Selected publications at LSV

Privacy-type properties such as vote secrecy, anonymity, or untraceability are typically expressed using the notion of trace equivalence in a process algebra that models security protocols. In this paper, we propose some results to reduce the search space when we are looking for an attack regarding trace equivalence. Our work is strongly inspired from [10], which establishes that, if there is a witness of non trace equivalence, then there is one that is well-typed.
    Our main contribution is to establish a similar result for trace inclusion. Our motivation is twofolds: first, this small attack property is needed for proving soundness of the tool SatEquiv [13]. Second, we revisit the proof in order to simplify it. Specifically, we show two results. First, if there is a witness of non-inclusion then there is one that is well-typed. We establish this result by providing a decision procedure for trace inclusion similar to the one proposed in [10] for trace equivalence. We also show that we can reduce the search space when considering the notion of static inclusion. Acutally, if there is a witness of static non-inclusion there is one of a specific shape.
    Even if our setting slightly differs from the one considered in [10], our proofs essentially follow the same ideas than the existing proof for trace equivalence. Nevertheless, we hope that this proof will be easier to extend to other primitives such as asymmetric encryption or signatures.

   author = {Cortier, V{\'e}ronique and Dallon, Antoine and Delaune, St{\'e}phanie},
   institution = {HAL},
   month = oct,
   number = {hal-01615265},
   type = {Research Report},
   title = {A typing result for trace inclusion (for pair and symmetric encryption only)},
   url = {},
   year = {2017},

About LSV

Select by Year