scyther/protocols/misc/boyd-nsl-fix.spdl

/*
 * Boyd fix for NS(L)
 *
 * From the paper "Towards Extensional Goals in Authentication
 * Protocols"
 *
 * Broken. Best shown by attack id 4.
 */

const pk: Function;
secret sk: Function;
inversekeys (pk,sk);
const hash: Function;
secret unhash: Function;
inversekeys (hash,unhash);

protocol boydNS(I,R)
{
	role I
	{
		fresh ni: Nonce;
		var nr: Nonce;

		send_1(I,R, {ni}pk(R),I );
		read_2(R,I, {nr}pk(I),hash(ni,R) );
		send_3(I,R, hash(nr, I,R) );
		claim_i1(I,Secret,ni);
		claim_i2(I,Secret,nr);
		claim_i3(I,Niagree);
		claim_i4(I,Nisynch);
	}	
	
	role R
	{
		var ni: Nonce;
		fresh nr: Nonce;

		read_1(I,R, {ni}pk(R),I );
		send_2(R,I, {nr}pk(I),hash(ni,R) );
		read_3(I,R, hash(nr, I,R) );
		claim_r1(R,Secret,ni);
		claim_r2(R,Secret,nr);
		claim_r3(R,Niagree);
		claim_r4(R,Nisynch);
	}
}
- Added protocols 2006-11-21 13:40:50 +00:00			`/*`
			`* Boyd fix for NS(L)`
			`*`
			`* From the paper "Towards Extensional Goals in Authentication`
			`* Protocols"`
			`*`
			`* Broken. Best shown by attack id 4.`
			`*/`

			`const pk: Function;`
			`secret sk: Function;`
			`inversekeys (pk,sk);`
			`const hash: Function;`
			`secret unhash: Function;`
			`inversekeys (hash,unhash);`

			`protocol boydNS(I,R)`
			`{`
			`role I`
			`{`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh ni: Nonce;`
- Added protocols 2006-11-21 13:40:50 +00:00			`var nr: Nonce;`

			`send_1(I,R, {ni}pk(R),I );`
			`read_2(R,I, {nr}pk(I),hash(ni,R) );`
			`send_3(I,R, hash(nr, I,R) );`
			`claim_i1(I,Secret,ni);`
			`claim_i2(I,Secret,nr);`
			`claim_i3(I,Niagree);`
			`claim_i4(I,Nisynch);`
			`}`

			`role R`
			`{`
			`var ni: Nonce;`
Fixed obsolete notation in protocol specification files. Not everything is fixed yet. However, we fixed: - 'const' -> 'fresh' - Removed lines specifying 'runs' - Removed some specifications of compromised Eve and its long-term keys being compromised. 2012-05-02 22:01:08 +01:00			`fresh nr: Nonce;`
- Added protocols 2006-11-21 13:40:50 +00:00
			`read_1(I,R, {ni}pk(R),I );`
			`send_2(R,I, {nr}pk(I),hash(ni,R) );`
			`read_3(I,R, hash(nr, I,R) );`
			`claim_r1(R,Secret,ni);`
			`claim_r2(R,Secret,nr);`
			`claim_r3(R,Niagree);`
			`claim_r4(R,Nisynch);`
			`}`
			`}`