scyther/spdl/misc/gong-nonce-b.spdl

usertype Sessionkey;
usertype Keypart;
secret k: Function;
const f: Function;

/*
 * Gong nonce based alternative
 *
 * Boyd & Mathuria: Protocols for authentication and key establishment
 * (2003) p. 101
 */

protocol gongnonceb(I,R,S)
{
	role I
	{
		const ni: Nonce;
		var nr: Nonce;
		const ki: Keypart;
		var kr: Keypart;

		send_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
		read_4 (S,I, { S,I,R,kr,I }k(I,S), { R,I,ni }f(ki,kr), nr );
		send_5 (I,R, { I,R,nr }f(ki,kr) );

		claim_6 (I, Secret, ki);
		claim_7 (I, Secret, kr);
		claim_8 (I, Nisynch);
		claim_9 (I, Niagree);
	}	
	
	role R
	{
		var ni: Nonce;
		const nr: Nonce;
		const kr: Keypart;
		var ki: Keypart;

		read_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
		send_3 (R,S, { R,S,R,kr,I }k(R,S), { R,I, ni }f(ki,kr), nr );
		read_5 (I,R, { I,R,nr }f(ki,kr) );

		claim_10 (R, Secret, ki);
		claim_11 (R, Secret, kr);
		claim_12 (R, Nisynch);
		claim_13 (R, Niagree);
	}

	role S
	{
		var ni,nr: Nonce;
		var ki,kr: Keypart;
		var T;

		read_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );
		send_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );
		read_3 (R,S, { R,S,R,kr,I }k(R,S), T, nr );
		send_4 (S,I, { S,I,R,kr,I }k(I,S), T, nr );
	}
}

const Alice,Bob,Simon,Eve: Agent;

untrusted Eve;
const ne: Nonce;
const kpe: Keypart;
const ke: Sessionkey;
compromised k(Eve,Eve);
compromised k(Eve,Alice);
compromised k(Eve,Bob);
compromised k(Eve,Simon);
compromised k(Alice,Eve);
compromised k(Bob,Eve);
compromised k(Simon,Eve);

run gongnonceb.I(Agent,Agent,Simon);
run gongnonceb.R(Agent,Agent,Simon);
run gongnonceb.S(Agent,Agent,Simon);
run gongnonceb.I(Agent,Agent,Simon);
run gongnonceb.R(Agent,Agent,Simon);
run gongnonceb.S(Agent,Agent,Simon);
- Added another protocol. 2004-10-25 11:33:14 +01:00			`usertype Sessionkey;`
			`usertype Keypart;`
			`secret k: Function;`
			`const f: Function;`

			`/*`
			`* Gong nonce based alternative`
			`*`
			`* Boyd & Mathuria: Protocols for authentication and key establishment`
			`* (2003) p. 101`
			`*/`

			`protocol gongnonceb(I,R,S)`
			`{`
			`role I`
			`{`
			`const ni: Nonce;`
			`var nr: Nonce;`
			`const ki: Keypart;`
			`var kr: Keypart;`

			`send_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );`
			`read_4 (S,I, { S,I,R,kr,I }k(I,S), { R,I,ni }f(ki,kr), nr );`
			`send_5 (I,R, { I,R,nr }f(ki,kr) );`

- Unfolded secrecy claims. 2005-02-19 14:25:30 +00:00			`claim_6 (I, Secret, ki);`
			`claim_7 (I, Secret, kr);`
- Added another protocol. 2004-10-25 11:33:14 +01:00			`claim_8 (I, Nisynch);`
- Improved the arguments adapting to the input stuff (e.g. number of protocols) - Improved many protocols by adding agreement claims. 2005-03-02 19:57:05 +00:00			`claim_9 (I, Niagree);`
- Added another protocol. 2004-10-25 11:33:14 +01:00			`}`

			`role R`
			`{`
			`var ni: Nonce;`
			`const nr: Nonce;`
			`const kr: Keypart;`
			`var ki: Keypart;`

			`read_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );`
			`send_3 (R,S, { R,S,R,kr,I }k(R,S), { R,I, ni }f(ki,kr), nr );`
			`read_5 (I,R, { I,R,nr }f(ki,kr) );`

- Improved the arguments adapting to the input stuff (e.g. number of protocols) - Improved many protocols by adding agreement claims. 2005-03-02 19:57:05 +00:00			`claim_10 (R, Secret, ki);`
			`claim_11 (R, Secret, kr);`
			`claim_12 (R, Nisynch);`
			`claim_13 (R, Niagree);`
- Added another protocol. 2004-10-25 11:33:14 +01:00			`}`

			`role S`
			`{`
			`var ni,nr: Nonce;`
			`var ki,kr: Keypart;`
			`var T;`

			`read_1 (I,S, I,R, { I,S,I, ki, R }k(I,S), ni );`
			`send_2 (S,R, I,R, { S,R,I, ki, R }k(R,S), ni );`
			`read_3 (R,S, { R,S,R,kr,I }k(R,S), T, nr );`
			`send_4 (S,I, { S,I,R,kr,I }k(I,S), T, nr );`
			`}`
			`}`

			`const Alice,Bob,Simon,Eve: Agent;`

			`untrusted Eve;`
			`const ne: Nonce;`
			`const kpe: Keypart;`
			`const ke: Sessionkey;`
			`compromised k(Eve,Eve);`
			`compromised k(Eve,Alice);`
			`compromised k(Eve,Bob);`
			`compromised k(Eve,Simon);`
			`compromised k(Alice,Eve);`
			`compromised k(Bob,Eve);`
			`compromised k(Simon,Eve);`

			`run gongnonceb.I(Agent,Agent,Simon);`
			`run gongnonceb.R(Agent,Agent,Simon);`
			`run gongnonceb.S(Agent,Agent,Simon);`
			`run gongnonceb.I(Agent,Agent,Simon);`
			`run gongnonceb.R(Agent,Agent,Simon);`
			`run gongnonceb.S(Agent,Agent,Simon);`