Affiliations: [a] Department of Computer Science, Graduate School of Information Science and Technology, University of Tokyo, Rigaku-bu 7-gokan, 7-3-1 Hongo, Bunkyo-ku, Tokyo 113-0033, Japan. E-mail: sumii@yl.is.s.u-tokyo.ac.jp | [b] Department of Computer and Information Science, School of Engineering and Applied Science, University of Pennsylvania, Philadelphia, PA 19104, USA. E-mail: bcpierce@cis.upenn.edu
Correspondence:
[*]
Corresponding author. This work was carried out while this author was visiting the University of Pennsylvania.
Note: [1] An extended abstract appeared in Proceedings of the 14th IEEE Computer Security Foundations Workshop, Keltic Lodge, Cape Breton, Nova Scotia, Canada, 11–13 June, 2001.
Abstract: The theory of relational parametricity and its logical relations proof technique are powerful tools for reasoning about information hiding in the polymorphic λ-calculus. We investigate the application of these tools in the security domain by defining a cryptographic λ-calculus – an extension of the standard simply typed λ-calculus with primitives for encryption, decryption, and key generation – and introducing syntactic logical relations (in the style of Pitts and Birkedal-Harper) for this calculus that can be used to prove behavioral equivalences between programs that use encryption. We illustrate the framework by encoding some simple security protocols, including the Needham–Schroeder public-key protocol. We give a natural account of the well-known attack on the original protocol and a straightforward proof that the improved variant of the protocol is secure.
