50 lines
809 B
Plaintext
50 lines
809 B
Plaintext
/*
|
|
* Boyd fix for NS(L)
|
|
*
|
|
* From the paper "Towards Extensional Goals in Authentication
|
|
* Protocols"
|
|
*
|
|
* Broken. Best shown by attack id 4.
|
|
*/
|
|
|
|
const pk: Function;
|
|
secret sk: Function;
|
|
inversekeys (pk,sk);
|
|
const hash: Function;
|
|
secret unhash: Function;
|
|
inversekeys (hash,unhash);
|
|
|
|
protocol boydNS(I,R)
|
|
{
|
|
role I
|
|
{
|
|
fresh ni: Nonce;
|
|
var nr: Nonce;
|
|
|
|
send_1(I,R, {ni}pk(R),I );
|
|
recv_2(R,I, {nr}pk(I),hash(ni,R) );
|
|
send_3(I,R, hash(nr, I,R) );
|
|
claim_i1(I,Secret,ni);
|
|
claim_i2(I,Secret,nr);
|
|
claim_i3(I,Niagree);
|
|
claim_i4(I,Nisynch);
|
|
}
|
|
|
|
role R
|
|
{
|
|
var ni: Nonce;
|
|
fresh nr: Nonce;
|
|
|
|
recv_1(I,R, {ni}pk(R),I );
|
|
send_2(R,I, {nr}pk(I),hash(ni,R) );
|
|
recv_3(I,R, hash(nr, I,R) );
|
|
claim_r1(R,Secret,ni);
|
|
claim_r2(R,Secret,nr);
|
|
claim_r3(R,Niagree);
|
|
claim_r4(R,Nisynch);
|
|
}
|
|
}
|
|
|
|
|
|
|