scyther/protocols/misc/boyd-nsl-fix.spdl
2012-06-12 23:12:14 +02:00

50 lines
809 B
Plaintext

/*
* Boyd fix for NS(L)
*
* From the paper "Towards Extensional Goals in Authentication
* Protocols"
*
* Broken. Best shown by attack id 4.
*/
const pk: Function;
secret sk: Function;
inversekeys (pk,sk);
const hash: Function;
secret unhash: Function;
inversekeys (hash,unhash);
protocol boydNS(I,R)
{
role I
{
fresh ni: Nonce;
var nr: Nonce;
send_1(I,R, {ni}pk(R),I );
recv_2(R,I, {nr}pk(I),hash(ni,R) );
send_3(I,R, hash(nr, I,R) );
claim_i1(I,Secret,ni);
claim_i2(I,Secret,nr);
claim_i3(I,Niagree);
claim_i4(I,Nisynch);
}
role R
{
var ni: Nonce;
fresh nr: Nonce;
recv_1(I,R, {ni}pk(R),I );
send_2(R,I, {nr}pk(I),hash(ni,R) );
recv_3(I,R, hash(nr, I,R) );
claim_r1(R,Secret,ni);
claim_r2(R,Secret,nr);
claim_r3(R,Niagree);
claim_r4(R,Nisynch);
}
}