Abstract

We describe properties of a process calculus that has been developed for the purpose of analyzing security protocols. The process calculus is a restricted form of π-calculus, with bounded replication and probabilistic polynomial-time expressions allowed in messages and boolean tests. In order to avoid problems expressing security in the presence of nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation may be completed in probabilistic polynomial time and develop properties of a form of asymptotic protocol equivalence that allows security to be specified using observational equivalence, a standard relation from programming language theory that involves quantifying over possible environments that might interact with the protocol. We also relate process equivalence to cryptographic concepts such as pseudo-random number generators and polynomial-time statistical tests.