Symbolic Bisimulation for the Applied Pi Calculus

We propose a symbolic semantics for the finite applied pi calculus.The applied pi calculus is a variant of the pi calculus with extensions formodelling cryptographic protocols. By treating inputs symbolically, oursemantics avoids potentially infinite branching of execution trees due toinputs from the environment. Correctness is maintained by associatingwith each process a set of constraints on terms. We define a symbolic la-belled bisimulation relation, which is shown to be sound but not completewith respect to standard bisimulation. We explore the lack of complete-ness and demonstrate that the symbolic bisimulation relation is sufficientfor many practical examples. This work is an important step towardsautomation of observational equivalence for the finite applied pi calculus,e.g. for verification of anonymity or strong secrecy properties. ∗This work has been partly supported by the EPSRC projects EP/E029833, VerifyingProperties in Electronic Voting Protocols and EP/E040829/1, Verifying Anonymity and Pri-vacy Properties of Security Protocols, the ARA SESUR project AVOTÉ and the ARTIST2NoE. Preliminary versions of this paper appeared in [13] and [14].