scyther/spdl/SPORE/smartright.spdl
gijs 56c032f4a5 Update SPORE protocols to use new ticket mechanism:
- Use builtin Ticket type instead of user type
- Remove remark that -m2 matching is required as it no longer is
2005-06-02 12:41:24 +00:00

65 lines
1.4 KiB
Plaintext

# SmartRight view-only
#
# Modelled after the description in the SPORE library
# http://www.lsv.ens-cachan.fr/spore/smartright_viewonly.html
#
# Note:
# According to SPORE there are no known attacks on this protocol
#
# Note:
# This protocol uses a ticket so scyther will only be able to verify
# the protocol using the ARACHNE engine (-a)
#
# Note:
# Scyther finds an attack because the value of VoR in te last message can
# be replaced with an arbitrary value
const hash: Function;
secret unhash: Function;
secret k: Function;
inversekeys (hash,unhash);
usertype SessionKey;
usertype XorKey;
const Vor: XorKey;
protocol smartright(I,R)
{
role I
{
const VoKey: SessionKey;
const VoR: XorKey;
const CW;
var VoRi: Nonce;
send_1(I,R, {VoKey,{CW}VoR}k(I,R));
read_2(R,I, VoRi);
send_3(I,R, VoR, {{VoRi}hash}VoKey);
}
role R
{
var T: Ticket;
var VoR: XorKey;
var VoKey: SessionKey;
const VoRi: Nonce;
read_1(I,R, {VoKey,T}k(I,R));
send_2(R,I, VoRi);
read_3(I,R, VoR,{{VoRi}hash}VoKey);
claim_R1(R,Nisynch);
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
# General scenario, 2 parallel runs of the protocol
run smartright.I(Agent,Agent);
run smartright.R(Agent,Agent);
run smartright.I(Agent,Agent);
run smartright.R(Agent,Agent);