Much attention has been paid to the design of languages for the speci cation of cryptographic protocols. However, the ability to specify their desired behavior correctly is also important; indeed many perceived protocol aws arise out of a misunderstanding of the protocol's requirements. In this talk we give a brief survey of the history of requirements speci cation in formal analysis of cryptog...

This work explores two methods for practical cryptography on mobile devices. The first method is a quantum-resistant key-exchange protocol proposed by Jao et al.. As the use of mobile devices increases, the deployment of practical cryptographic protocols designed for use on these devices is of increasing importance. Furthermore, we are faced with the possible development of a large-scale quantu...

Quantum Cryptography offers a secure method of sharing sequences of random numbers to be used as cryptographic keys. It can potentially eliminate many of the weaknesses of classical cryptographic methods. In this paper, we survey some results in quantum cryptography. After a brief introduction to classical cryptography, some fundamental quantum key distribution protocols are reviewed. The issue...

We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts. Bisimulation is the basis of an effective proof technique, which yields proofs of classical security properties of protocols and also justifies certain protocol optimizations. The setting for our work is th...

In this paper, we pursue towards understanding how to design and analyse cryptographic protocols in a (large) network setting where all communication is solely based on the publish/subscribe paradigm. That is, we expect a stack and network architecture where all message passing is based on publish/subscribe rather than send/receive, all the way down to the link layer. Under those assumptions, i...

In this note we ooer a perspective on the virtues and limitations of several logics for cryptographic protocols focusing primarily on the logics of authentication. We emphasize the scope limitations of these logics rather than their virtues because (1) we consider their virtues to be better understood and accepted than their limitations , and (2) we hope to stimulate further research that will ...

In this paper we give a survey of the state of the art in the application of formal methods to the analysis of cryptographic protocols. We attempt to outline some of the major threads of research in this area, and also to document some emerging trends. : : :

In this paper we propose a general definition of secrecy for cryptographic protocols in the Dolev-Yao model. We give a sufficient condition ensuring secrecy for protocols where rules have encryption depth at most two, that is satisfied by almost all practical protocols. The only allowed primitives in the class of protocols we consider are pairing and encryption with atomic keys. Moreover, we de...

Cryptographic protocols are crucial for securing electronic transactions. The confidence in these protocols can be increased by the formal analysis of their security properties. Although many works have been dedicated to standard protocols like Needham-Schroder very few address the more challenging class of group protocols. We present a synchronous model for group protocols, that generalizes st...

We describe a verification method for cryptographic protocols, based on first-order invariants. For typical protocols, a suitable invariant can be generated mechanically from the program text, allowing safety properties to be proved by ordinary first-order reasoning. The method has been implemented in an automatic verifier, TAPS, that proves safety properties comparable to those in published Is...