Framework for reasoning about cryptographic protocols with randomization

Context. Cryptographic protocols are distributed programs which use cryptographic primitives to secure communication over untrusted networks (such as the Internet). They are designed to achieve security properties such as confidentiality, authentication or anonymity. Due to the complexity of cryptographic primitives, the inherent concurrency and the untrusted nature of networks, their design has often proved to be error-prone. In order to tackle this problem, formal methods have been designed to detect errors in cryptographic protocols and proved very successful. One successful approach is to model the cryptographic protocols in process calculi, and prove that the protocols behave like ideal protocols. Process calculi are ‘programing languages’ for distributed programs; and have a nondeterministic construct to model concurrency. For cryptographic protocols, applied pi-calculus [AF01] has been designed to take into account cryptographic operations. The cryptographic primitives in this framework are modeled as equational theories. While applied pi-calculus has been very successful, it cannot reason about cryptographic protocols (such as anonymity protocols and oblivious transfers) that explicitly use randomization techniques to achieve its goal. In order to achieve this, probabilistic applied pi-calculus has been proposed [GLPT07] where a probabilistic operator has been added to handle randomization. In order to give a semantics of the probabilistic applied pi-calculus, nondeterministic choices have to be resolved in presence of probabilistic choices. Usually, nondeterministic choices in probabilistic systems is resolved in the presence of schedulers. However, for security, the schedulers have to be restricted [GD07, CP10]. However, the framework in [GLPT07] suffers in that this restriction is no placed on the scheduler.