# SmartRight view-only # # Modelled after the description in the SPORE library # http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html # # Note: # According to SPORE there are no known attacks on this protocol # # Note: # Scyther finds an attack because the value of VoR in te last message can # be replaced with an arbitrary value hashfunction hash; usertype SessionKey; usertype XorKey; const Vor: XorKey; protocol smartright(I,R) { role I { fresh VoKey: SessionKey; fresh VoR: XorKey; fresh CW; var VoRi: Nonce; send_1(I,R, {VoKey,{CW}VoR}k(I,R)); read_2(R,I, VoRi); send_3(I,R, VoR, {{VoRi}hash}VoKey); } role R { var T: Ticket; var VoR: XorKey; var VoKey: SessionKey; fresh VoRi: Nonce; read_1(I,R, {VoKey,T}k(I,R)); send_2(R,I, VoRi); read_3(I,R, VoR,{{VoRi}hash}VoKey); claim_R1(R,Nisynch); } }