Skip to Main content Skip to Navigation
Conference papers

Deciding the Security of Protocols with Commuting Public Key Encryption.

Yannick Chevalier 1 Ralf Küsters Michaël Rusinowitch 1 Mathieu Turuani 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : We show that deciding insecurity of cryptographic protocols for finite sessions and commuting publi keys is in NP. Many cryptographic protocols and attacks on these protocols make use of the fact that the order in which encryption is performed does not affect the result of the encryption, i.e. encryption is commutative. However, most models for the automatic analysis of cryptographic protocols can not handle such encryption functions since in these models the message space is considered a free term algebra. In this paper, we present an NP decision procedure for the insecurity of protocols that employ RSA encryption, which is one of the most important instances of commuting public key encryption.
Complete list of metadatas
Contributor : Publications Loria <>
Submitted on : Tuesday, September 26, 2006 - 10:13:21 AM
Last modification on : Wednesday, September 16, 2020 - 10:42:55 AM


  • HAL Id : inria-00100013, version 1


Yannick Chevalier, Ralf Küsters, Michaël Rusinowitch, Mathieu Turuani. Deciding the Security of Protocols with Commuting Public Key Encryption.. Workshop on Automated Reasoning for Security Protocol Analysis - ARSPA'2004, Jul 2004, Cork, Ireland. 11 p. ⟨inria-00100013⟩



Record views