the applied pi calculus with proofs
play

The Applied Pi Calculus. . . with Proofs Bruno Blanchet INRIA - PowerPoint PPT Presentation

Aug 22, 2023 •279 likes •799 views

Introduction The language Main theorem Proof Conclusion The Applied Pi Calculus. . . with Proofs Bruno Blanchet INRIA Paris-Rocquencourt joint work with Mart n Abadi and C edric Fournet April 2015 Bruno Blanchet (INRIA) Applied

  1. Introduction The language Main theorem Proof Conclusion The Applied Pi Calculus. . . with Proofs Bruno Blanchet INRIA Paris-Rocquencourt joint work with Mart´ ın Abadi and C´ edric Fournet April 2015 Bruno Blanchet (INRIA) Applied pi calculus April 2015 1 / 47

  2. Introduction The language Main theorem Proof Conclusion The applied pi calculus Designed by Abadi and Fournet ( Mobile Values, New Names, and Secure Communication , POPL’01). Extension of the pi calculus with terms instead of names for messages. Language for modeling security protocols: Terms represent protocol messages. Function symbols represent cryptographic primitives. The properties of these primitives are modeled by equations. The input language of ProVerif is a dialect of the applied pi calculus. The applied pi calculus and ProVerif are widely used. Interesting to make them converge, with a solid theoretical foundation. Bruno Blanchet (INRIA) Applied pi calculus April 2015 2 / 47

  3. Introduction The language Main theorem Proof Conclusion Our contribution Minor changes to the language Closer to ProVerif Detailed proofs of all results Minor fixes; some side-conditions were not explicit 74 pages of proofs. . . Revised examples New example on indifferentiability Bruno Blanchet (INRIA) Applied pi calculus April 2015 3 / 47

  4. Introduction The language Main theorem Proof Conclusion Related work Avik Chaudhuri (private communication, 2007) found a counter-example to “observational equivalence equals labelled bisimilarity”, due to a missing side-condition. Bengtson et al, LICS’09 mentioned a similar counter-example; proposed a framework for defining various extensions of the pi calculus (psi-calculi), with machine-checked proofs. Jia Liu ( http://lcs.ios.ac.cn/~jliu/papers/LiuJia0608.pdf ) made the missing side-condition explicit, and gave a proof of “observational equivalence equals labelled bisimilarity”; closer to the original applied pi calculus paper; extension to a stateful variant (POST’14, with Arapinis, Ritter, and Ryan). Bruno Blanchet (INRIA) Applied pi calculus April 2015 4 / 47

  5. Introduction The language Main theorem Proof Conclusion Syntax: processes L , M , N , T , U , V ::= terms a , b , c , . . . , k , . . . , m , n , . . . , s name x , y , z variable f ( M 1 , . . . , M l ) function application P , Q , R ::= processes (or plain processes) null process 0 P | Q parallel composition ! P replication ν n . P name restriction (“new”) if M = N then P else Q conditional u ( x ) . P message input u � M � . P message output Bruno Blanchet (INRIA) Applied pi calculus April 2015 5 / 47

  6. Introduction The language Main theorem Proof Conclusion Syntax: processes L , M , N , T , U , V ::= terms a , b , c , . . . , k , . . . , m , n , . . . , s name x , y , z variable f ( M 1 , . . . , M l ) function application P , Q , R ::= processes (or plain processes) null process 0 P | Q parallel composition ! P replication ν n . P name restriction (“new”) if M = N then P else Q conditional N ( x ) . P message input N � M � . P message output Bruno Blanchet (INRIA) Applied pi calculus April 2015 5 / 47

  7. Introduction The language Main theorem Proof Conclusion Syntax: extended processes A , B , C ::= extended processes P plain process A | B parallel composition ν n . A name restriction ν x . A variable restriction { M / x } active substitution Active substitutions model the knowledge of the adversary. { M 1 / x 1 , . . . , M l / x l } for { M 1 / x 1 } | . . . |{ M l / x l } . Substitutions are cycle-free. At most one substitution for each variable. Exactly one when the variable is restricted. Bruno Blanchet (INRIA) Applied pi calculus April 2015 6 / 47

  8. Introduction The language Main theorem Proof Conclusion Sorts Variables, names, and functions come with sorts: u : τ means that u has sort τ . Examples of sorts: Integer, Key, Data, . . . There are infinite numbers of variables and names of each sort. f : τ 1 × · · · × τ l → τ means that f has arguments of sorts τ 1 , . . . , τ l and a result of sort τ . Bruno Blanchet (INRIA) Applied pi calculus April 2015 7 / 47

  9. Introduction The language Main theorem Proof Conclusion Sorts Special sort Channel � τ � for channels. Bruno Blanchet (INRIA) Applied pi calculus April 2015 8 / 47

  10. Introduction The language Main theorem Proof Conclusion Sorts Special sort Channel for channels. The unsorted applied pi is a particular case of the sorted applied pi, using the single sort Channel. The sort system enforces that: Functional applications are well-sorted. M and N are of the same sort in the conditional expression. N has sort Channel in the input and output expressions. The sort system can enforce that channels are names or variables: choose types of functions so that no function returns sort Channel. Active substitutions preserve sorts. Bruno Blanchet (INRIA) Applied pi calculus April 2015 8 / 47

  11. Introduction The language Main theorem Proof Conclusion Semantics: equations The signature Σ is equipped with an equational theory closed under substitutions of terms for variables and names; intuitively, defined from equations that do not contain names; respects the sort system; non-trivial, that is, there exist two different terms in each sort. Example fst(( x , y )) = x snd(( x , y )) = y dec(enc( x , y ) , y ) = x check( x , sign( x , sk( y )) , pk( y )) = ok Equality modulo the equational theory: Σ ⊢ M = N . Bruno Blanchet (INRIA) Applied pi calculus April 2015 9 / 47

  12. Introduction The language Main theorem Proof Conclusion Semantics: preliminary definitions Processes are considered equal modulo renaming of bound names and variables. Needed to define P { M / x } . A context is a (possibly extended) process with a hole. An evaluation context is a context whose hole is not under a replication, a conditional, an input, or an output. E ::= evaluation context hole A | E parallel composition E | A parallel composition ν n . E name restriction ν x . E variable restriction Bruno Blanchet (INRIA) Applied pi calculus April 2015 10 / 47

  13. Introduction The language Main theorem Proof Conclusion Semantics: structural equivalence Structural equivalence ≡ equivalence relation closed by application of evaluation contexts ≡ A | 0 Par- 0 A A | ( B | C ) ≡ ( A | B ) | C Par-A Par-C A | B ≡ B | A ! P ≡ P | ! P Repl ν n . 0 ≡ New- 0 0 New-C ν u .ν v . A ≡ ν v .ν u . A A | ν u . B ≡ ν u . ( A | B ) New-Par when u �∈ fv ( A ) ∪ fn ( A ) ν x . { M / Alias x } ≡ 0 { M / { M / x } | A { M / x } | A ≡ x } Subst { M / { N / Rewrite x } ≡ x } when Σ ⊢ M = N Bruno Blanchet (INRIA) Applied pi calculus April 2015 11 / 47

  14. Introduction The language Main theorem Proof Conclusion Semantics: internal reduction Internal reduction → closed by structural equivalence closed by application of evaluation contexts N � x � . P | N ( x ) . Q → P | Q Comm if M = M then P else Q → Then P if M = N then P else Q → Else Q for any ground terms M and N such that Σ �⊢ M = N Using structural equivalence: ν x . ( { M / N � M � . P | N ( x ) . Q ≡ x } | N � x � . P | N ( x ) . Q ) ν x . ( { M / → x } | P | Q ) by Comm P | Q { M / ≡ x } Bruno Blanchet (INRIA) Applied pi calculus April 2015 12 / 47

  15. Introduction The language Main theorem Proof Conclusion Preliminary definitions dom ( A ): domain, set of variables that A exports. fv ( A ): free variables A is closed when its free variables are all defined by an active substitution, that is, dom ( A ) = fv ( A ). E [ ] closes A when E [ A ] is closed. A ⇓ a when A → ∗ ≡ E [ a � M � . P ] for some evaluation context E [ ] that does not bind a . A can send a message on channel a . Bruno Blanchet (INRIA) Applied pi calculus April 2015 13 / 47

  16. Introduction The language Main theorem Proof Conclusion Observational equivalence Definition An observational bisimulation is a symmetric relation R between closed extended processes with the same domain such that A R B implies: 1 if A ⇓ a , then B ⇓ a ; 2 if A → ∗ A ′ and A ′ is closed, then B → ∗ B ′ and A ′ R B ′ for some B ′ ; 3 E [ A ] R E [ B ] for all closing evaluation contexts E [ ]. Observational equivalence ( ≈ ) is the largest such relation. Intuitively, A ≈ B when an adversary (evaluation context) cannot distinguish A from B . Hard to prove because of the universal quantification over all contexts. Use a labeled bisimulation. Bruno Blanchet (INRIA) Applied pi calculus April 2015 14 / 47

  17. Introduction The language Main theorem Proof Conclusion Equality in a frame A frame ϕ is an extended process built up from 0 and active substitutions { M / x } by parallel composition and restriction. The frame of A , ϕ ( A ), is obtained replacing every plain process in A with 0 . Definition Two terms M and N are equal in the frame ϕ , written ( M = N ) ϕ , if and only if fv ( M ) ∪ fv ( N ) ⊆ dom ( ϕ ), ϕ ≡ ν � n .σ , M σ = N σ , and { � n } ∩ ( fn ( M ) ∪ fn ( N )) = ∅ for some names � n and substitution σ . Independent of the representative ν � n .σ . Bruno Blanchet (INRIA) Applied pi calculus April 2015 15 / 47

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security proofs in the symbolic model the applied pi calculus Karthikeyan Bhargavan INRIA

Security proofs in the symbolic model the applied pi calculus Karthikeyan Bhargavan INRIA

Security proofs in the symbolic model the applied pi calculus Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 Karthikeyan Bhargavan (INRIA) Security proofs in the symbolic

413 views • 39 slides
Proofs, upside down A functional correspondence between natural deduction and the sequent calculus

Proofs, upside down A functional correspondence between natural deduction and the sequent calculus

Proofs, upside down A functional correspondence between natural deduction and the sequent calculus Matthias Puech APLAS13 Melbourne, December 11, 2013 1 / 19 An intuition Natural deductions are reversed sequent calculus proofs 2 / 19

955 views • 66 slides
The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of

The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of

The Computational SLR: A Calculus for Verifying Cryptographic Proofs Yu Zhang Institute of Software Chinese Academy of Sciences BASICS09, Shanghai, China October 13, 2009 Background Formal verification of security protocols from

312 views • 28 slides
APMA Calculus Options Which Course Should I Take? School of Engineering & Applied Science

APMA Calculus Options Which Course Should I Take? School of Engineering & Applied Science

APMA Calculus Options Which Course Should I Take? School of Engineering & Applied Science University of Virginia July 3, 2018 APMA Calculus Sequences Originally, there was a single 3-semester sequence with 3 different starting points,

334 views • 15 slides
Linear lower bound on degrees of Positivstellensatz calculus proofs for the parity (Dima

Linear lower bound on degrees of Positivstellensatz calculus proofs for the parity (Dima

Linear lower bound on degrees of Positivstellensatz calculus proofs for the parity (Dima Grigoriev) talk by Anastasia Sofronova Seminar Modern Methods in CS April 21, 2020 1 / 17 Proof systems an unsatisfiable formula in CNF.

597 views • 23 slides
Section 7.3 Formal Proofs in Predicate Calculus All proof rules for propositional calculus extend

Section 7.3 Formal Proofs in Predicate Calculus All proof rules for propositional calculus extend

Section 7.3 Formal Proofs in Predicate Calculus All proof rules for propositional calculus extend to predicate calculus. Example . k . x p ( x ) P k +1. x p ( x ) x p ( x ) P k +2. x p ( x ) 1, 2, MP But we need

321 views • 8 slides
MAT137 - Calculus with proofs Assignment #2 due on Thursday. Practice Test: Friday 3pm to

MAT137 - Calculus with proofs Assignment #2 due on Thursday. Practice Test: Friday 3pm to

MAT137 - Calculus with proofs Assignment #2 due on Thursday. Practice Test: Friday 3pm to Saturday 3pm TODAY: More continuity FRIDAY: Limit computations! (Videos 2.19, 2.20) What can we conclude? Let c R . Let f and g be functions. Assume f

192 views • 6 slides
Lecture 2.5: Proofs in propositional calculus Matthew Macauley Department of Mathematical

Lecture 2.5: Proofs in propositional calculus Matthew Macauley Department of Mathematical

Lecture 2.5: Proofs in propositional calculus Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4190, Discrete Mathematical Structures M. Macauley (Clemson) Lecture 2.5: Proofs

576 views • 9 slides
MAT137 - Calculus with proofs Assignment #1 due on THURSDAY. TODAY: Limits geometrically WED:

MAT137 - Calculus with proofs Assignment #1 due on THURSDAY. TODAY: Limits geometrically WED:

MAT137 - Calculus with proofs Assignment #1 due on THURSDAY. TODAY: Limits geometrically WED: The definition of limit (Videos 2.5, 2.6) Limits from a graph Find the value of 1. lim x 2 f ( x ) 2. lim x 0 f ( f ( x )) Floor Given a

376 views • 4 slides
Calculus 3 Chapter 15. Multiple Integrals 15.3. Area by Double IntegrationExamples and Proofs

Calculus 3 Chapter 15. Multiple Integrals 15.3. Area by Double IntegrationExamples and Proofs

Calculus 3 Chapter 15. Multiple Integrals 15.3. Area by Double IntegrationExamples and Proofs of Theorems February 2, 2020 () Calculus 3 February 2, 2020 1 / 9 Table of contents Exercise 15.3.8 1 Exercise 15.3.14 2 Exercise 15.3.20

509 views • 16 slides
The Simply Typed Lambda Calculus Jonathan Prieto-Cubides Master in Applied Mathematics Logic and

The Simply Typed Lambda Calculus Jonathan Prieto-Cubides Master in Applied Mathematics Logic and

The Simply Typed Lambda Calculus Jonathan Prieto-Cubides Master in Applied Mathematics Logic and Computation Group Universidad EAFIT Medelln, Colombia 1th June 2017 (In Agda ) Contents Lambda Calculus Typed Lambda Calculus Syntax

1.05k views • 24 slides
MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26

MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26

MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26 TODAY: Functions and inverse functions FRIDAY: Exponentials and logarithms Watch videos 4.5, 4.7, 4.8, 4.9 Supplementary videos: 4.6, 4.10, 4.11

396 views • 5 slides
MAT137 - Calculus with proofs Test 1 opens on Friday, October 23. See details on course website.

MAT137 - Calculus with proofs Test 1 opens on Friday, October 23. See details on course website.

MAT137 - Calculus with proofs Test 1 opens on Friday, October 23. See details on course website. TODAY: Squeeze theorem and more proof with limits FRIDAY: Continuity ( Watch videos 2.14, 2.15 ) Limits involving sin(1 / x ) The limit lim x

257 views • 9 slides
MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26

MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26

MAT137 - Calculus with proofs Assignment #3 due on November 5 Assignment #4 due on November 26 TODAY: Functions and inverse functions Watch videos 4.3, 4.3 by Wednesday Worm up A worm is crawling across a table. The path of the worm looks

399 views • 6 slides
Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of

Analysis of electronic voting protocols in applied pi calculus Mark Ryan University of Birmingham based on joint work with Ben Smyth Steve Kremer Mounira Kourjieh IFIP WG 1.3, Udine, Italy September 2009 Outline Electronic voting Applied

695 views • 30 slides
MAT137 - Calculus with proofs TODAY: Continuity MONDAY is a holiday (no class) WEDNESDAY: More

MAT137 - Calculus with proofs TODAY: Continuity MONDAY is a holiday (no class) WEDNESDAY: More

MAT137 - Calculus with proofs TODAY: Continuity MONDAY is a holiday (no class) WEDNESDAY: More Continuity Required videos 2.16, 2.17 Supplementary video: 2.18 Undefined function Let a R and let f be a function. Assume f ( a ) is undefined.

190 views • 7 slides
2018 Annual Testing Presentation Robbinsville School District New Jerseys Statewide

2018 Annual Testing Presentation Robbinsville School District New Jerseys Statewide

2018 Annual Testing Presentation Robbinsville School District New Jerseys Statewide Assessment Program PARCC = Partnership for Assessment of Readiness for College and Careers Students take the PARCC English Language Arts and Literacy

520 views • 24 slides
Relating Reasoning Methodologies in Linear Logic and Process Algebra Yuxin Deng Iliano Cervesato

Relating Reasoning Methodologies in Linear Logic and Process Algebra Yuxin Deng Iliano Cervesato

Relating Reasoning Methodologies in Linear Logic and Process Algebra Yuxin Deng Iliano Cervesato Robert J. Simmons Jiao Tong University Carnegie Mellon University Carnegie Mellon University Shanghai Qatar Pittsburgh Linearity 2012

458 views • 22 slides
Age group Adults Level 2.0 2.5 Time needed 50 - 60 min Learning objective(s) Presentation

Age group Adults Level 2.0 2.5 Time needed 50 - 60 min Learning objective(s) Presentation

Age group Adults Level 2.0 2.5 Time needed 50 - 60 min Learning objective(s) Presentation Procedure: Introducing the first point/Moving to the next point Key skills Vocabulary & Speaking BUSINESS ENGLISH PRESENTATION PROCEDURE 07

405 views • 7 slides
Terms and Conditions TC-20 Tariff Proceeding Customer Workshop 5/31/18 Pre-Decisional. For

Terms and Conditions TC-20 Tariff Proceeding Customer Workshop 5/31/18 Pre-Decisional. For

Terms and Conditions TC-20 Tariff Proceeding Customer Workshop 5/31/18 Pre-Decisional. For Discussion Purposes Only. Agenda TIME TOPIC PRESENTERS 9:00 - 9:10 AM Agenda Review & Safety Rachel Dibble Strategic Alignment & Pro Forma

426 views • 42 slides
Program of Studies/Course Selection Process Presentation Tonights Purpose To assist

Program of Studies/Course Selection Process Presentation Tonights Purpose To assist

Welcome to the BASH Program of Studies/Course Selection Process Presentation Tonights Purpose To assist students and parents/guardians in selecting courses most beneficial and relevant to each students post -high school plans To

638 views • 33 slides
Community 1 District 86 Strategic Plan Goal 1 District 86 Vision We spent the 2019-2020 school

Community 1 District 86 Strategic Plan Goal 1 District 86 Vision We spent the 2019-2020 school

Strategic Plan: Getting Started with Goal 1 Grading and Assessment Practices For Students, Teachers, and Community 1 District 86 Strategic Plan Goal 1 District 86 Vision We spent the 2019-2020 school year beginning our work by aligning

559 views • 31 slides
SUBGROUP 3 MEETING O C T O B E R 2 4 , 2 0 1 4 M I C H E L L E L . Y O U N K E R STUDENTS ARE

SUBGROUP 3 MEETING O C T O B E R 2 4 , 2 0 1 4 M I C H E L L E L . Y O U N K E R STUDENTS ARE

Ohio Mathematics Initiative SUBGROUP 3 MEETING O C T O B E R 2 4 , 2 0 1 4 M I C H E L L E L . Y O U N K E R STUDENTS ARE Taking too much time Taking too many credits Diverted into Remediation Not graduating 2 TOO MUCH TIME TO

776 views • 35 slides
FOX CHAPEL AREA SCHOOL DISTRICT CLASS SIZE REPORT FOX CHAPEL AREA HIGH SCHOOL REPORT SCHEDULING

FOX CHAPEL AREA SCHOOL DISTRICT CLASS SIZE REPORT FOX CHAPEL AREA HIGH SCHOOL REPORT SCHEDULING

FOX CHAPEL AREA SCHOOL DISTRICT CLASS SIZE REPORT FOX CHAPEL AREA HIGH SCHOOL REPORT SCHEDULING AND CLASS SIZE Scheduling is a year long process. Counselors are always modifying and suggesting creative ways to meet the needs of our

825 views • 16 slides

More recommend