Dynamic tags for security protocol

Myrto Arapinis, Stéphanie Delaune, Steve Kremer

Research output: Contribution to journalArticlepeer-review


The design and verification of cryptographic protocols is a notoriously difficult task, even in symbolic models which take an abstract view of cryptography. This is mainly due to the fact that protocols may interact with an arbitrary attacker which yields a verification problem that has several sources of unboundedness (size of messages, number of sessions, etc.).

In this paper, we characterize a class of protocols for which deciding security for an unbounded number of sessions is decidable. More precisely, we present a simple transformation which maps a protocol that is secure for a bounded number of protocol sessions (a decidable problem) to a protocol that is secure for an unbounded number of sessions. The precise number of sessions that need to be considered is a function of the security property and we show that for several classical security properties a single session is sufficient. Therefore, in many cases our results yields a design strategy for security protocols: (i) design a protocol intended to be secure for a single session; and (ii) apply our transformation to obtain a protocol which is secure for an unbounded number of sessions.
Original languageEnglish
Pages (from-to)1-50
Number of pages50
JournalLogical Methods in Computer Science
Issue number2:11
Publication statusPublished - Jun 2014


  • formal methods
  • security protocols
  • verification

Fingerprint Dive into the research topics of 'Dynamic tags for security protocol'. Together they form a unique fingerprint.

Cite this