scyther/spdl/misc/boyd-nsl-fix.spdl

56 lines
944 B
Plaintext

/*
* Boyd fix for NS(L)
*
* From the paper "Towards Extensional Goals in Authentication
* Protocols"
*
* Broken. Best shown by attack id 4.
*/
const pk: Function;
secret sk: Function;
inversekeys (pk,sk);
const hash: Function;
secret unhash: Function;
inversekeys (hash,unhash);
protocol boydNS(I,R)
{
role I
{
const ni: Nonce;
var nr: Nonce;
send_1(I,R, {ni}pk(R),I );
read_2(R,I, {nr}pk(I),hash(ni,R) );
send_3(I,R, hash(nr, I,R) );
claim_i1(I,Secret,ni);
claim_i2(I,Secret,nr);
claim_i3(I,Niagree);
claim_i4(I,Nisynch);
}
role R
{
var ni: Nonce;
const nr: Nonce;
read_1(I,R, {ni}pk(R),I );
send_2(R,I, {nr}pk(I),hash(ni,R) );
read_3(I,R, hash(nr, I,R) );
claim_r1(R,Secret,ni);
claim_r2(R,Secret,nr);
claim_r3(R,Niagree);
claim_r4(R,Nisynch);
}
}
const Alice,Bob,Eve: Agent;
untrusted Eve;
const ne: Nonce;
compromised sk(Eve);
run boydNS.I(Agent,Agent);
run boydNS.R(Agent,Agent);