(herald "Station-to-station protocol" (algebra diffie-hellman)) (comment "CPSA 3.6.0") (comment "All input read from station.scm") (defprotocol station-to-station diffie-hellman (defrole init (vars (x rndx) (y expt) (a b name)) (trace (send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) (uniq-gen x)) (defrole resp (vars (y rndx) (x expt) (a b name)) (trace (recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) (uniq-gen y) (absent (y (exp (gen) x))))) (defskeleton station-to-station (vars (a b name) (x rndx) (y expt)) (defstrand init 3 (a a) (b b) (x x) (y y)) (non-orig (privk a) (privk b)) (uniq-gen x) (traces ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y)))))) (label 0) (unrealized (0 1)) (origs) (comment "2 in cohort - 2 not yet seen")) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 rndx)) (defstrand init 3 (a a) (b b) (x x-0) (y x)) (defstrand init 3 (a b) (b b-0) (x x) (y x-0)) (precedes ((0 0) (1 1)) ((1 2) (0 1))) (non-orig (privk a) (privk b)) (uniq-gen x x-0) (operation encryption-test (added-strand init 3) (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (0 1)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0)))))) (label 1) (parent 0) (unrealized (1 1)) (comment "1 in cohort - 1 not yet seen")) (defskeleton station-to-station (vars (a b name) (y x rndx)) (defstrand init 3 (a a) (b b) (x x) (y y)) (defstrand resp 2 (b b) (y y) (x x)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen y x) (operation encryption-test (added-strand resp 2) (enc (exp (gen) y) (exp (gen) x) (privk b)) (0 1)) (traces ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))))) (label 2) (parent 0) (unrealized) (shape) (maps ((0) ((a a) (b b) (x x) (y y)))) (origs)) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 rndx)) (defstrand init 3 (a a) (b b) (x x-0) (y x)) (defstrand init 3 (a b) (b b-0) (x x) (y x-0)) (deflistener (exp (gen) (mul x x-0))) (precedes ((0 0) (2 0)) ((1 0) (2 0)) ((1 2) (0 1)) ((2 1) (1 1))) (non-orig (privk a) (privk b)) (uniq-gen x x-0) (operation encryption-test (added-listener (exp (gen) (mul x x-0))) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))) (1 1)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) ((recv (exp (gen) (mul x x-0))) (send (exp (gen) (mul x x-0))))) (label 3) (parent 1) (unrealized (2 0)) (comment "1 in cohort - 1 not yet seen")) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 rndx) (w expt)) (defstrand init 3 (a a) (b b) (x x-0) (y x)) (defstrand init 3 (a b) (b b-0) (x x) (y x-0)) (deflistener (exp (gen) (mul x x-0))) (deflistener (cat (exp (gen) (mul x x-0 (rec w))) w)) (precedes ((0 0) (3 0)) ((1 0) (3 0)) ((1 2) (0 1)) ((2 1) (1 1)) ((3 1) (2 0))) (non-orig (privk a) (privk b)) (uniq-gen x x-0) (precur (3 0)) (operation nonce-test (added-listener (cat (exp (gen) (mul x x-0 (rec w))) w)) (exp (gen) (mul x x-0)) (2 0)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) ((recv (exp (gen) (mul x x-0))) (send (exp (gen) (mul x x-0)))) ((recv (cat (exp (gen) (mul x x-0 (rec w))) w)) (send (cat (exp (gen) (mul x x-0 (rec w))) w)))) (label 4) (parent 3) (unrealized (3 0)) (comment "5 in cohort - 5 not yet seen")) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 rndx)) (defstrand init 3 (a a) (b b) (x x-0) (y x)) (defstrand init 3 (a b) (b b-0) (x x) (y x-0)) (deflistener (exp (gen) (mul x x-0))) (deflistener (cat (gen) (mul x x-0))) (precedes ((0 0) (3 0)) ((1 0) (3 0)) ((1 2) (0 1)) ((2 1) (1 1)) ((3 1) (2 0))) (non-orig (privk a) (privk b)) (uniq-gen x x-0) (precur (3 0)) (operation nonce-test (contracted (x-1 x) (x-2 x-0) (w (mul x x-0))) (gen) (3 0)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) ((recv (exp (gen) (mul x x-0))) (send (exp (gen) (mul x x-0)))) ((recv (cat (gen) (mul x x-0))) (send (cat (gen) (mul x x-0))))) (label 5) (parent 4) (unrealized (2 0) (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 rndx)) (defstrand init 3 (a a) (b b) (x x-0) (y x)) (defstrand init 3 (a b) (b b-0) (x x) (y x-0)) (deflistener (exp (gen) (mul x x-0))) (deflistener (cat (exp (gen) x-0) x)) (precedes ((0 0) (3 0)) ((1 0) (3 0)) ((1 2) (0 1)) ((2 1) (1 1)) ((3 1) (2 0))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x x-0) (operation nonce-test (displaced 4 0 init 1) (exp (gen) x-1) (3 0)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) ((recv (exp (gen) (mul x x-0))) (send (exp (gen) (mul x x-0)))) ((recv (cat (exp (gen) x-0) x)) (send (cat (exp (gen) x-0) x)))) (label 6) (parent 4) (unrealized (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 rndx)) (defstrand init 3 (a a) (b b) (x x) (y x-0)) (defstrand init 3 (a b) (b b-0) (x x-0) (y x)) (deflistener (exp (gen) (mul x x-0))) (deflistener (cat (exp (gen) x-0) x)) (precedes ((0 0) (3 0)) ((1 0) (3 0)) ((1 2) (0 1)) ((2 1) (1 1)) ((3 1) (2 0))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x x-0) (operation nonce-test (displaced 4 1 init 1) (exp (gen) x-1) (3 0)) (traces ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b)) (exp (gen) (mul x x-0))))) ((recv (exp (gen) (mul x x-0))) (send (exp (gen) (mul x x-0)))) ((recv (cat (exp (gen) x-0) x)) (send (cat (exp (gen) x-0) x)))) (label 7) (parent 4) (unrealized (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 name) (x x-0 x-1 rndx)) (defstrand init 3 (a a) (b b) (x x-0) (y x)) (defstrand init 3 (a b) (b b-0) (x x) (y x-0)) (deflistener (exp (gen) (mul x x-0))) (deflistener (cat (exp (gen) x-1) (mul x x-0 (rec x-1)))) (defstrand init 1 (x x-1)) (precedes ((0 0) (3 0)) ((1 0) (3 0)) ((1 2) (0 1)) ((2 1) (1 1)) ((3 1) (2 0)) ((4 0) (3 0))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x x-0 x-1) (operation nonce-test (added-strand init 1) (exp (gen) x-1) (3 0)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) ((recv (exp (gen) (mul x x-0))) (send (exp (gen) (mul x x-0)))) ((recv (cat (exp (gen) x-1) (mul x x-0 (rec x-1)))) (send (cat (exp (gen) x-1) (mul x x-0 (rec x-1))))) ((send (exp (gen) x-1)))) (label 8) (parent 4) (unrealized (2 0) (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 b-1 name) (x expt) (x-0 x-1 y rndx)) (defstrand init 3 (a a) (b b) (x x-1) (y x-0)) (defstrand init 3 (a b) (b b-0) (x x-0) (y x-1)) (deflistener (exp (gen) (mul x-0 x-1))) (deflistener (cat (exp (gen) y) (mul x-0 x-1 (rec y)))) (defstrand resp 2 (b b-1) (y y) (x x)) (precedes ((0 0) (3 0)) ((1 0) (3 0)) ((1 2) (0 1)) ((2 1) (1 1)) ((3 1) (2 0)) ((4 1) (3 0))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x-0 x-1 y) (operation nonce-test (added-strand resp 2) (exp (gen) y) (3 0)) (traces ((send (exp (gen) x-1)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x-1) (privk b)) (exp (gen) (mul x-0 x-1))))) (send (enc (enc (exp (gen) x-1) (exp (gen) x-0) (privk a)) (exp (gen) (mul x-0 x-1))))) ((send (exp (gen) x-0)) (recv (cat (exp (gen) x-1) (enc (enc (exp (gen) x-1) (exp (gen) x-0) (privk b-0)) (exp (gen) (mul x-0 x-1))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x-1) (privk b)) (exp (gen) (mul x-0 x-1))))) ((recv (exp (gen) (mul x-0 x-1))) (send (exp (gen) (mul x-0 x-1)))) ((recv (cat (exp (gen) y) (mul x-0 x-1 (rec y)))) (send (cat (exp (gen) y) (mul x-0 x-1 (rec y))))) ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-1)) (exp (gen) (mul x y))))))) (label 9) (parent 4) (unrealized (2 0) (3 0)) (comment "empty cohort")) (comment "Nothing left to do") (defprotocol station-to-station diffie-hellman (defrole init (vars (x rndx) (y expt) (a b name)) (trace (send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) (uniq-gen x)) (defrole resp (vars (y rndx) (x expt) (a b name)) (trace (recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) (uniq-gen y) (absent (y (exp (gen) x))))) (defskeleton station-to-station (vars (a b name) (y rndx) (x expt)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen y) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x)))))) (label 10) (unrealized (0 2)) (origs) (comment "1 in cohort - 1 not yet seen")) (defskeleton station-to-station (vars (a b b-0 name) (x y rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (precedes ((0 1) (1 1)) ((1 0) (0 0)) ((1 2) (0 2))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen x y) (operation encryption-test (added-strand init 3) (enc (exp (gen) x) (exp (gen) y) (privk a)) (0 2)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y)))))) (label 11) (parent 10) (unrealized (1 1)) (comment "2 in cohort - 2 not yet seen")) (defskeleton station-to-station (vars (a b name) (y x rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b) (x x) (y y)) (precedes ((0 1) (1 1)) ((1 0) (0 0)) ((1 2) (0 2))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen y x) (operation encryption-test (displaced 2 0 resp 2) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul y x))) (1 1)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x)))))) (label 12) (parent 11) (unrealized) (shape) (maps ((0) ((a a) (b b) (y y) (x x)))) (origs)) (defskeleton station-to-station (vars (a b b-0 name) (x y rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (deflistener (exp (gen) (mul x y))) (precedes ((0 1) (2 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen x y) (operation encryption-test (added-listener (exp (gen) (mul x y))) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))) (1 1)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((recv (exp (gen) (mul x y))) (send (exp (gen) (mul x y))))) (label 13) (parent 11) (unrealized (2 0)) (comment "1 in cohort - 1 not yet seen")) (defskeleton station-to-station (vars (a b b-0 name) (x y rndx) (w expt)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (deflistener (exp (gen) (mul x y))) (deflistener (cat (exp (gen) (mul x y (rec w))) w)) (precedes ((0 1) (3 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1)) ((3 1) (2 0))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen x y) (precur (3 0)) (operation nonce-test (added-listener (cat (exp (gen) (mul x y (rec w))) w)) (exp (gen) (mul x y)) (2 0)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((recv (exp (gen) (mul x y))) (send (exp (gen) (mul x y)))) ((recv (cat (exp (gen) (mul x y (rec w))) w)) (send (cat (exp (gen) (mul x y (rec w))) w)))) (label 14) (parent 13) (unrealized (3 0)) (comment "5 in cohort - 5 not yet seen")) (defskeleton station-to-station (vars (a b b-0 name) (x y rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (deflistener (exp (gen) (mul x y))) (deflistener (cat (gen) (mul x y))) (precedes ((0 1) (3 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1)) ((3 1) (2 0))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen x y) (precur (3 0)) (operation nonce-test (contracted (x-0 x) (y-0 y) (w (mul x y))) (gen) (3 0)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((recv (exp (gen) (mul x y))) (send (exp (gen) (mul x y)))) ((recv (cat (gen) (mul x y))) (send (cat (gen) (mul x y))))) (label 15) (parent 14) (unrealized (2 0) (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 name) (y x rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (deflistener (exp (gen) (mul y x))) (deflistener (cat (exp (gen) x) y)) (precedes ((0 1) (3 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1)) ((3 1) (2 0))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen y x) (operation nonce-test (displaced 4 1 init 1) (exp (gen) x-0) (3 0)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul y x))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) ((recv (exp (gen) (mul y x))) (send (exp (gen) (mul y x)))) ((recv (cat (exp (gen) x) y)) (send (cat (exp (gen) x) y)))) (label 16) (parent 14) (unrealized (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 name) (x y x-0 rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (deflistener (exp (gen) (mul x y))) (deflistener (cat (exp (gen) x-0) (mul x y (rec x-0)))) (defstrand init 1 (x x-0)) (precedes ((0 1) (3 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1)) ((3 1) (2 0)) ((4 0) (3 0))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x y x-0) (operation nonce-test (added-strand init 1) (exp (gen) x-0) (3 0)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((recv (exp (gen) (mul x y))) (send (exp (gen) (mul x y)))) ((recv (cat (exp (gen) x-0) (mul x y (rec x-0)))) (send (cat (exp (gen) x-0) (mul x y (rec x-0))))) ((send (exp (gen) x-0)))) (label 17) (parent 14) (unrealized (2 0) (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 name) (x y rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x)) (defstrand init 3 (a a) (b b-0) (x x) (y y)) (deflistener (exp (gen) (mul x y))) (deflistener (cat (exp (gen) y) x)) (precedes ((0 1) (3 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1)) ((3 1) (2 0))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x y) (operation nonce-test (displaced 4 0 resp 2) (exp (gen) y-0) (3 0)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((recv (exp (gen) (mul x y))) (send (exp (gen) (mul x y)))) ((recv (cat (exp (gen) y) x)) (send (cat (exp (gen) y) x)))) (label 18) (parent 14) (unrealized (3 0)) (comment "empty cohort")) (defskeleton station-to-station (vars (a b b-0 b-1 name) (x expt) (x-0 y y-0 rndx)) (defstrand resp 3 (a a) (b b) (y y) (x x-0)) (defstrand init 3 (a a) (b b-0) (x x-0) (y y)) (deflistener (exp (gen) (mul x-0 y))) (deflistener (cat (exp (gen) y-0) (mul x-0 y (rec y-0)))) (defstrand resp 2 (b b-1) (y y-0) (x x)) (precedes ((0 1) (3 0)) ((1 0) (0 0)) ((1 2) (0 2)) ((2 1) (1 1)) ((3 1) (2 0)) ((4 1) (3 0))) (absent (y-0 (exp (gen) x)) (y (exp (gen) x-0))) (non-orig (privk a) (privk b)) (precur (3 0)) (uniq-gen x-0 y y-0) (operation nonce-test (added-strand resp 2) (exp (gen) y-0) (3 0)) (traces ((recv (exp (gen) x-0)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x-0) (privk b)) (exp (gen) (mul x-0 y))))) (recv (enc (enc (exp (gen) x-0) (exp (gen) y) (privk a)) (exp (gen) (mul x-0 y))))) ((send (exp (gen) x-0)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x-0) (privk b-0)) (exp (gen) (mul x-0 y))))) (send (enc (enc (exp (gen) x-0) (exp (gen) y) (privk a)) (exp (gen) (mul x-0 y))))) ((recv (exp (gen) (mul x-0 y))) (send (exp (gen) (mul x-0 y)))) ((recv (cat (exp (gen) y-0) (mul x-0 y (rec y-0)))) (send (cat (exp (gen) y-0) (mul x-0 y (rec y-0))))) ((recv (exp (gen) x)) (send (cat (exp (gen) y-0) (enc (enc (exp (gen) y-0) (exp (gen) x) (privk b-1)) (exp (gen) (mul x y-0))))))) (label 19) (parent 14) (unrealized (2 0) (3 0)) (comment "empty cohort")) (comment "Nothing left to do") (defprotocol station-weak diffie-hellman (defrole weak-init (vars (x rndx) (y expt) (a b name)) (trace (send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y)))))) (defrole weak-resp (vars (y rndx) (x expt) (a b name)) (trace (recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) (absent (y (exp (gen) x))))) (defskeleton station-weak (vars (a b name) (x rndx) (y expt)) (defstrand weak-init 3 (a a) (b b) (x x) (y y)) (non-orig (privk a) (privk b)) (uniq-gen x) (traces ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y)))))) (label 20) (unrealized (0 1)) (origs) (comment "2 in cohort - 2 not yet seen")) (defskeleton station-weak (vars (a b b-0 name) (x x-0 rndx)) (defstrand weak-init 3 (a a) (b b) (x x-0) (y x)) (defstrand weak-init 3 (a b) (b b-0) (x x) (y x-0)) (precedes ((0 0) (1 1)) ((1 2) (0 1))) (non-orig (privk a) (privk b)) (uniq-gen x-0) (operation encryption-test (added-strand weak-init 3) (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (0 1)) (traces ((send (exp (gen) x-0)) (recv (cat (exp (gen) x) (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x-0) (exp (gen) x) (privk a)) (exp (gen) (mul x x-0))))) ((send (exp (gen) x)) (recv (cat (exp (gen) x-0) (enc (enc (exp (gen) x-0) (exp (gen) x) (privk b-0)) (exp (gen) (mul x x-0))))) (send (enc (enc (exp (gen) x) (exp (gen) x-0) (privk b)) (exp (gen) (mul x x-0)))))) (label 21) (parent 20) (unrealized) (shape) (maps ((0) ((a a) (b b) (x x-0) (y x)))) (origs)) (defskeleton station-weak (vars (a b name) (y x rndx)) (defstrand weak-init 3 (a a) (b b) (x x) (y y)) (defstrand weak-resp 2 (b b) (y y) (x x)) (precedes ((0 0) (1 0)) ((1 1) (0 1))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen x) (operation encryption-test (added-strand weak-resp 2) (enc (exp (gen) y) (exp (gen) x) (privk b)) (0 1)) (traces ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))))) (label 22) (parent 20) (unrealized) (shape) (maps ((0) ((a a) (b b) (x x) (y y)))) (origs)) (comment "Nothing left to do") (defprotocol station-weak diffie-hellman (defrole weak-init (vars (x rndx) (y expt) (a b name)) (trace (send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y)))))) (defrole weak-resp (vars (y rndx) (x expt) (a b name)) (trace (recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x))))) (absent (y (exp (gen) x))))) (defskeleton station-weak (vars (a b name) (y rndx) (x expt)) (defstrand weak-resp 3 (a a) (b b) (y y) (x x)) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen y) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul y x))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul y x)))))) (label 23) (unrealized (0 2)) (origs) (comment "2 in cohort - 2 not yet seen")) (defskeleton station-weak (vars (a b b-0 name) (x y rndx)) (defstrand weak-resp 3 (a a) (b b) (y y) (x x)) (defstrand weak-init 3 (a a) (b b-0) (x x) (y y)) (precedes ((0 1) (1 1)) ((1 2) (0 2))) (absent (y (exp (gen) x))) (non-orig (privk a) (privk b)) (uniq-gen y) (operation encryption-test (added-strand weak-init 3) (enc (exp (gen) x) (exp (gen) y) (privk a)) (0 2)) (traces ((recv (exp (gen) x)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b)) (exp (gen) (mul x y))))) (recv (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y))))) ((send (exp (gen) x)) (recv (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) x) (privk b-0)) (exp (gen) (mul x y))))) (send (enc (enc (exp (gen) x) (exp (gen) y) (privk a)) (exp (gen) (mul x y)))))) (label 24) (parent 23) (unrealized) (shape) (maps ((0) ((a a) (b b) (y y) (x x)))) (origs)) (defskeleton station-weak (vars (a b name) (y y-0 rndx)) (defstrand weak-resp 3 (a a) (b b) (y y-0) (x y)) (defstrand weak-resp 2 (b a) (y y) (x y-0)) (precedes ((0 1) (1 0)) ((1 1) (0 2))) (absent (y (exp (gen) y-0)) (y-0 (exp (gen) y))) (non-orig (privk a) (privk b)) (uniq-gen y-0) (operation encryption-test (added-strand weak-resp 2) (enc (exp (gen) y) (exp (gen) y-0) (privk a)) (0 2)) (traces ((recv (exp (gen) y)) (send (cat (exp (gen) y-0) (enc (enc (exp (gen) y-0) (exp (gen) y) (privk b)) (exp (gen) (mul y y-0))))) (recv (enc (enc (exp (gen) y) (exp (gen) y-0) (privk a)) (exp (gen) (mul y y-0))))) ((recv (exp (gen) y-0)) (send (cat (exp (gen) y) (enc (enc (exp (gen) y) (exp (gen) y-0) (privk a)) (exp (gen) (mul y y-0))))))) (label 25) (parent 23) (unrealized) (shape) (maps ((0) ((a a) (b b) (y y-0) (x y)))) (origs)) (comment "Nothing left to do")