diff --git a/src/ns3 b/src/ns3 new file mode 100644 index 0000000..943fc7f --- /dev/null +++ b/src/ns3 @@ -0,0 +1,76 @@ +const pk: Function; +secret sk: Function; +inversekeys (pk,sk); + +protocol ns3(I,R) +{ + role I + { + const ni: Nonce; + var nr: Nonce; + + send_1(I,R, {I,ni}pk(R) ); + read_2(R,I, {ni,nr}pk(I) ); + send_3(I,R, {nr}pk(R) ); + claim_4(I,Secret,ni,nr); + claim_6(I,Nisynch); + } + + role R + { + var ni: Nonce; + const nr: Nonce; + + read_1(I,R, {I,ni}pk(R) ); + send_2(R,I, {ni,nr}pk(I) ); + read_3(I,R, {nr}pk(R) ); + claim_5(R,Secret,ni,nr); + claim_7(R,Nisynch); + } +} + +// We leave out: M (from M_0) and Decryption, because that causes +// problems with the inverse key. +protocol I_MALICE (I_F, I_T, I_V, I_R, I_E) +{ + role I_F { + var t; + read_if1 (F,F, t); + } + role I_T { + var t; + read_it1 (T,T, t); + send_it2 (T,T, t); + send_it3 (T,T, t); + } + role I_V { + var t1; + var t2; + read_iv1 (V,V, t1); + read_iv2 (V,V, t2); + send_iv3 (V,V, (t1,t2)); + } + role I_R { + var t1; + var t2; + read_ir1 (I_R,I_R, (t1,t2)); + read_ir2 (I_R,I_R, t1); + send_ir3 (I_R,I_R, t2); + } + role I_E { + var t1; + var t2; + read_ie1 (I_E,I_E, t1); + read_ie2 (I_E,I_E, t2); + send_ie3 (I_E,I_E, {t1}t2); + } +} + +const Alice,Bob,Eve: Agent; + +untrusted Eve; +const nc: Nonce; +compromised sk(Eve); + +run ns3.I(Alice,Eve); +run ns3.R(Alice,Bob);