • 9 slides
Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU

Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU

Pattern matching without K Jesper Cockx Dominique Devriese Frank Piessens DistriNet KU Leuven 3 September 2014 How can we recognize definitions by pattern matching that do not depend on K? By taking identity proofs into account during

726 views • 38 slides
Text Processing We have seen that preprocessing the pattern speeds up pattern matching

Text Processing We have seen that preprocessing the pattern speeds up pattern matching

T RIES Standard Tries Compressed Tries Suffix Tries b s e i u e t a l d l y l o r l l l c p k Tries 1 Text Processing We have seen that preprocessing the pattern speeds up pattern matching queries

292 views • 11 slides
PSEUDOSPECTRA o Application of eigenvalue o Pseudospectra definition D E F I N I T I O N S A N D

PSEUDOSPECTRA o Application of eigenvalue o Pseudospectra definition D E F I N I T I O N S A N D

29/09/1438 OVERVI EW PSEUDOSPECTRA o Application of eigenvalue o Pseudospectra definition D E F I N I T I O N S A N D o Examples of pseudospectra A P P L I C A T I O N S o Normal matrices o Ill-condition problems S U P E R V I S O R D R . N

255 views • 6 slides
Star Formation across cosmic time Florent Renaud & Oscar Agertz Lund Observatory Polaris

Star Formation across cosmic time Florent Renaud & Oscar Agertz Lund Observatory Polaris

Star Formation across cosmic time Florent Renaud & Oscar Agertz Lund Observatory Polaris (Andr et al. 2010) Universality ... Filamentary structure Diameter (~0.1 pc) Knots = pre-stellar cores Taurus (Palmeirim et al. 2013)

171 views • 16 slides
Valuative invariants for polymatroids Harm Derksen 1 Alex Fink 2 1 University of Michigan 2 UC

Valuative invariants for polymatroids Harm Derksen 1 Alex Fink 2 1 University of Michigan 2 UC

Valuative invariants for polymatroids Harm Derksen 1 Alex Fink 2 1 University of Michigan 2 UC Berkeley North Carolina State arXiv:0908.2988 FPSAC 2010 August 5, 2010 Derksen, Fink Valuative invariants for polymatroids 1 / 21 Outline

327 views • 31 slides
Toward Software Engineering in Practice Michael Hilton 1 17-214 Software Engineering

Toward Software Engineering in Practice Michael Hilton 1 17-214 Software Engineering

Toward Software Engineering in Practice Michael Hilton 1 17-214 Software Engineering Administrivia Final Exam: Monday, May 6, 2019 5:30 p.m. to 8:30 p.m. Review Session Saturday, May 4th, 1-3pm in NSH 3305 For full points, you should have

150 views • 13 slides
Osama Khan and Randal Burns, Johns Hopkins University James Plank, University of Tennessee Cheng

Osama Khan and Randal Burns, Johns Hopkins University James Plank, University of Tennessee Cheng

Osama Khan and Randal Burns, Johns Hopkins University James Plank, University of Tennessee Cheng Huang, Microsoft Research How do we ensure data reliability Replication (easy but inefficient) Erasure Coding (complex but efficient)

609 views • 16 slides
Distributed intelligence in multi agent systems Usman Khan Department of Electrical and

Distributed intelligence in multi agent systems Usman Khan Department of Electrical and

Department of Electrical and Computer Engineering Distributed intelligence in multi agent systems Usman Khan Department of Electrical and Computer Engineering Tufts University Workshop on Distributed Optimization, Information Processing, and

678 views • 30 slides
Regret bounds for online variational inference Pierre Alquier ACML Nagoya, Nov. 18, 2019

Regret bounds for online variational inference Pierre Alquier ACML Nagoya, Nov. 18, 2019

Regret bounds for online variational inference Pierre Alquier ACML Nagoya, Nov. 18, 2019 Pierre Alquier, RIKEN AIP Regret bounds for online variational inference Co-authors Emtiyaz Khan Badr-Eddine Chrief-Abdellatif Approximate

779 views • 45 slides
Workflow in General Practices Dr. Urooj R. Khan Introduction 1. PCEHR/MyHR been live for more

Workflow in General Practices Dr. Urooj R. Khan Introduction 1. PCEHR/MyHR been live for more

The MyHealthRecord Impacts On Patient Workflow in General Practices Dr. Urooj R. Khan Introduction 1. PCEHR/MyHR been live for more than five years with over $1billion investment experienced slow progress in adoption now have 9 out

373 views • 20 slides

More recommend