CryptoDB
Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol
| Authors: | |
|---|---|
| Download: | |
| Abstract: | We devise an abstraction of zero-knowledge protocols that is accessible to a fully mechanized analysis. The abstraction is formalized within the applied pi-calculus using a novel equational theory that abstractly characterizes the cryptographic semantics of zero-knowledge proofs. We present an encoding from the equational theory into a convergent rewriting system that is suitable for the automated protocol verifier ProVerif. The encoding is sound and fully automated. We successfully used ProVerif to obtain the first mechanized analysis of the Direct Anonymous Attestation (DAA) protocol. The analysis in particular required us to devise novel abstractions of sophisticated cryptographic security definitions based on interactive games. |
BibTeX
@misc{eprint-2007-13569,
title={Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol},
booktitle={IACR Eprint archive},
keywords={foundations / zero-knowledge, abstraction, mechanized analysis, direct anonymous attestation, DAA},
url={http://eprint.iacr.org/2007/289},
note={ backes@cs.uni-sb.de 13721 received 27 Jul 2007},
author={Michael Backes and Matteo Maffei and Dominique Unruh},
year=2007
}