/* * Needham-Schroeder protocol */ // PKI infrastructure const pk: Function; secret sk: Function; inversekeys (pk,sk); // The protocol description protocol ns3(I,R) { role I { const ni: Nonce; var nr: Nonce; send_1(I,R, {I,ni}pk(R) ); read_2(R,I, {ni,nr}pk(I) ); send_3(I,R, {nr}pk(R) ); claim_i1(I,Secret,ni); claim_i2(I,Secret,nr); claim_i3(I,Niagree); claim_i4(I,Nisynch); } role R { var ni: Nonce; const nr: Nonce; read_1(I,R, {I,ni}pk(R) ); send_2(R,I, {ni,nr}pk(I) ); read_3(I,R, {nr}pk(R) ); claim_r1(R,Secret,ni); claim_r2(R,Secret,nr); claim_r3(R,Niagree); claim_r4(R,Nisynch); } } // The agents in the system const Alice,Bob: Agent; // An untrusted agent, with leaked information const Eve: Agent; untrusted Eve; const ne: Nonce; compromised sk(Eve); // The runs (only needed for the modelchecker algorithm) run ns3.I(Agent,Agent); run ns3.R(Agent,Agent);