DOCSLIB.ORG

1 Security in Process Calculi Overview Pi Calculus a Little Bit of History Pi

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
1 Security in Process Calculi Overview Pi Calculus a Little Bit of History Pi CS 259 Overview Pi calculus Security in Process Calculi • Core language for parallel programming • Modeling security via name scoping Applied pi calculus • Modeling cryptographic primitives with functions Vitaly Shmatikov and equational theories • Equivalence-based notions of security • A little bit of operational semantics • Security as testing equivalence Pi Calculus [Milner et al.] A Little Bit of History [Milner] Fundamental language for concurrent systems 1980: Calculus of Communicating Systems (CCS) • High-level mathematical model of parallel processes 1992: Pi Calculus [Milner, Parrow, Walker] • The “core” of concurrent programming languages • Ability to pass channel names between processes • By comparison, lambda-calculus is the “core” of 1998: Spi Calculus [Abadi, Gordon] functional programming languages • Adds cryptographic primitives to pi calculus Mobility is a basic primitive • Security modeled as scoping • Basic computational step is the transfer of a • Equivalence-based specification of security properties communication link between two processes • Connection with computational models of cryptography • Interconnections between processes change as they communicate 2001: Applied Pi Calculus [Abadi, Fournet] Can be used as a general programming language • Generic functions, including crypto primitives Pi Calculus Syntax Modeling Secrecy with Scoping Terms A sends M to B over secure channel c • M, N ::= x variables Let u range over } names and variables | n names A M B Processes channel c • P,Q ::= nil empty process | ū〈N〉.P send term N on channel u A(M) = c-〈M〉 | u(x).P receive term from channel P and assign to x B = c(x).nil | !P replicate process P P(M) = (νc)(A(M)|B) | P|Q run processes P and Q in parallel This restriction ensures that channel c is | (νn)P restrict name n to process P “invisible” to any process except A and B (other processes don’t know name c) 1 Secrecy as Equivalence Another Formulation of Secrecy - Without (νc), attacker could run - A(M) = c〈M〉 process c(x) and tell the difference A(M) = c〈M〉 B = c(x).nil between P(M) and P(M’) B = c(x).nil P(M) = (νc)(A(M)|B) P(M) = (νc)(A(M)|B) P(M) and P(M’) are “equivalent” for any values No attacker can learn name n from P(n) of M and M’ • Let Q be an arbitrary attacker process, and suppose • No attacker can distinguish P(M) and P(M’) it runs in parallel with P(n) Different notions of “equivalence” • For any process Q in which n does not occur free, P(n) | Q will never output n • Testing equivalence or observational congruence • Indistinguishability by any probabilistic polynomial- time Turing machine Modeling Authentication with Scoping Specifying Authentication A sends M to B over secure channel c A(M) = c-〈M〉 -〈 〉 B announces received value on public channel d B = c(x).d x P(M) = (νc)(A(M)|B) For any value of M, if B outputs M on channel d, M M A B then A previously sent M on channel c channel c channel d A(M) = c-〈M〉 B = c(x).d-〈x〉 P(M) = (νc)(A(M)|B) A Key Establishment Protocol Key Establishment in Pi Calculus S S Send name CAB Send name CAB Send name CAB Send name CAB CAS CSB CAS CSB Create new M M Create new M M channel CAB A B channel CAB A B Send data on CAB channel d Send data on CAB channel d __ __ 1. A and B have pre-established pairwise keys with server S A(M) = (νc )c 〈c 〉.c 〈M〉 AB AS__ AB AB Model these keys as names of pre-existing communication channels S=c(x).c 〈x〉 AS SB _ Note communication on a channel 2. A creates a new key and sends it to S, who forwards it to B 〈 〉 with a dynamically generated name B=cSB(x).x(y).d y Model this as creation of a new channel name ν ν 3. A sends M to B encrypted with the new key, B outputs M P(M) = ( cAS)( cSB)(A(M)|B|S) 2 Applied Pi Calculus Applied Pi Calculus: Terms In pi calculus, channels are the only primitive This is enough to model some forms of security M, N ::= x Variable • Name of a communication channel can be viewed as an | n Name “encryption key” for traffic on that channel – A process that doesn’t know the name can’t access the channel | f(M1,...,Mk) Function application • Channel names can be passed between processes – Useful for modeling key establishment protocols To simplify protocol specification, applied pi Standard functions calculus adds functions to pi calculus • pair(), encrypt(), hash(), … • Crypto primitives modeled by functions and equations Simple type system for terms • Integer, Key, Channel〈Integer〉, Channel〈Key〉 Applied Pi Calculus: Processes Modeling Crypto with Functions Introduce special function symbols to model P,Q ::= nil empty process cryptographic primitives | ū〈N〉.P send term N on channel u Equational theory models cryptographic properties | u(x).P receive from channel P and assign to x Pairing | !P replicate process P • Functions pair, first, second with equations: | P|Q run processes P and Q in parallel first(pair(x,y)) = x | (νn)P restrict name n to process P second(pair(x,y)) = y | if M = N conditional Symmetric-key encryption then P else Q • Functions symenc, symdec with equation: symdec(symenc(x,k),k)=x More Equational Theories Yet More Equational Theories Public-key encryption Public-key digital signatures • Functions pk,sk generate public/private key pair • As before, functions pk,sk generate public/private key pk(x),sk(x) from a random seed x pair pk(x),sk(x) from a random seed x • Functions pdec,penc model encryption and decryption • Functions sign,verify model signing and verification with with equation: equation: pdec(penc(y,pk(x)),sk(x)) = y verify(y,sign(y,sk(x)),pk(x)) = y • Can also model “probabilistic” encryption: XOR pdec(penc(y,pk(x),z),sk(x)) = y • Model self-cancellation property with equation: Models random salt Hashing (necessary for semantic security) xor(xor(x,y),y) = x • Unary function hash with no equations • Can also model properties of cyclic redundancy codes: • hash(M) models applying a one-way function to term M crc(xor(x,y)) = xor(crc(x),crc(y)) 3 Dynamically Generated Data Better Protocol with Capabilities Use built-in name generation capability of pi calculus to model creation of new keys and nonces A (M,hash(s,M)) B M channel c channel d (M,s) M Hashing protects integrity of A B M and secrecy of s channel c channel d A(M) = c-〈(M,hash(s,M))〉 A(M) = c-〈(M,s)〉 B = c(x).if second(x)= B = c(x).if second(x)=s hash(s,first(x)) - then d〈first(x)〉 then d-〈first(x)〉 P(M) = (νs)(A(M)|B) P(M) = (νs)(A(M)|B) Models creation of fresh capability capability s may every time A and B communicate be intercepted! Proving Security Example: Challenge-Response “Real” protocol Challenge-response protocol → • Process-calculus specification of the actual protocol A B{i}k → “Ideal” protocol B A{i+1}k • Achieves the same goal as the real protocol, but is secure by design This protocol is secure if it is indistinguishable • Uses unrealistic mechanisms, e.g., private channels from this “ideal” protocol • Represents the desired behavior of real protocol → A B{random1}k To prove the real protocol secure, show that no → B A{random2}k attacker can tell the difference between the real protocol and the ideal protocol • Proof will depend on the model of attacker observations Example: Authentication Security as Observational Equivalence Authentication protocol Need to prove that two processes are → A B{i}k observationally equivalent to the attacker → B A{i+1}k Complexity-theoretic model A → B“Ok” • Prove that two systems cannot be distinguished by any This protocol is secure if it is indistinguishable from probabilistic polynomial-time adversary this “ideal” protocol [Beaver ’91, Goldwasser-Levin ’90, Micali-Rogaway ’91] → Abstract process-calculus model A B{random1}k → • Cryptography is modeled by abstract functions B A{random2}k → • Prove testing equivalence between two processes B Arandom1, random2 on a magic secure channel A → B “Ok” if numbers on real & magic channels match • Proofs are easier, but it is nontrivial to show computational completeness [Abadi-Rogaway ’00] 4 Structural Equivalence Operational Semantics P | nil ≡ P Reduction → is the smallest relation on P | Q ≡ Q | P closed processes that is closed by P | (Q | R) ≡ (P | Q) | R structural equivalence and application of !P ≡ P | !P evaluation contexts such that (νm) (νn)P ≡ (νn) (νm)P ā〈M〉.P | a(x).Q → P | Q[M/x] (νn)nil ≡ nil models P sending M to Q on channel a (νn)(P | Q) ≡ P | (νn)Q if n is not a free name in P if M = M then P else Q → P P[M/x] ≡ P[N/x] if M=N in the equational theory if M = N then P else Q → Q for any ground M, N s.t. M ≠ N in the equational theory Equivalence in Process Calculus Testing Equivalence Standard process-calculus notions of Informally, two processes are equivalent if no equivalence such as bisimulation are not environment can distinguish them adequate for cryptographic protocols A test is a process R and channel name w • Different ciphertexts leak no information to the • Informally, R is the environment and w is the channel attacker who does not know the decryption keys on which the outcome of the test is announced -- (νk)c〈symenc(M,k)〉 and (νk)c〈symenc(N,k)〉 A process P passes a test (R,w) if P | R may send different messages, but they should be produce an output on channel w treated as equivalent when proving security • There is an interleaving of P and R that results in R • In each case, a term is encrypted under a fresh key being able to perform the desired test • No test by the attacker can tell these apart Two processes are equivalent if they pass the same tests Advantages and Disadvantages Bibliography Proving testing equivalence is hard Robin Milner.
Load more

Recommended publications
  • Finding Pi Project
    Name: ________________________ Finding Pi - Activity Objective: You may already know that pi (π) is a number that is approximately equal to 3.14. But do you know where the number comes from? Let's measure some round objects and find out. Materials: • 6 circular objects Some examples include a bicycle wheel, kiddie pool, trash can lid, DVD, steering wheel, or clock face. Be sure each object you choose is shaped like a perfect circle. • metric tape measure Be sure your tape measure has centimeters on it. • calculator It will save you some time because dividing with decimals can be tricky. • “Finding Pi - Table” worksheet It may be attached to this page, or on the back. What to do: Step 1: Choose one of your circular objects. Write the name of the object on the “Finding Pi” table. Step 2: With the centimeter side of your tape measure, accurately measure the distance around the outside of the circle (the circumference). Record your measurement on the table. Step 3: Next, measure the distance across the middle of the object (the diameter). Record your measurement on the table. Step 4: Use your calculator to divide the circumference by the diameter. Write the answer on the table. If you measured carefully, the answer should be about 3.14, or π. Repeat steps 1 through 4 for each object. Super Teacher Worksheets - www.superteacherworksheets.com Name: ________________________ “Finding Pi” Table Measure circular objects and complete the table below. If your measurements are accurate, you should be able to calculate the number pi (3.14). Is your answer name of circumference diameter circumference ÷ approximately circular object measurement (cm) measurement (cm) diameter equal to π? 1.
    [Show full text]
  • Evaluating Fourier Transforms with MATLAB
    ECE 460 – Introduction to Communication Systems MATLAB Tutorial #2 Evaluating Fourier Transforms with MATLAB In class we study the analytic approach for determining the Fourier transform of a continuous time signal. In this tutorial numerical methods are used for finding the Fourier transform of continuous time signals with MATLAB are presented. Using MATLAB to Plot the Fourier Transform of a Time Function The aperiodic pulse shown below: x(t) 1 t -2 2 has a Fourier transform: X ( jf ) = 4sinc(4π f ) This can be found using the Table of Fourier Transforms. We can use MATLAB to plot this transform. MATLAB has a built-in sinc function. However, the definition of the MATLAB sinc function is slightly different than the one used in class and on the Fourier transform table. In MATLAB: sin(π x) sinc(x) = π x Thus, in MATLAB we write the transform, X, using sinc(4f), since the π factor is built in to the function. The following MATLAB commands will plot this Fourier Transform: >> f=-5:.01:5; >> X=4*sinc(4*f); >> plot(f,X) In this case, the Fourier transform is a purely real function. Thus, we can plot it as shown above. In general, Fourier transforms are complex functions and we need to plot the amplitude and phase spectrum separately. This can be done using the following commands: >> plot(f,abs(X)) >> plot(f,angle(X)) Note that the angle is either zero or π. This reflects the positive and negative values of the transform function. Performing the Fourier Integral Numerically For the pulse presented above, the Fourier transform can be found easily using the table.
    [Show full text]
  • MATLAB Examples Mathematics
    MATLAB Examples Mathematics Hans-Petter Halvorsen, M.Sc. Mathematics with MATLAB • MATLAB is a powerful tool for mathematical calculations. • Type “help elfun” (elementary math functions) in the Command window for more information about basic mathematical functions. Mathematics Topics • Basic Math Functions and Expressions � = 3�% + ) �% + �% + �+,(.) • Statistics – mean, median, standard deviation, minimum, maximum and variance • Trigonometric Functions sin() , cos() , tan() • Complex Numbers � = � + �� • Polynomials = =>< � � = �<� + �%� + ⋯ + �=� + �=@< Basic Math Functions Create a function that calculates the following mathematical expression: � = 3�% + ) �% + �% + �+,(.) We will test with different values for � and � We create the function: function z=calcexpression(x,y) z=3*x^2 + sqrt(x^2+y^2)+exp(log(x)); Testing the function gives: >> x=2; >> y=2; >> calcexpression(x,y) ans = 16.8284 Statistics Functions • MATLAB has lots of built-in functions for Statistics • Create a vector with random numbers between 0 and 100. Find the following statistics: mean, median, standard deviation, minimum, maximum and the variance. >> x=rand(100,1)*100; >> mean(x) >> median(x) >> std(x) >> mean(x) >> min(x) >> max(x) >> var(x) Trigonometric functions sin(�) cos(�) tan(�) Trigonometric functions It is quite easy to convert from radians to degrees or from degrees to radians. We have that: 2� ������� = 360 ������� This gives: 180 � ������� = �[�������] M � � �[�������] = �[�������] M 180 → Create two functions that convert from radians to degrees (r2d(x)) and from degrees to radians (d2r(x)) respectively. Test the functions to make sure that they work as expected. The functions are as follows: function d = r2d(r) d=r*180/pi; function r = d2r(d) r=d*pi/180; Testing the functions: >> r2d(2*pi) ans = 360 >> d2r(180) ans = 3.1416 Trigonometric functions Given right triangle: • Create a function that finds the angle A (in degrees) based on input arguments (a,c), (b,c) and (a,b) respectively.
    [Show full text]
  • 36 Surprising Facts About Pi
    36 Surprising Facts About Pi piday.org/pi-facts Pi is the most studied number in mathematics. And that is for a good reason. The number pi is an integral part of many incredible creations including the Pyramids of Giza. Yes, that’s right. Here are 36 facts you will love about pi. 1. The symbol for Pi has been in use for over 250 years. The symbol was introduced by William Jones, an Anglo-Welsh philologist in 1706 and made popular by the mathematician Leonhard Euler. 2. Since the exact value of pi can never be calculated, we can never find the accurate area or circumference of a circle. 3. March 14 or 3/14 is celebrated as pi day because of the first 3.14 are the first digits of pi. Many math nerds around the world love celebrating this infinitely long, never-ending number. 1/8 4. The record for reciting the most number of decimal places of Pi was achieved by Rajveer Meena at VIT University, Vellore, India on 21 March 2015. He was able to recite 70,000 decimal places. To maintain the sanctity of the record, Rajveer wore a blindfold throughout the duration of his recall, which took an astonishing 10 hours! Can’t believe it? Well, here is the evidence: https://twitter.com/GWR/status/973859428880535552 5. If you aren’t a math geek, you would be surprised to know that we can’t find the true value of pi. This is because it is an irrational number. But this makes it an interesting number as mathematicians can express π as sequences and algorithms.
    [Show full text]
  • Double Factorial Binomial Coefficients Mitsuki Hanada Submitted in Partial Fulfillment of the Prerequisite for Honors in The
    Double Factorial Binomial Coefficients Mitsuki Hanada Submitted in Partial Fulfillment of the Prerequisite for Honors in the Wellesley College Department of Mathematics under the advisement of Alexander Diesl May 2021 c 2021 Mitsuki Hanada ii Double Factorial Binomial Coefficients Abstract Binomial coefficients are a concept familiar to most mathematics students. In particular, n the binomial coefficient k is most often used when counting the number of ways of choosing k out of n distinct objects. These binomial coefficients are well studied in mathematics due to the many interesting properties they have. For example, they make up the entries of Pascal's Triangle, which has many recursive and combinatorial properties regarding different columns of the triangle. Binomial coefficients are defined using factorials, where n! for n 2 Z>0 is defined to be the product of all the positive integers up to n. One interesting variation of the factorial is the double factorial (n!!), which is defined to be the product of every other positive integer up to n. We can use double factorials in the place of factorials to define double factorial binomial coefficients (DFBCs). Though factorials and double factorials look very similar, when we use double factorials to define binomial coefficients, we lose many important properties that traditional binomial coefficients have. For example, though binomial coefficients are always defined to be integers, we can easily determine that this is not the case for DFBCs. In this thesis, we will discuss the different forms that these coefficients can take. We will also focus on different properties that binomial coefficients have, such as the Chu-Vandermonde Identity and the recursive relation illustrated by Pascal's Triangle, and determine whether there exists analogous results for DFBCs.
    [Show full text]
  • Numerous Proofs of Ζ(2) = 6
    π2 Numerous Proofs of ζ(2) = 6 Brendan W. Sullivan April 15, 2013 Abstract In this talk, we will investigate how the late, great Leonhard Euler P1 2 2 originally proved the identity ζ(2) = n=1 1=n = π =6 way back in 1735. This will briefly lead us astray into the bewildering forest of com- plex analysis where we will point to some important theorems and lemmas whose proofs are, alas, too far off the beaten path. On our journey out of said forest, we will visit the temple of the Riemann zeta function and marvel at its significance in number theory and its relation to the prob- lem at hand, and we will bow to the uber-famously-unsolved Riemann hypothesis. From there, we will travel far and wide through the kingdom of analysis, whizzing through a number N of proofs of the same original fact in this talk's title, where N is not to exceed 5 but is no less than 3. Nothing beyond a familiarity with standard calculus and the notion of imaginary numbers will be presumed. Note: These were notes I typed up for myself to give this seminar talk. I only got through a portion of the material written down here in the actual presentation, so I figured I'd just share my notes and let you read through them. Many of these proofs were discovered in a survey article by Robin Chapman (linked below). I chose particular ones to work through based on the intended audience; I also added a section about justifying the sin(x) \factoring" as an infinite product (a fact upon which two of Euler's proofs depend) and one about the Riemann Zeta function and its use in number theory.
    [Show full text]
  • Pi, Fourier Transform and Ludolph Van Ceulen
    3rd TEMPUS-INTCOM Symposium, September 9-14, 2000, Veszprém, Hungary. 1 PI, FOURIER TRANSFORM AND LUDOLPH VAN CEULEN M.Vajta Department of Mathematical Sciences University of Twente P.O.Box 217, 7500 AE Enschede The Netherlands e-mail: [email protected] ABSTRACT The paper describes an interesting (and unexpected) application of the Fast Fourier transform in number theory. Calculating more and more decimals of p (first by hand and then from the mid-20th century, by digital computers) not only fascinated mathematicians from ancient times but kept them busy as well. They invented and applied hundreds of methods in the process but the known number of decimals remained only a couple of hundred as of the late 19th century. All that changed with the advent of the digital computers. And although digital computers made possible to calculate thousands of decimals, the underlying methods hardly changed and their convergence remained slow (linear). Until the 1970's. Then, in 1976, an innovative quadratic convergent formula (based on the method of algebraic-geometric mean) for the calculation of p was published independently by Brent [10] and Salamin [14]. After their breakthrough, the Borwein brothers soon developed cubically and quartically convergent algorithms [8,9]. In spite of the incredible fast convergence of these algorithms, it was the application of the Fast Fourier transform (for multiplication) which enhanced their efficiency and reduced computer time [2,12,15]. The author would like to dedicate this paper to the memory of Ludolph van Ceulen (1540-1610), who spent almost his whole life to calculate the first 35 decimals of p.
    [Show full text]
  • Proportional Integral (PI) Control the PI Controller “Ideal” Form of the PI Controller Kc CO=CO + Kc E(T) + E(T)Dt Bias  I  Where: CO = Controller Output Signal
    Proportional Integral (PI) Control The PI Controller “Ideal” form of the PI Controller Kc CO=CO + Kc e(t) + e(t)dt bias I where: CO = controller output signal CObias = controller bias or null value PV = measured process variable SP = set point e(t) = controller error = SP – PV Kc = controller gain (a tuning parameter) = controller reset time (a tuning parameter) • is in denominator so smaller values provide a larger weighting to the integral term • has units of time, and therefore is always positive Function of the Proportional Term Proportional term acts on e(t) = SP – PV e(25) = 4 e(40) = – 2 PV SP Copyright © 2007 by Control Station, Inc. All Rights Reserved 25 40 Time (minutes) • The proportional term, Kce(t), immediately impacts CO based on the size of e(t) at a particular time t • The past history and current trajectory of the controller error have no influence on the proportional term computation Class Exercise – Calculate Error and Integral Control Calculation is Based on Error, e(t) Proportional term acts on Same data plotted as e(t) = SP – PV e(t) controller error, e(t) e(25) = 4 e(40) = –2 PV SP e(40) = –2 0 e(25) = 4 Copyright © 2007 by Control Station, Inc. All Rights Reserved Copyright © 2007 by Control Station, Inc. All Rights Reserved 25 40 25 40 Time (minutes) Time (minutes) • Here is identical data plotted two ways • To the right is a plot of error, where: e(t) = SP – PV • Error e(t) continually changes size and sign with time Function of the Integral Term • The integral term continually sums up error, e(t) • Through constant summing, integral action accumulates influence based on how long and how far the measured PV has been from SP over time.
    [Show full text]
  • A Brief Survey of the Theory of the Pi-Calculus. Daniel Hirschkoff
    A brief survey of the theory of the Pi-calculus. Daniel Hirschkoff To cite this version: Daniel Hirschkoff. A brief survey of the theory of the Pi-calculus.. [Research Report] LIP RR-2003-13, Laboratoire de l’informatique du parallélisme. 2003, 2+15p. hal-02101985 HAL Id: hal-02101985 https://hal-lara.archives-ouvertes.fr/hal-02101985 Submitted on 17 Apr 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Laboratoire de l’Informatique du Parallelisme´ Ecole´ Normale Sup´erieure de Lyon Unit´e Mixte de Recherche CNRS-INRIA-ENS LYON no 5668 A brief survey of the theory of the π-calculus Daniel Hirschkoff February 2003 Research Report No 2003-13 Ecole´ Normale Superieure´ de Lyon 46 All´ee d’Italie, 69364 Lyon Cedex 07, France T´el´ephone : +33(0)4.72.72.80.37 T´el´ecopieur : +33(0)4.72.72.80.80 Adresseelectronique ´ : [email protected] A brief survey of the theory of the π-calculus Daniel Hirschkoff February 2003 Abstract This document collects some important results about the theory of Milner’s π-calculus and related formalisms. We present the syntax and semantics of a monadic calculus, and discuss type systems and the most commonly used notions of behavioural equivalences.
    [Show full text]
  • Appendix I: on the Early History of Pi
    Appendix I: On the Early History of Pi Our earliest source on 7r is a problem from the Rhind mathematical papyrus, one of the few major sources we have for the mathematics of ancient Egypt. Although the material on the papyrus in its present form comes from about 1550 B.C. during the Middle Kingdom, scholars believe that the mathematics of the document originated in the Old Kingdom, which would date it perhaps to 1900 B.C. The Egyptian source does not state an explicit value for 7r, but tells, instead, how to compute the area of a circle as the square of eight-ninths of the diameter. (One is reminded of the 'classical' problem of squaring the circle.) Quite different is the passage in I Kings 7, 23 (repeated in II Chronicles 4, 21), which clearly implies that one should multiply the diameter of a circle by 3 to find its circumference. It is worth noting, however, that the Egyptian and the Biblical texts talk about what are, a priori, different concepts: the diameter being regarded as known in both cases, the first text gives a factor used to produce the area of the circle and the other gives (by implication) a factor used to produce the circumference.1 Also from the early second millenium are Babylonian texts from Susa. In the mathematical cuneiform texts the standard factor for multiplying the diameter to produce the circumference is 3, but, according to some interpre­ tations, the Susa texts give a value of 31.2 Another source of ancient values of 7r is the class of Indian works known as the Sulba Sfitras, of which the four most important, and oldest are Baudhayana, .Apastamba, Katyayana and Manava (resp.
    [Show full text]
  • Applied Pi Calculus∗
    Applied pi calculus∗ Mark D. Ryan and Ben Smyth School of Computer Science, University of Birmingham, United Kingdom July 2010 Revised: November 2010, March 2011 Abstract The applied pi calculus is a language for modelling security protocols. It is an extension of the pi calculus, a language for studying concurrency and process interaction. This chapter presents the applied pi calculus in a tutorial style. It describes reachability, correspondence, and observational equivalence properties, with examples showing how to model secrecy, au- thentication, and privacy aspects of protocols. Keywords: Cryptographic protocols, protocol verification, formal methods, reachability, cor- respondence properties, observational equivalence, tutorial. 1 Introduction The applied pi calculus [AF01] is a language for describing and analysing security protocols. It provides an intuitive process syntax for detailing the actions of the participants in a protocol, em- phasising their communication. The syntax is coupled with a formal semantics to allow reasoning about protocols. The language is based on the pi calculus with the addition of a rich term algebra to enable modelling of the cryptographic operations used by security protocols. A wide variety of cryptographic primitives can be abstractly modelled by means of an equational theory. The calculus allows one to express several types of security goal, and to analyse whether the protocol meets its goal or not. This analysis can sometimes be performed automatically, using the ProVerif software tool [BAF08,
    [Show full text]
  • 1 the Fourier Transform 1
    1 THE FOURIER TRANSFORM 1 1 The Fourier transform 1.1 Definition of the Fourier transform The Fourier transform is defined in different ways in various fields of its application. Consequently, the formulae expressing important theorems (e.g. the convolution theorem, the Rayleigh–Parseval theorem) differ by constants. Neverthleless, the chosen definitions are used more or less consistently in frames of particular disciplines. To get an interdisciplinary overview we involve three constants A, B and k in the definition of the Fourier transform and a special choice of them provides the definitions used in particular disciplines. Hence, we define the Fourier transform FT{f(~x)} of the function f(~x) and the inverse Fourier transform FT−1{F (X~ )} of the function F (X~ ) by integrals ∞ Z Z FT{f(~x)} = AN ··· f(~x) exp(−ikX~ · ~x) dN ~x, (1) −∞ ∞ Z Z FT−1{F (X~ )} = BN ··· F (X~ ) exp(ikX~ · ~x) dN X.~ (2) −∞ Here, it is supposed that f(~x) and F (X~ ) are absolutely integrable piecewise smooth complex functions of real variables ~x, X~ ∈ EN . The constants A and B may be complex, but k must be real. Nevertheless, it would be only formal and useless to take A and B complex because it would just complicate formulations and proofs of some theorems. Without any lost of generality we may consider the constants A and B to be real and positive. The choice of constants A, B and k is, however, bound by the condition |k| AB = , (3) 2π which follows from the fundamental theorem (cf. section 1.2).
    [Show full text]