Equivalence Properties by Typing in Cryptographic Branching Protocols

Abstract : Recently, many tools have been proposed for automatically analysing, in symbolic models, equivalence of security protocols. Equivalence is a property needed to state privacy properties or game-based properties like strong secrecy. Tools for a bounded number of sessions can decide equivalence but typically suffer from efficiency issues. Tools for an unbounded number of sessions like Tamarin or ProVerif prove a stronger notion of equivalence (diff-equivalence) that does not properly handle protocols with else branches. Building upon a recent approach, we propose a type system for reasoning about branching protocols and dynamic keys. We prove our type system to entail equivalence , for all the standard primitives. Our type system has been implemented and shows a significant speedup compared to the tools for a bounded number of sessions, and compares similarly to ProVerif for an unbounded number of sessions. Moreover, we can also prove security of protocols that require a mix of bounded and unbounded number of sessions, which ProVerif cannot properly handle.
Document type :
Complete list of metadatas

Cited literature [59 references]  Display  Hide  Download

Contributor : Joseph Lallemand <>
Submitted on : Friday, February 23, 2018 - 11:13:11 AM
Last modification on : Tuesday, December 18, 2018 - 4:38:25 PM
Long-term archiving on : Thursday, May 24, 2018 - 2:05:40 PM


Files produced by the author(s)


  • HAL Id : hal-01715957, version 1



Véronique Cortier, Niklas Grimm, Joseph Lallemand, Matteo Maffei. Equivalence Properties by Typing in Cryptographic Branching Protocols. [Research Report] Université de Lorraine, CNRS, Inria, LORIA; TU Wien. 2018. ⟨hal-01715957⟩



Record views


Files downloads