Towards Unconditional Soundness: Computationally Complete Symbolic Attacker

We consider the question of the adequacy of symbolic models versus computational models for the verification of security protocols. We neither try to include properties in the symbolic model that reflect the properties of the computational primitives nor add computational requirements that enforce the soundness of the symbolic model. We propose in this paper a different approach: everything is possible in the symbolic model, unless it contradicts a computational assumption. In this way, we obtain unconditional soundness almost by construction. And we do not need to assume the absence of dynamic corruption or the absence of key-cycles, which are examples of hypotheses that are always used in related works. We set the basic framework, for arbitrary cryptographic primitives and arbitrary protocols, however for trace security properties only. The main points of this work have been published in the proceedings of POST’12 [8]. This paper largely agrees with that publication, but in Section 2.6 we present an improved computational semantics. This improvement allows us to state our main theorem for any first order formula, while in the POST publication, the possible formulas were somewhat restricted. Moreover, we introduced here Section 4, which explains the connection between our results and an earlier result of Fitting about embedding (first-order) classical logic into (first-order) S4.