A Proof Theoretic Analysis of Intruder Theories

We consider the decidability problem of intruder deduction in security protocol analysis, that is, deciding whether a given message M can be deduced from a set of messages Σ, under the class of convergent equational theories, modulo associativity and commutativity (AC) of certain binary operators. The traditional formulations of intruder deduction are usually given in natural-deduction-like systems. Proving decidability in these systems require significant efforts in showing that the rules are “local” in some sense. We recast the intruder deduction problem as proof search in sequent calculus, in which locality is immediate, making use of the well known translation between natural deduction and sequent calculus. Using standard proof theoretic methods, such as permutation of rules and cut elimination, we show that the intruder deduction problem can be reduced, in polynomial time, to a more elementary deduction problem, which amounts to solving certain equations in the underlying equational theories. We further show that this result extends to combination of disjoint AC-convergent theories. That is, decidability of intruder deduction under the combined theory reduces to decidability of elementary deduction problem in each constituent theory. Various researchers have reported similar results for individual cases but our work shows that they can all be obtained using a systematic and uniform methodology based on the sequent calculus.