A Dolev-Yao Model for Zero Knowledge. - Internet Archive Scholar

We propose an extension of the standard Dolev-Yao model of cryptographic protocols which involves not only constructibility of terms but also a form of verifiability. ... While a rich theory of zero knowledge proofs exists, there are few formal models addressing verification questions. ... In this context, it is natural to consider extensions of the Dolev-Yao model for analysis of cryptographic protocols that employ zero-knowledge proofs as well. Two approaches suggest themselves. ...

doi:10.1007/978-3-642-10622-4_11 fatcat:lvtt7xgj5bbkhkjcyxor44cwgu

Introduction The Dolev-Yao Model Useful for modelling agents' abilities in cryptographic protocols Message space viewed as term algebra t := m | (t 1 , t 2 ) | {t} k Intruder is the network -has access ... Cryptographic devices -zero knowledge proofs Not concise or readable , bit commitment etc. ...

doi:10.1007/978-3-319-13841-1_4 fatcat:fvga63arsnejlgm2u5waaalwpi

The abstraction of cryptographic operations by term algebras, called symbolic models, is essential in almost all tool-supported methods for analyzing security protocols. ... Second, we conduct all computational soundness proofs in CoSP, a recent framework that allows for casting computational soundness proofs in a modular manner, independent of the underlying symbolic calculi ... Symbolic Model for Zero-Knowledge In this section, we describe our symbolic abstraction of zero-knowledge proofs. Terms and Constructors. ...

doi:10.1007/978-3-642-36830-1_11 fatcat:k34ilyzacbaqllmv6nslo7d23e

We further motivate this achievement by showing an important and natural application: giving additional real-world meaningfulness to the Dolev-Yao model. ... We present a new model for plaintext-aware encryption that is both natural and useful. We achieve plaintext-aware encryption without random oracles by using a third party. ... They would also like to thank the anonymous referees for their insightful comments. ...

doi:10.1007/978-3-540-45146-4_32 fatcat:b6wweot24reihlkiauuhanohnu

A common model is the Dolev-Yao model, which considers only adversaries that can compose and replay messages, and decipher them with known keys. ... We show how we can model the standard Dolev-Yao adversary in this setting, and how we can capture more general capabilities including protocol-specific knowledge and guesses. ... We also think Sabina Petride for useful comments. ...

doi:10.2168/lmcs-8(1:21)2012 fatcat:pxi2uvouefbkznc72ens5fc5im

DOAJ Multiple Versions

On the positive side, we show the soundness of a rather general Dolev-Yao model with XOR and its realization under passive attacks. ... The abstraction of cryptographic operations by term algebras, called Dolev-Yao models, is essential in almost all tool-supported methods for proving security protocols. ... This is easy to realize in the Dolev-Yao model because one can retain the knowledge of the original type of the subterm. ...

doi:10.1007/11555827_11 fatcat:bcbgl23sofevle5yvoq6btgzy4

Automated tools such as model checkers and theorem provers for the analysis of security protocols typically abstract from cryptography by Dolev-Yao models, i.e., abstract term algebras replace the real ... For the standard model of cryptography, we also discuss several conceivable restrictions and extensions to the Dolev-Yao models and classify them into possible and impossible cases in the strong BRSIM/ ... We thank Martín Abadi, Anupam Datta, Ante Derek, Cathy Meadows, John Mitchell, and Andre Scedrov for interesting discussions. ...

doi:10.1007/11863908_25 fatcat:vpcrow6o4nalxnxliydvhtgqvi

We also think Sabina Petride for useful comments. ... Acknowledgments This research was inspired by discussions between the first author, Pat Lincoln, and John Mitchell, on a wonderful hike in the Dolomites. ... Almost all existing logics are based on a Dolev-Yao adversary model [9] . ...

doi:10.1007/978-3-540-40981-6_11 fatcat:vxa7xriubrhmrpyw5jgcadfl4y

The proposed intruder modeling approach called Message Inspection (MI) is based on enhancing the intruder's knowledge with metadata for the exchanged messages. ... for model checking problems that involve liveness. ... Acknowledgments We acknowledge the anonymous referees for their helpful comments, which contributed to improving the quality of the article. ...

doi:10.1016/j.cose.2009.08.003 fatcat:ckkf6r6erbez7m3delkouk5hpi

The Dolev-Yao model has been widely used in protocol verification and has been implemented in many protocol verifiers. ... There are strong assumptions underlying this model, such as perfect cryptography: the aim of the present work is to propose an approach to weaken this hypothesis, by means of probabilistic considerations ... For this reason variations on the Dolev-Yao model have been proposed: for example a transition system with computation times has been proposed in [6] . ...

doi:10.1145/1626195.1626265 dblp:conf/sin/BrescianiB09 fatcat:mizwcusyojhltbvzavfxsrzpoy

Thus, it is a priori known that i.e. an encryption scheme attack cannot succeed if the intruder does not posses the right key in his knowledge. ... The simulation terminates with a report of the attack actions that can be safely removed, resulting in a model with a reduced state space. ... In Section 4, we provide experimental results for a MI intruder model in the SPIN model checker [9] , when compared with a generic Dolev-Yao intruder model applied upon the Needham Schroeder security ...

arXiv:0909.0174v1 fatcat:r7z6uyvarfbwxgxg4izlio2h6q

This yields the first computational soundness result for symbolic zero-knowledge proofs and the first such result against fully active adversaries of Dolev-Yao models that go beyond the core cryptographic ... In this paper, we first identify which additional properties a cryptographic zero-knowledge proof needs to fulfill in order to serve as a computationally sound implementation of symbolic (Dolev-Yao style ... The set of Dolev-Yao traces for Π is denoted Exec s (Π). ...

doi:10.1109/csf.2008.20 dblp:conf/csfw/BackesU08 fatcat:n6i55ov2pbbflkz7jetm7ps3ee

We do this in a number of steps: (1) The Dolev-Yao model places strong assumptions on the adversary. ... The Dolev-Yao model is a simple and useful framework in which to analyze security protocols, but it assumes that the adversary is extremely limited. ... Acknowledgements A previous, and weaker, form of this paper appeared as part of [10] . ...

doi:10.1016/j.tcs.2005.03.003 fatcat:2aar2iezibhf7esrnsvqezkb74

Szczepanski

We propose extensions to the Dolev-Yao attacker model to make it suitable for arguments about security of Cyber-Physical Systems. ... The Dolev-Yao attacker model uses a set of rules to define potential actions by an attacker with respect to messages (i.e. information) exchanged between parties during a protocol execution. ... We present a set of extensions to allow for a more general attacker model for CPS, that we named CPDY (Cyber-Physical Dolev-Yao) [24] . ...

arXiv:1607.02562v3 fatcat:ne2lg7qvr5co3luvl674xyngp4

Multiple Versions

We say that Dolev-Yao models with this property allow for self-monitoring. ... As a case study, we show that this general condition holds for a Dolev-Yao model that contains signatures, public-key encryption, and corresponding length functions. ... This work was partially supported by the German Universities Excellence Initiative, the ERC Grant End-2-End Security, and the Center for IT-Security, Privacy and Accountability (CISPA). ...

doi:10.1007/978-3-642-54792-8_3 fatcat:gwreqr45bbbwxgnx4k5blbazc4

A Dolev-Yao Model for Zero Knowledge [chapter]

Preserved Fulltext

Extending Dolev-Yao with Assertions [chapter]

Preserved Fulltext

Computational Soundness of Symbolic Zero-Knowledge Proofs: Weaker Assumptions and Mechanized Verification [chapter]

Preserved Fulltext

Plaintext Awareness via Key Registration [chapter]

Preserved Fulltext

Modeling Adversaries in a Logic for Security Protocol Analysis

Preserved Fulltext

Other Versions

Limits of the Cryptographic Realization of Dolev-Yao-Style XOR [chapter]

Preserved Fulltext

Limits of the BRSIM/UC Soundness of Dolev-Yao Models with Hashes [chapter]

Preserved Fulltext

Modeling Adversaries in a Logic for Security Protocol Analysis [chapter]

Preserved Fulltext

An intruder model with message inspection for model checking security protocols

Preserved Fulltext

Weakening the Dolev-Yao model through probability

Preserved Fulltext

State Space Reduction with Message Inspection in Security Protocol Model Checking [article]

Preserved Fulltext

Computational Soundness of Symbolic Zero-Knowledge Proofs Against Active Attackers

Preserved Fulltext

A computational interpretation of Dolev–Yao adversaries

Preserved Fulltext

CPDY: Extending the Dolev-Yao Attacker with Physical-Layer Interactions [article]

Preserved Fulltext

Other Versions

Computational Soundness Results for ProVerif [chapter]

Preserved Fulltext