Check-in [75f2f5649b]
Not logged in
Overview
Comment:CryptoVerif MRnet PAGAI_static_analyser SIONlib
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 75f2f5649b498d8119f7dffd2cc3cf70b71a45e3
User & Date: vhost7825ssh on 2018-06-06 20:47:18
Other Links: manifest | tags
Context
2018-06-06 23:35
ExaHyPE check-in: 076420858a user: vhost7825ssh tags: trunk
2018-06-06 20:47
CryptoVerif MRnet PAGAI_static_analyser SIONlib check-in: 75f2f5649b user: vhost7825ssh tags: trunk
2017-05-28 05:30
wiki reference update check-in: 84fb49b807 user: vhost7825ssh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Added wiki_references/2017/software/CryptoVerif/COMMENTS.txt version [fff2e2fbf9].













>
>
>
>
>
>
1
2
3
4
5
6

Home page: 

    http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/


Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/api.archives-ouvertes.fr/robots.txt version [c393d74693].













>
>
>
>
>
>
1
2
3
4
5
6
User-agent: *
Disallow: /ref/
Disallow: /search/
Disallow: /oai/
Disallow: /sword/
Disallow: /ws/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/arstechnica.com/robots.txt version [add35e023f].















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
Sitemap: http://arstechnica.com/sitemap.xml

# Google Image
User-agent: Googlebot-Image
Disallow:
Allow: /*

# Google AdSense
User-agent: Mediapartners-Google*
Disallow:

# Global
User-agent: *
Disallow: /cgi-bin/
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: /trackback/
Disallow: /comments/
Disallow: /category/*/*
Disallow: */trackback/
Disallow: */comments/
Allow: /wp-content/uploads/

# phpBB
Disallow: /civis/adm/
Disallow: /civis/mcp.php
Disallow: /civis/mcp.php*
Disallow: /civis/ucp.php
Disallow: /civis/ucp.php*
Disallow: /civis/download.php
Disallow: /civis/file.php
Disallow: /civis/images/
Disallow: /civis/includes/
Disallow: /civis/language/
Disallow: /civis/memberlist.php
Disallow: /civis/posting.php
Disallow: /civis/search.php
Disallow: /civis/styles/
Disallow: /civis/viewonline.php
Disallow: /civis/faq.php
Disallow: /civis/style.php
Disallow: /civis/style.php*
Disallow: /civis/memberlist.php*
Disallow: /civis/search.php*
Disallow: /civis/posting.php*
Disallow: /civis/report.php*
Disallow: /civis/download.php*
Disallow: /civis/file.php*
Disallow: /civis/*?sid=*

Disallow: /sponsored/
Disallow: /sponsors/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/arxiv.org/robots.txt version [1d64fdf6b8].











































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
# robots.txt for http://arxiv.org/ and mirror sites http://*.arxiv.org/
# Indiscriminate automated downloads from this site are not permitted
# See also: http://arxiv.org/help/robots

User-agent: *
Crawl-delay: 15
Allow: /archive
Allow: /year
Allow: /list
Allow: /abs
Allow: /pdf
Allow: /html
Allow: /catchup
Disallow: /user
Disallow: /e-print
Disallow: /src
Disallow: /ps
Disallow: /dvi
Disallow: /cookies
Disallow: /form
Disallow: /find
Disallow: /view
Disallow: /ftp
Disallow: /refs
Disallow: /cits
Disallow: /format
Disallow: /PS_cache
Disallow: /Stats
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

User-agent: Googlebot
Allow: /archive
Allow: /year
Allow: /list
Allow: /abs
Allow: /pdf
Allow: /html
Allow: /catchup
Disallow: /user
Disallow: /e-print
Disallow: /src
Disallow: /ps
Disallow: /dvi
Disallow: /cookies
Disallow: /form
Disallow: /find
Disallow: /view
Disallow: /ftp
Disallow: /refs
Disallow: /cits
Disallow: /format
Disallow: /PS_cache
Disallow: /Stats
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

User-agent: Yahoo! Slurp
Crawl-delay: 1
Allow: /archive
Allow: /year
Allow: /list
Allow: /abs
Allow: /pdf
Allow: /html
Allow: /catchup
Disallow: /user
Disallow: /e-print
Disallow: /src
Disallow: /ps
Disallow: /dvi
Disallow: /cookies
Disallow: /form
Disallow: /find
Disallow: /view
Disallow: /ftp
Disallow: /refs
Disallow: /cits
Disallow: /format
Disallow: /PS_cache
Disallow: /Stats
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

User-agent: bingbot
Crawl-delay: 1
Allow: /archive
Allow: /year
Allow: /list
Allow: /abs
Allow: /pdf
Allow: /html
Allow: /catchup
Disallow: /user
Disallow: /e-print
Disallow: /src
Disallow: /ps
Disallow: /dvi
Disallow: /cookies
Disallow: /form
Disallow: /find
Disallow: /view
Disallow: /ftp
Disallow: /refs
Disallow: /cits
Disallow: /format
Disallow: /PS_cache
Disallow: /Stats
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

User-agent: Baiduspider
Crawl-delay: 10
Allow: /archive
Allow: /year
Allow: /list
Allow: /abs
Allow: /pdf
Allow: /html
Allow: /catchup
Disallow: /user
Disallow: /e-print
Disallow: /src
Disallow: /ps
Disallow: /dvi
Disallow: /cookies
Disallow: /form
Disallow: /find
Disallow: /view
Disallow: /ftp
Disallow: /refs
Disallow: /cits
Disallow: /format
Disallow: /PS_cache
Disallow: /Stats
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

User-agent: SQUID_configured_as_described_at_/help/faq/cache
Crawl-delay: 10
Allow: /list
Allow: /abs
Allow: /pdf
Disallow: /archive
Disallow: /year
Disallow: /html
Disallow: /catchup
Disallow: /user
Disallow: /e-print
Disallow: /src
Disallow: /ps
Disallow: /dvi
Disallow: /cookies
Disallow: /form
Disallow: /find
Disallow: /view
Disallow: /ftp
Disallow: /refs
Disallow: /cits
Disallow: /format
Disallow: /PS_cache
Disallow: /Stats
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

User-agent: YandexBot
Crawl-delay: 1
Allow: /archive
Allow: /year
Allow: /list
Allow: /abs
Allow: /pdf
Allow: /html
Allow: /catchup
Disallow: /e-print/
Disallow: /src/
Disallow: /ps/
Disallow: /psfigs/
Disallow: /dvi/
Disallow: /cookies/
Disallow: /form/
Disallow: /find/
Disallow: /view/
Disallow: /ftp/
Disallow: /refs/
Disallow: /cits/
Disallow: /format/
Disallow: /register
Disallow: /submit
Disallow: /replace
Disallow: /cross
Disallow: /jref
Disallow: /paper_passwd/
Disallow: /PS_cache/
Disallow: /Stats/
Disallow: /seek-and-destroy
Disallow: /IgnoreMe
Disallow: /uploads
Disallow: /oai2
Disallow: /auth
Disallow: /rss
Disallow: /tb
Disallow: /tb-recent
Disallow: /trackback
Disallow: /prevnext
Disallow: /ct
Disallow: /api

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/aurehal.archives-ouvertes.fr/robots.txt.html version [9df9fd8d7c].





























































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html lang="en">
    <head>
        <title>AureHAL : Accès Unifié aux Référentiels HAL</title>
        <meta charset="utf-8">
        <meta name="description" content="AURéHAL permet d'accéder aux référentiels utilisés dans l'archive ouverte HAL.">
        <meta name="author" content="CCSD">
        
        <script type="text/javascript">
    //<![CDATA[
    var lang = 'fr';    //]]>
</script>        <title>AureHAL</title>        <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />        <link rel="icon" type="type/png" href="/img/favicon.png" />
        <link href="/css/print_aurehal.css" media="print" rel="stylesheet" type="text/css" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/custom-theme/jquery-ui-1.10.0.custom.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/v3/css/bootstrap.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/ccsd.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/css/hal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/css/aurehal.css" type="text/css" media="screen" />

<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/jquery/min.1.9.1.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/jquery/ui/min.1.10.3.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/v3/js/bootstrap.min.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/form.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/datepicker/datepicker-fr.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/datepicker.js"></script>
<script type="text/javascript" src="/js/utile.js"></script>

        <style>
html {
	position: relative;
	min-height: 100%;
}

body {
	/* Margin bottom by footer height */
	margin-bottom: 140px;
}

.footer {
	position: absolute;
	bottom: 0;
	width: 100%;
	/* Set the fixed height of the footer here */
	height: 140px;
}
</style>


 
        <!-- Piwik -->
        <script type="text/javascript">
            var _paq = _paq || [];
            /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
            _paq.push(['trackPageView']);
            _paq.push(['enableLinkTracking']);
            (function() {
                var u="//piwik-hal.ccsd.cnrs.fr/";
                _paq.push(['setTrackerUrl', u+'piwik.php']);
                _paq.push(['setSiteId', '217']);
                var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
                g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s);
            })();
        </script>
        <!-- End Piwik Code -->




    </head>

    <body>
                <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
                        <div class="navbar-header ">
                <button type="button" class="navbar-toggle" data-toggle="collapse"
                        data-target="#nav-services">
                    <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span
                        class="icon-bar"></span> <span class="icon-bar"></span>
                </button>
                <div class="logo-ccsd">
                    <a class="brand" href="https://www.ccsd.cnrs.fr/"
                       title="Centre pour la communication Scientifique directe"><img src="/img/ccsd.png"
                                                                                      border="0"/></a>
                                    </div>
            </div>
                        <div class="collapse navbar-collapse" id="nav-services">
                <ul class="nav navbar-nav">
                    <li class="dropdown active"><a
                            href="#" class="dropdown-toggle" data-toggle="dropdown">HAL <b class="caret"
                                                                                           style="border-top-color:#ee5a35;border-bottom-color:#ee5a35;"></b></a>
                        <ul class="dropdown-menu">
                            <li><a href="https://hal.archives-ouvertes.fr">HAL</a></li>
                            <li><a href="https://halshs.archives-ouvertes.fr">HALSHS</a>
                            </li>
                            <li><a href="https://tel.archives-ouvertes.fr">TEL</a></li>
                            <li><a href="https://medihal.archives-ouvertes.fr">MédiHAL</a>
                            </li>
                            <li><a href="https://hal.archives-ouvertes.fr/browse/portal">Liste
                                    des portails</a></li>
                            <li class="divider"></li>
                            <li><a href="https://aurehal.archives-ouvertes.fr"
                                   target="_blank">AURéHAL</a></li>
                            <li><a href="http://api.archives-ouvertes.fr/docs">API</a></li>
                            <li>
                                <a href="https://hal.archives-ouvertes.fr/section/documentation">Documentation</a>
                            </li>
                        </ul>
                    </li>
                    <li class=""><a
                            href="https://www.episciences.org">Episciences.org</a></li>
                    <li class=""><a
                            href="https://www.sciencesconf.org">Sciencesconf.org</a></li>
                    <li><a href="https://support.ccsd.cnrs.fr">Support</a></li>
                </ul>
                                    <div class="nav navbar-nav navbar-right">
                                                    <form class="form-inline pull-right"
                                  style="margin-top: 8px; margin-right: 8px;"
                                  action="/user/login" id="form-login" method="post">
                                <input type="hidden" name="forward-controller"
                                       value="error"/>
                                <input type="hidden" name="forward-action"
                                       value="error"/>
                                                                <div class="btn-group">
                                    <button class="btn btn-small btn-primary" type="button"
                                            onclick="$('#form-login').submit();" accesskey="l">
                                        <i class="glyphicon glyphicon-user glyphicon-white"></i>&nbsp;Connexion                                    </button>
                                    <button class="btn btn-small btn-primary dropdown-toggle" data-toggle="dropdown"
                                            type="button">
                                        <span class="caret"
                                              style="border-top-color: #fff; border-bottom-color: #fff;"></span>
                                    </button>


                                                                        <ul class="dropdown-menu pull-right">
                                    <li><a href="#" onclick="$('#form-login').submit();" accesskey="l">Connexion</a></li>
                                                                                <li class="divider"></li>
                                        <li><a href="/user/create">Créer un compte</a></li>
                                        <li class="divider"></li>
                                        <li><a href="/user/lostpassword">Mot de passe oublié ?</a></li>
                                        <li><a href="/user/lostlogin">Login oublié ?</a></li>
                                    </ul>
                                </div>
                            </form>
                                            </div>
                                <form action="" method="post" id="formLang">
                    <input type="hidden" name="lang" id="lang" value=""/>
                    <ul class="nav navbar-nav navbar-right navbar-lang">
                                            </ul>
                </form>
            </div>
        </div>
        
        <div id="container" class="container">
            <div class="logo">
            	<div class="logo-title">
	<a href="/"><span class="first">A</span>ccès <span class="first">U</span>nifié aux <span class="first">Ré</span>férentiels <span class="first">HAL</span></a>
</div>    		</div>
    		<div class="row">
    			<div class="col-md-2">
    				<div class="list-group">
            <a href="/author/index" class="list-group-item ">Auteurs</a>
            <a href="/structure/index" class="list-group-item ">Structures</a>
            <a href="/domain/index" class="list-group-item ">Domaines</a>
            <a href="/journal/index" class="list-group-item ">Revues</a>
            <a href="/anrproject/index" class="list-group-item ">Projets ANR</a>
            <a href="/europeanproject/index" class="list-group-item ">Projets européens</a>
    </div>    			</div>
    			<div class="col-md-10">
    				    				<div class="corps">
						
						<div class='alert alert-danger'>
Accès refusé</div>						
						
				 		 <div class="modal " id="modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
						  <div class="modal-dialog" style="width: 960px;">
						    <div class="modal-content" >
						      <div class="modal-header">
						        <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
						        <h4 class="modal-title" id="myModalLabel">Informations</h4>
						      </div>
						      <div class="modal-body">
						      </div>
						      <div class="modal-footer">
						        <button type="button" class="btn btn-default" data-dismiss="modal">Fermer</button>
						        						      </div>
						    </div>
						  </div>
						</div>
						
					
                	</div>
                </div>
    		</div>
        </div>

            <div class="footer footer-default">
        <div class="footer-contact">
            <h4>Contact</h4>
            <a href="//support.ccsd.cnrs.fr/" onclick="this.target='_blank'">support.ccsd.cnrs.fr</a><br />
            <a href="mailto:hal.support@ccsd.cnrs.fr" onclick="this.target='_blank'">hal.support@ccsd.cnrs.fr</a>
        </div>
        <div class="footer-ccsd">
            <a href="//ccsd.cnrs.fr" onclick="this.target='_blank'"><img src="/img/logo-ccsd-footer.jpg" border="0" width="200" alt="Logo CCSD" /></a>
        </div>
    </div>
    </body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/babel.ls.fi.upm.es/robots.txt version [c47ccf1a49].





>
>
1
2
User-agent: *
Disallow:

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/ben-stock.de/robots.txt version [1f5b595453].











>
>
>
>
>
1
2
3
4
5
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

Sitemap: https://ben-stock.de/sitemap.xml

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/bib2hal.inria.fr/robots.txt version [a0444c98a8].









>
>
>
>
1
2
3
4
# www.robotstxt.org/
# www.google.com/support/webmasters/bin/answer.py?hl=en&answer=156449

User-agent: *

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/blogs.microsoft.com/robots.txt.html version [d9fbf90c85].







>
>
>
1
2
3
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/caml.inria.fr/robots.txt version [393bbea1bd].



























>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
User-agent: *
Disallow: /cgi-bin/viewvc.cgi/
User-agent: *
Disallow: /statistics/

Allow: /pub/docs/fpcl/
Allow: /pub/docs/manual-caml-light/
Allow: /pub/docs/manual-camlp4/
Allow: /pub/docs/manual-ocaml/
Allow: /pub/docs/oreilly-book/
Allow: /pub/docs/tutorial-camlp4/
Allow: /pub/docs/u3-ocaml/
Disallow: /pub/docs/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/christian-rossow.de/robots.txt version [234a182a39].





>
>
1
2
User-agent: *
Disallow: /trap.php

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/citeseerx.ist.psu.edu/robots.txt version [f3629fc418].









































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# blocked for extensive crawls without respecting crawl-delay
User-agent: Baiduspider
Disallow: /

User-agent: baiduspider
Disallow: /

User-agent: Baiduspider+
Disallow: /

User-agent: Googlebot
Disallow: /myciteseer/
Disallow: /mcsutils/
Disallow: /metacart
Disallow: /correct
Disallow: /feedback
Disallow: /dwr/
Disallow: /js/
Disallow: /css/
Disallow: /viewdoc/similar*
Disallow: /viewdoc/versions*
Disallow: /viewdoc/showciting*

User-agent: Bingbot
Disallow: /myciteseer/
Disallow: /mcsutils/
Disallow: /metacart
Disallow: /correct
Disallow: /feedback
Disallow: /dwr/
Disallow: /js/
Disallow: /css/
Disallow: /viewdoc/similar*
Disallow: /viewdoc/versions*
Disallow: /viewdoc/showciting*

User-agent: *
Disallow: /myciteseer/
Disallow: /mcsutils/
Disallow: /metacart
Disallow: /correct
Disallow: /feedback
Disallow: /dwr/
Disallow: /js/
Disallow: /css/
Disallow: /viewdoc/similar*
Disallow: /viewdoc/versions*
Disallow: /viewdoc/showciting*
Crawl-delay: 10


Sitemap: http://citeseerx.ist.psu.edu/sitemap_index.xml

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/clip.dia.fi.upm.es/robots.txt version [af0970b5f3].































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# this file prevents robots from accessing parts of the tree which
# have side-effecs or which are worthless.

User-agent: CLIP-robot # Allow to CLIP robot
Disallow:

User-agent: *		# For all robots...
Disallow: /latex2html-icons/
Disallow: /WWWusage	
Disallow: /WWWusageScratch
Disallow: /Local
Disallow: /Mail
Disallow: /cgi-bin
Disallow: /icons
Disallow: /images

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/code.jquery.com/robots.txt version [ecb4e0f96a].







>
>
>
1
2
3
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/colloque-stic.org/robots.txt version [da39a3ee5e].

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cristal.inria.fr/robots.txt version [b245de886e].















>
>
>
>
>
>
>
1
2
3
4
5
6
7
User-agent: Mozilla/4.0_(compatible;_MSIE_5.0;_Windows_95)_TrueRobot/1.1
Disallow: /

User-agent: *
Disallow: /bin/


Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/crypto.di.ens.fr/robots.txt version [5a1aaca5ea].





>
>
1
2
User-Agent: *
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/crypto.stanford.edu/robots.txt version [ba42a8d682].









>
>
>
>
1
2
3
4
User-agent: *
Disallow: /~dabo/cs255/solns
Disallow: /noscript.html
Disallow: /cs255study

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cryptosense.com/robots.txt version [8640477118].











>
>
>
>
>
1
2
3
4
5
Sitemap: https://cryptosense.com/sitemap.xml
Sitemap: https://cryptosense.com/news-sitemap.xml
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cryptoverif.inria.fr/index.html version [6757c7f003].





























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  <title>CryptoVerif</title>
</head>
<body>
<H1>CryptoVerif: Cryptographic protocol verifier in the computational model</H1>

<H3>Project leader:</H3>

<A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/">Bruno Blanchet</A>

<H3>Project participant:</H3>

<A HREF="http://www.di.ens.fr/~cade/index.html">David Cad</A>

<HR>

CryptoVerif is an automatic protocol prover sound in the
computational model. It can prove
<UL>
<LI>secrecy;
<LI>correspondences, which include in particular authentication.
</UL>
It provides a generic mechanism for specifying the security assumptions
on cryptographic primitives, which can handle in particular symmetric
encryption, message authentication codes, public-key encryption, 
signatures, hash functions. 

<P>
The generated proofs are proofs by sequences
of games, as used by cryptographers. These proofs are valid for
a number of sessions polynomial in the security parameter, in the
presence of an active adversary. CryptoVerif can also evaluate
the probability of success of an attack against the protocol
as a function of the probability of breaking each cryptographic
primitive and of the number of sessions (exact security).

<P>
This prover is available below.
This software is under development; please use it at your own risk.
Comments and bug reports welcome.

<H3>Source download</H3>

<A HREF="cryptoverif.html">CryptoVerif version 1.26, sources under the CeCILL-B license</A> (gzipped tar file)

<H3>Binary download</H3>

<A HREF="cryptoverifbin.html">CryptoVerif version 1.26 for Windows, binaries under the CeCILL-B license</A> (zip file)

<H3>Mailing List</H3>

A mailing list is available for general discussions on CryptoVerif. I post announcements for new releases of CryptoVerif on this list.
<UL>
<LI>To subscribe to the list, send an email to sympa-AT-inria.fr (replace -AT- with @) with subject "subscribe cryptoverif &lt;your name&gt;" (without quotes).
<LI>To post on the list, send an email to cryptoverif-AT-inria.fr (replace -AT- with @. Note: to avoid spam, you must subscribe to the list in order to be allowed to post.)
</UL>

<H3>Applications of CryptoVerif</H3>

Examples of application: 
<UL>
<LI><A HREF="FDH">security proof of the FDH signature scheme</A> (with David Pointcheval)
<LI><A HREF="kerberos">Kerberos</A> (with Aaron D. Jaggard, Andre Scedrov, and Joe-Kai Tsay)
<LI><A HREF="OEKE/">OEKE, One Encrypted Key Exchange</A> 
<LI><A HREF="http://prosecco.inria.fr/personal/bblanche/publications/CadeBlanchetJoWUA13.html">SSH</A> (with David Cad; scripts in subdirectory implementation/ssh of the CryptoVerif distribution)
<LI><A HREF="https://github.com/Inria-Prosecco/proscript-messaging">Signal</A> (a.k.a. TextSecure, with Nadim Kobeissi and Karthikeyan Bhargavan)
<LI><A HREF="https://github.com/inria-prosecco/reftls">TLS 1.3 Draft 18</A> (with Karthikeyan Bhargavan and Nadim Kobeissi)
<LI><A HREF="http://prosecco.inria.fr/personal/bblanche/arinc823/">ARINC 823 avionic protocols</A>
</UL>
<P>
<A HREF="cryptoverif-users.html">References of papers that use CryptoVerif</A>

<H3>Publications on this topic</H3>


<dl>

<dt>
<a name="BlanchetCSF17"></a>
[1]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetCSF17.html">Symbolic and Computational Mechanized Verification of the
  ARINC823 Avionic Protocols</A>.
  In <i>30th IEEE Computer Security Foundations Symposium (CSF'17)</i>,
  Santa Barbara, CA, USA, August 2017. IEEE.
  To appear.<br />

<p>
</dd>


<dt>
<a name="BlanchetInria17"></a>
[2]
</dt>
<dd>
Bruno Blanchet.
  Symbolic and computational mechanized verification of the ARINC823
  avionic protocols.
  Research Report RR-9072, Inria, May 2017.
  Available at
  <A HREF="https://hal.inria.fr/hal-01527671">https://hal.inria.fr/hal-01527671</A>.<br />

<p>
</dd>


<dt>
<a name="BhargavanBlanchetKobeissiInria2017"></a>
[3]
</dt>
<dd>
Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi.
  Verified models and reference implementations for the TLS 1.3
  standard candidate.
  Research Report RR-9040, Inria, May 2017.
  Available at
  <A HREF="https://hal.inria.fr/hal-01528752">https://hal.inria.fr/hal-01528752</A>.<br />

<p>
</dd>


<dt>
<a name="BhargavanBlanchetKobeissiSP2017"></a>
[4]
</dt>
<dd>
Karthikeyan Bhargavan, Bruno Blanchet, and Nadim Kobeissi.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BhargavanBlanchetKobeissiSP2017.html">Verified Models and Reference Implementations for the TLS
  1.3 Standard Candidate</A>.
  In <i>IEEE Symposium on Security and Privacy (S&amp;P'17)</i>, pages
  483-503, San Jose, CA, May 2017. IEEE.
  Distinguished paper award.<br />

<p>
</dd>


<dt>
<a name="KobeissiBhargavanBlanchetEuroSP17"></a>
[5]
</dt>
<dd>
Nadim Kobeissi, Karthikeyan Bhargavan, and Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/KobeissiBhargavanBlanchetEuroSP17.html">Automated Verification for Secure Messaging Protocols and
  their Implementations: A Symbolic and Computational Approach</A>.
  In <i>2nd IEEE European Symposium on Security and Privacy
  (EuroS&amp;P'17)</i>, pages 435-450, Paris, France, April 2017. IEEE.<br />

<p>
</dd>


<dt>
<a name="CadeBlanchetJCS14"></a>
[6]
</dt>
<dd>
David Cad and Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/CadeBlanchetJCS14.html">Proved Generation of Implementations from Computationally
  Secure Protocol Specifications</A>.
  <i>Journal of Computer Security</i>, 23(3):331-402, 2015.<br />

<p>
</dd>


<dt>
<a name="CadeBlanchetJoWUA13"></a>
[7]
</dt>
<dd>
David Cad and Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/CadeBlanchetJoWUA13.html">From Computationally-Proved Protocol Specifications to
  Implementations and Application to SSH</A>.
  <i>Journal of Wireless Mobile Networks, Ubiquitous Computing, and
  Dependable Applications (JoWUA)</i>, 4(1):4-31, March 2013.
  Special issue ARES'12.<br />

<p>
</dd>


<dt>
<a name="CadeBlanchetPOST13"></a>
[8]
</dt>
<dd>
David Cad and Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/CadeBlanchetPOST13.html">Proved Generation of Implementations from
  Computationally-Secure Protocol Specifications</A>.
  In David Basin and John Mitchell, editors, <i>2nd Conference on
  Principles of Security and Trust (POST 2013)</i>, volume 7796 of <i>Lecture
  Notes in Computer Science</i>, pages 63-82, Rome, Italy, March 2013. Springer.<br />

<p>
</dd>


<dt>
<a name="CadeBlanchetARES12"></a>
[9]
</dt>
<dd>
David Cad and Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/CadeBlanchetARES12.html">From Computationally-proved Protocol Specifications to
  Implementations</A>.
  In <i>7th International Conference on Availability, Reliability and
  Security (AReS 2012)</i>, pages 65-74, Prague, Czech Republic, August 2012.
  IEEE.<br />

<p>
</dd>


<dt>
<a name="BlanchetCSF12"></a>
[10]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetCSF12.html">Automatically Verified Mechanized Proof of One-Encryption
  Key Exchange</A>.
  In <i>25th IEEE Computer Security Foundations Symposium (CSF'12)</i>,
  pages 325-339, Cambridge, MA, USA, June 2012. IEEE.<br />

<p>
</dd>


<dt>
<a name="BlanchetMOD11"></a>
[11]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetMOD11.html">Mechanizing Game-Based Proofs of Security Protocols</A>.
  In Tobias Nipkow, Olga Grumberg, and Benedikt Hauptmann, editors,
  <i>Software Safety and Security - Tools for Analysis and Verification</i>,
  volume 33 of <i>NATO Science for Peace and Security Series - D:
  Information and Communication Security</i>, pages 1-25. IOS Press, May 2012.
  Proceedings of the summer school MOD 2011.<br />

<p>
</dd>


<dt>
<a name="BlanchetEPrint12"></a>
[12]
</dt>
<dd>
Bruno Blanchet.
  Automatically verified mechanized proof of one-encryption key
  exchange.
  Cryptology ePrint Archive, Report 2012/173, April 2012.
  Available at
  <A HREF="http://eprint.iacr.org/2012/173">http://eprint.iacr.org/2012/173</A>.<br />

<p>
</dd>


<dt>
<a name="BlanchetFCC11"></a>
[13]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetFCC11.html">A second look at Shoup's lemma</A>.
  In <i>Workshop on Formal and Computational Cryptography (FCC
  2011)</i>, Paris, France, June 2011.<br />

<p>
</dd>


<dt>
<a name="BlanchetPointchevalFCC10"></a>
[14]
</dt>
<dd>
Bruno Blanchet and David Pointcheval.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetPointchevalFCC10.html">The computational and decisional Diffie-Hellman
  assumptions in CryptoVerif</A>.
  In <i>Workshop on Formal and Computational Cryptography (FCC
  2010)</i>, Edimburgh, United Kingdom, July 2010.<br />

<p>
</dd>


<dt>
<a name="BlanchetJaggardRaoScedrovTsayFCC09"></a>
[15]
</dt>
<dd>
Bruno Blanchet, Aaron D. Jaggard, Jesse Rao, Andre Scedrov, and Joe-Kai Tsay.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetJaggardRaoScedrovTsayFCC09.html">Refining Computationally Sound Mechanized Proofs for
  Kerberos</A>.
  In <i>Workshop on Formal and Computational Cryptography (FCC
  2009)</i>, Port Jefferson, NY, July 2009.<br />

<p>
</dd>


<dt>
<a name="AbadiBlanchetComonCAV09"></a>
[16]
</dt>
<dd>
Martn Abadi (invited speaker), Bruno Blanchet, and Hubert Comon-Lundh.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/AbadiBlanchetComonCAV09.html">Models and Proofs of Protocol Security: A Progress Report</A>.
  In Ahmed Bouajjani and Oded Maler, editors, <i>21st International
  Conference on Computer Aided Verification (CAV'09)</i>, volume 5643 of <i>
  Lecture Notes in Computer Science</i>, pages 35-49, Grenoble, France, June
  2009. Springer.<br />

<p>
</dd>


<dt>
<a name="BlanchetHDR"></a>
[17]
</dt>
<dd>
Bruno Blanchet.
  <i><A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetHDR.html">Vrification automatique de protocoles
  cryptographiques : modle formel et modle calculatoire. Automatic
  verification of security protocols: formal model and computational model</A></i>.
  Mmoire d'habilitation  diriger des recherches, Universit
  Paris-Dauphine, November 2008.
  En franais avec publications en anglais en annexe. In French with
  publications in English in appendix.<br />

<p>
</dd>


<dt>
<a name="BlanchetJaggardScedrovTsayAsiaCCS08"></a>
[18]
</dt>
<dd>
Bruno Blanchet, Aaron D. Jaggard, Andre Scedrov, and Joe-Kai Tsay.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetJaggardScedrovTsayAsiaCCS08.html">Computationally Sound Mechanized Proofs for Basic and
  Public-key Kerberos</A>.
  In <i>ACM Symposium on Information, Computer and Communications
  Security (ASIACCS'08)</i>, pages 87-99, Tokyo, Japan, March 2008. ACM.<br />

<p>
</dd>


<dt>
<a name="BlanchetTDSC07"></a>
[19]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetTDSC07.html">A Computationally Sound Mechanized Prover for Security
  Protocols</A>.
  <i>IEEE Transactions on Dependable and Secure Computing</i>,
  5(4):193-207, October-December 2008.
  Special issue IEEE Symposium on Security and Privacy 2006. Electronic
  version available at
  <A HREF="http://doi.ieeecomputersociety.org/10.1109/TDSC.2007.1005">http://doi.ieeecomputersociety.org/10.1109/TDSC.2007.1005</A>.<br />

<p>
</dd>


<dt>
<a name="BlanchetDagstuhl07"></a>
[20]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetDagstuhl07.html">CryptoVerif: A Computationally Sound Mechanized Prover
  for Cryptographic Protocols</A>.
  In <i>Dagstuhl seminar <tt>Formal Protocol Verification Applied</tt></i>,
  October 2007.<br />

<p>
</dd>


<dt>
<a name="BlanchetJaggardScedrovTsayDagstuhl07"></a>
[21]
</dt>
<dd>
Bruno Blanchet, Aaron D. Jaggard, Andre Scedrov, and Joe-Kai Tsay.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetJaggardScedrovTsayDagstuhl07.html">Computationally Sound Mechanized Proofs for Basic and
  Public-key Kerberos</A>.
  In <i>Dagstuhl seminar <tt>Formal Protocol Verification Applied</tt></i>,
  October 2007.<br />

<p>
</dd>


<dt>
<a name="BlanchetCSF07"></a>
[22]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetCSF07.html">Computationally Sound Mechanized Proofs of Correspondence
  Assertions</A>.
  In <i>20th IEEE Computer Security Foundations Symposium (CSF'07)</i>,
  pages 97-111, Venice, Italy, July 2007. IEEE.<br />

<p>
</dd>


<dt>
<a name="BlanchetEPrint07"></a>
[23]
</dt>
<dd>
Bruno Blanchet.
  Computationally sound mechanized proofs of correspondence assertions.
  Cryptology ePrint Archive, Report 2007/128, April 2007.
  Available at
  <A HREF="http://eprint.iacr.org/2007/128">http://eprint.iacr.org/2007/128</A>.<br />

<p>
</dd>


<dt>
<a name="BlanchetPointchevalCrypto06"></a>
[24]
</dt>
<dd>
Bruno Blanchet and David Pointcheval.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetPointchevalCrypto06.html">Automated Security Proofs with Sequences of Games</A>.
  In Cynthia Dwork, editor, <i>CRYPTO'06</i>, volume 4117 of <i>
  Lecture Notes in Computer Science</i>, pages 537-554, Santa Barbara, CA, August
  2006. Springer.<br />

<p>
</dd>


<dt>
<a name="BlanchetOakland06"></a>
[25]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetOakland06.html">A Computationally Sound Mechanized Prover for Security
  Protocols</A>.
  In <i>IEEE Symposium on Security and Privacy</i>, pages 140-154,
  Oakland, California, May 2006.<br />

<p>
</dd>


<dt>
<a name="BlanchetPointchevalEPrint06"></a>
[26]
</dt>
<dd>
Bruno Blanchet and David Pointcheval.
  Automated security proofs with sequences of games.
  Cryptology ePrint Archive, Report 2006/069, February 2006.
  Available at
  <A HREF="http://eprint.iacr.org/2006/069">http://eprint.iacr.org/2006/069</A>.<br />

<p>
</dd>


<dt>
<a name="BlanchetEPrint05"></a>
[27]
</dt>
<dd>
Bruno Blanchet.
  A computationally sound mechanized prover for security protocols.
  Cryptology ePrint Archive, Report 2005/401, November 2005.
  Available at
  <A HREF="http://eprint.iacr.org/2005/401">http://eprint.iacr.org/2005/401</A>.<br />

<p>
</dd>


<dt>
<a name="BlanchetLink05"></a>
[28]
</dt>
<dd>
Bruno Blanchet.
  <A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/publications/BlanchetLink05.html">A Computationally Sound Automatic Prover for Cryptographic
  Protocols</A>.
  In <i>Workshop on the link between formal and computational
  models</i>, Paris, France, June 2005.<br />

<p>
</dd>
</dl>

<H3>Support of the CryptoVerif project</H3>

The development of CryptoVerif was partly supported by the ANR project
<A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/formacrypt/index.html">ARA SSIA Formacrypt</A> and the
ANR VERSO 2010 <A HREF="https://crypto.di.ens.fr/projects:prose:main">ProSe</A>.

<HR>
<A HREF="http://prosecco.gforge.inria.fr/personal/bblanche/">Bruno Blanchet</A>

</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cs.hse.ru/robots.txt version [f9a6a4d646].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
User-Agent: *
Disallow: */db/
Disallow: */search/
Disallow: */css/
Disallow: */js/
Disallow: */f/
Disallow: */mirror/f/
Disallow: */images/
Disallow: */captcha/
Disallow: /*empty.html
Disallow: */reg
Disallow: */user/
Disallow: */guest/
Disallow: */adm/
Disallow: */text/image
Disallow: */co-auth/
Disallow: */schoolstat/
Disallow: */pubs/lib/ajax/
Disallow: */mirror/pubs/lib/ajax/
Disallow: */lib/ajax/
Disallow: */mirror/lib/ajax/
Disallow: */ajax/
Disallow: */announcement/new/
Disallow: */data/xf/
Crawl-delay: 3

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cs.nyu.edu/robots.txt version [8dc2682397].































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# 
# This restricts access to only known and registered robots. 
#

#Modified by Daniel - took out all whitelisted bots, we can
#add blacklists here and in web server if needed...
User-agent: *
Disallow: /cgi-bin/
Disallow: /systems/platforms/linux/software/package/
#page fragments included by CMS
#Disallow: /webapps/page_body/
#Disallow: /webapps/page_title/
#Staging server
Disallow: /webapps-dev/
Allow: /pipermail/cvc-users
Allow: /pipermail/smt-lib
Allow: /pipermail/smt-comp
Allow: /pipermail/fom
Disallow: /pipermail/

#Added 2015/11/25 by NF
#Do not crawl Django Admin site
Disallow: /dynamic/admin/

#Added 2015/11/25 by NF
Disallow: /archive201511/

#Added 2015/11/24 by NF
#CS website has moved from /web/ to /home/
Allow: /web/
Allow: /webapps/

#Added 2016/03/03 by NF. See Ticket#2016030210001058.
Disallow: /cs/review/

#Added 2015/06/09
#Google Search Appliance seems to abuse classroom calendar.
Disallow: /webapps/classrooms/

# I believe the following will eliminate many of the 404's that result from
# crawling javascript such as 
# var AUTH_TOKEN = 'm0IBKGTI83RXdNSm25OtcWWCyfDE6SLQWkkBosLVvmA=';
Disallow: /*=$

User-agent: AhrefsBot
Crawl-Delay: 2

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cse.snu.ac.kr/robots.txt version [735831a22e].

























































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used:    http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/wc/robots.html
#
# For syntax checking, see:
# http://www.sxw.org.uk/computing/robots/check.html

User-agent: *
Crawl-delay: 10
# Directories
Disallow: /includes/
Disallow: /misc/
Disallow: /modules/
Disallow: /profiles/
Disallow: /scripts/
Disallow: /themes/
# Files
Disallow: /CHANGELOG.txt
Disallow: /cron.php
Disallow: /INSTALL.mysql.txt
Disallow: /INSTALL.pgsql.txt
Disallow: /INSTALL.sqlite.txt
Disallow: /install.php
Disallow: /INSTALL.txt
Disallow: /LICENSE.txt
Disallow: /MAINTAINERS.txt
Disallow: /update.php
Disallow: /UPGRADE.txt
Disallow: /xmlrpc.php
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register/
Disallow: /user/password/
Disallow: /user/login/
Disallow: /user/logout/
# Paths (no clean URLs)
Disallow: /?q=admin/
Disallow: /?q=comment/reply/
Disallow: /?q=filter/tips/
Disallow: /?q=node/add/
Disallow: /?q=search/
Disallow: /?q=user/password/
Disallow: /?q=user/register/
Disallow: /?q=user/login/
Disallow: /?q=user/logout/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/cv.archives-ouvertes.fr/robots.txt version [09596bd75c].













>
>
>
>
>
>
1
2
3
4
5
6
# CV robots.txt
User-Agent: *
Disallow: /user/*
Disallow: /error/*
# Sitemap
Sitemap: https://cv.archives-ouvertes.fr/robots/sitemap

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dbh.nsd.uib.no/robots.txt version [b25e17f127].











>
>
>
>
>
1
2
3
4
5
User-agent: *
Disallow: /rapporter/egendefinerte/visning.action
Allow: /kanaler_old/nye_kanaler.do
Allow: /kanaler_old/nye_kanaler_niva2.do
Disallow: /kanaler_old/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dblp.uni-trier.de/robots.txt version [afa5823b0d].













































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
sitemap: http://dblp.uni-trier.de/sitemap.xml

user-agent: *

crawl-delay: 1

disallow: /cgi-bin
disallow: /maps

allow:	  /db
disallow: /db/indices

allow:	  /pers
disallow: /pers/xc
disallow: /pers/xk

allow:	  /rec
disallow: /rec/bibtex
disallow: /rec/xml

disallow: /pers*/r/Ruland:Detlev
disallow: /pers*/l/Lanchantin:Tonia

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/digg.com/robots.txt version [8d7abf8013].

























>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
User-agent: *
Disallow: /submit
Disallow: /session
Disallow: /login
Disallow: /api
Disallow: /search
Disallow: /submit
Disallow: /remote-submit
Disallow: /share
Disallow: /share.php
Disallow: /tools
Disallow: /post

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dimacs.rutgers.edu/robots.txt version [3c49e5efda].



















>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
User-agent: *
Disallow: /cgi-bin/
Disallow: /images/

~
~
~
~
~

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dimacs.rutgers.edu/~adj/index.html version [3d015d7905].











































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<html>
<title>
Aaron D. Jaggard's Homepage
</title>


<table cellspacing=0 cellpadding=0 border=0 height=150 width=100%>
<tr>

        <td align=left width=10%>
            <table width=100% border=0>
            <tr>
                    <td  width=100% align=left>
                    <img align=top hspace=20 src="./adj-small.jpg" alt="Aaron D. Jaggard">
                    </td>
            </tr>
            </table>
        </td>

        <td align=left width=20%>
            <table width=100% border=0>
            <tr>
                Aaron D. Jaggard<br>
<!--                Assistant Research Professor<br><br>
                <a href="http://dimacs.rutgers.edu/">DIMACS Center</a><br>
                <a href="http://www.rutgers.edu/">Rutgers University</a><br>
                96 Frelinghuysen Road<br>
                Piscataway, NJ 08854-8018<br><br>
-->
                email: adj || dimacs | rutgers | edu<br>
            </tr>
            </table>
        </td>

        <td align=left width=80%>
            <table width=100% border=0>
            <tr>
                I'm currently in the Formal Methods Section of the Center for High Assurance Computer Systems at the <a href="http://www.nrl.navy.mil/">Naval Research Laboratory</a>.<br><br>
                email: firstname.lastname || nrl | navy | mil<br>


            </tr>
            </table>
        </td>

</tr>
</table>




<p>
<!--<body bgcolor="#848589" text="#ffffff" link="#FFFFFF" vlink="#FFFFFF" alink="#ffffff">-->

<!--<img src="adj01.jpg" alt="Picture of Aaron" align=left height=25%>
Aaron D. Jaggard<br>
Assistant Research Professor<br>
adj || dimacs | rutgers | edu<br>
<br><br>
<a href="http://dimacs.rutgers.edu/">DIMACS</a> Center/CoRE Building/4th Floor<br>
<a href="http://www.rutgers.edu/">Rutgers University</a><br>
96 Frelinghuysen Road<br>
Piscataway, NJ 08854<br><br>
-->
<!--<a href="/~adj/email.jpg">Email</a><br>
<a href="adj_pub_050510.asc">(Public key---please send encrypted material as an attachment)</a>-->


<hr size=3>

<ul>
<li>Current and Recent Activities
    <ul>
        <li>I'm on the program committee for the <a href="http://perso.isep.fr/msellami/FISA/">Future Internet Services and Applications (FISA)</a> track of <a href="http://www.cyprusconferences.org/wetice2015/index.html">IEEE WETICE 2015</a>; papers are due February 13, 2015.
        <li>I was on the program committee for the Communications and Information Systems Security Symposium (CISS) that is part of the <a href="http://icc2015.ieee-icc.org/">2015 IEEE International Conference on Communications (ICC)</a>.</li>
        <li>I gave one of the invited talks at the <a href="http://www.annauniv.edu/tamc2014/">11th Annual Conference on Theory and Applications of Models of Computation (TAMC 2014)</a>.</li>
        <li>I was one of the co-organizers of the <a href="http://dig.csail.mit.edu/2014/AccountableSystems2014/">Accountability: Science, Technology and Policy</a> workshop at MIT (Jan. 29-30, 2014).</li>
<!--        <li>I'm on the program committee for the <a href="http://www.emn.fr/z-info/sellami/PASCS/">Privacy and Accountability for Software and Cloud Services (PASCS) track</a> of <a href="http://cmt.dmi.unipr.it/wetice14/">IEEE WETICE 2014</a>.</li>
-->
<!--        <li>I was on the program committee for the <a href="https://sites.google.com/site/ieeespduma14/home">5th International Workshop on Data Usage Management</a> (an IEEE CS Security & Privacy Workshop).</li>
-->
<!--        <li>I'm on the program committee for the <a href="http://www.annauniv.edu/tamc2014/">11th Annual Conference on Theory and Applications of Models of Computation (TAMC 2014)</a>.</li>-->
<!--        <li>I'm on the program committee for the <a href="http://www.ieee-icc.org/2014/Communications_and_Information_Systems_Security.pdf">Communications and Information Systems Security Symposium (CISS)</a> that is part of the <a href="http://www.ieee-icc.org/">2014 IEEE International Conference on Communications (ICC)</a>.</li>-->
        <!--<li>I am on the program committee for the <a href="http://www2.cs.uh.edu/mwsn/">Workshop on Security and Privacy of
Mobile, Wireless, and Sensor Networks</a> associated with <a href="http://www.ieee-secon.org/">IEEE SECON 2013</a>.  Papers are due March 22, 2013.</li>-->
        <!--<li>I was on the program committee for the <a href="http://www.websci12.org/">4th ACM Web Science Conference</a> (22-24 June 2012 at Northwestern).</li>-->
        <li>I'm involved with the <a href="http://dimacs.rutgers.edu/VCTAL/">VCTAL</a> project at DIMACS (writing curriculum modules on computational thinking).</li>
         <li>I'm on the editorial board for the <a href="http://dimacs.rutgers.edu/PS-Future/">PS-Future</a> curriculum-development project at DIMACS.
       <!-- http://dimacs.rutgers.edu/BMC/ -->
        <!--<li>I was a speaker for the <a href="http://ccicada.org/Reconnect/2012/participants.html">2012 Reconnect</a> program on "Game Theory and Security"-->
        <!--<li>I was a lead organizer and the principal lecturer for the <a href="http://ccicada.org/Reconnect/2011/">2011 Reconnect</a> program on "Privacy in a Networked World."</li>-->
        <!--<li>I was on the PC for <a href="http://www.sigecom.org/ec11/"><i>EC'11</i></a>; the <a href="http://www.sigecom.org/ec11/accepted_papers.html">list of accepted papers</a> has now been posted.-->
        <!--<li>I'm on the PC for <a href="http://fist.mmu.edu.my/cans2010/Home.aspx"><i>CANS 2010</i></a> (Cryptology And Network Security) 12-14 Dec.; the <a href="http://fist.mmu.edu.my/cans2010/Default.aspx?tabid=74">list of accepted papers</a> is now online.-->
        <!--<li>I co-organized the recent <a href="http://dimacs.rutgers.edu/Workshops/SecureRouting/">DIMACS Workshop on Secure Routing</a>.-->
    </ul>
</li>

<li>Research
<ul>
    <li>Developing and using models for trustworthy computing: I work to capture real-world problems with abstract models that are amenable to formal reasoning, and I use these types of models to answer questions about trustworthy computing.  This includes the study of problems in security, accountability, privacy, and the reliability of distributed dynamics.  It draws on tools from formal methods, game theory, distributed computing, and discrete mathematics.
        <ul>
            <li>See the project pages for my current and recent NSF awards on:
                <ul>
<!--                    <li><a href="http://dimacs.rutgers.edu/~adj/mitigating/index.html">Mitigating Exploits of the Current Interdomain Routing Infrastructure</a></li>
-->
                    <li><a href="http://dimacs.rutgers.edu/~adj/accountability/">Accountability and Identifiability</a></li>
                    <li><a href="http://dimacs.rutgers.edu/~adj/dynamics/">Distributed Computing with Adaptive Heuristics</a></li>
                </ul>
            </li>
            <li>See papers on: <a href="/~adj/Research/topic.html#security">security</a> | <a href="/~adj/Research/topic.html#privacy">privacy and accountability</a> | <a href="/~adj/Research/topic.html#routing">routing</a>
        </ul>
    </li>
    <li>All publications organized by: <a href="/~adj/Research/topic.html">Topic</a> | <a href="/~adj/Research/chron.html">Year</a> | <a href="/~adj/Research/type.html">Type</a>
    </li>
    <li><a href="/~adj/Research/projects.html">List</a> of all funded projects
    </li>
</ul>
<!--<li><a href="http://dimacs.rutgers.edu/REU/">2009 DIMACS REU</a>
    <ul>
        <li>Started 01 June 2009.  (More information coming soon.)</li>
    </ul>
</li>
-->
<!--<li>Information about the REU for Summer 2008 is available <a href="http://dimacs.rutgers.edu/REU/">here</a>; I will be supervising project 2008-08 and also interacting with project 2008-26.</li>
</li>-->
<!--<dt><a href="http://math.tulane.edu/~tcsem/">Theoretical Computer Science Seminar</a> in the Tulane math department</dt>-->
<li>Teaching
    <ul>
        <li>Colgate
            <ul>
                <li><a href="./teaching/2011c480.html">Topics in Computer Security (COSC 480 A, Fall 2011)</a></li>
<!--                <li><a href="http://www.colgate.edu/academics/coursedetails.aspx?cID=10169&term=201101">Introduction to Computing I (COSC 101, Fall 2011)</a></li>
                <li><a href="http://www.colgate.edu/academics/coursedetails.aspx?cID=10121&term=201002">Introduction to Computing II (COSC 102, Spring 2011)</a></li>
                <li><a href="http://www.colgate.edu/academics/coursedetails.aspx?cID=10096&term=201002">Introduction to Computing I (COSC 101, Spring 2011)</a></li>
-->
                <li><a href="http://www.colgate.edu/academics/coursedetails.aspx?cID=10091&term=201001">Introduction to Computing II (COSC 102, Fall 2010, Spring 2011)</a></li>
                <li><a href="http://www.colgate.edu/academics/coursedetails.aspx?cID=10077&term=201001">Introduction to Computing I (COSC 101, Fall 2010, Spring 2011, Fall 2011, Spring 2012)</a></li>
            </ul>
        </li>
        <li>Rutgers
            <ul>
                <li><a href="http://paul.rutgers.edu/~mangesh/cs514.html">Advanced Algorithms : Topics in Game Theory</a> (16:198:514, Co-taught with <a href="http://www.cs.rutgers.edu/~muthu/">S. Muthukrishnan</a> and <a href="http://www.mit.edu/~hajiagha/">MohammadTaghi Hajiaghayi</a>, Spring 2009)</li>
            </ul>
        </li>
        <li>Tulane
            <ul>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/2007a326/index.html">Algorithms & Complexity (Math 326, Spring 2007)</a></li>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/2006c305/index.html">Real Analysis (Math 305/605, Fall 2006)</a></li>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/2006b122/index.html">Calculus II (Math 122, Lagniappe 2006)<!--</a>--></li>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/2006a711/index.html">Algebra I (Math 711, Spring 2006)</a></dd>
                <li>Algebraic Combinatorics (Math 771, Spring 2005)</li>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/2004c305/index.html">Real Analysis (Math 305/605, Fall 2004)</a></li>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/2004a320/index.html">Combinatorics (Math 320, Spring 2004)</a></li>
                <li><a href="http://www.math.tulane.edu/~adj/Teaching/index.html">Discrete Mathematics (Math 217, Fall 2003)</a></li>
            </ul>
        </li>
    </ul>
<li><a href="./Personal/index.html">A little bit about me</a></li>
</ul>




</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/distrinet.cs.kuleuven.be/robots.txt version [a4a0483b01].









>
>
>
>
1
2
3
4
Disallow: /login.do
Disallow: /admin
Disallow: /events/registration
Disallow: /trigger-sso

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dl.acm.org/robots.txt version [cebcc70d0e].

































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
# ACM Robots file

# advertising-related bots:
User-agent: Mediapartners-Google*
Disallow: /

# Wikipedia work bots:
User-agent: IsraBot
Disallow: /

User-agent: Orthogaffe
Disallow: /

# Crawlers that are kind enough to obey, but which we'd rather not have
# unless they're feeding search engines.
User-agent: UbiCrawler
Disallow: /

User-agent: DOC
Disallow: /

User-agent: Zao
Disallow: /

# Some bots are known to be trouble, particularly those designed to copy
# entire sites. Please obey robots.txt.
User-agent: sitecheck.internetseer.com
Disallow: /

User-agent: Zealbot
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: SiteSnagger
Disallow: /

User-agent: WebStripper
Disallow: /

User-agent: WebCopier
Disallow: /

User-agent: Fetch
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: Teleport
Disallow: /

User-agent: TeleportPro
Disallow: /

User-agent: WebZIP
Disallow: /

User-agent: linko
Disallow: /

User-agent: HTTrack
Disallow: /

User-agent: Microsoft.URL.Control
Disallow: /

User-agent: Xenu
Disallow: /

User-agent: larbin
Disallow: /

User-agent: libwww
Disallow: /

User-agent: ZyBORG
Disallow: /

User-agent: Download Ninja
Disallow: /

#
# Sorry, wget in its recursive mode is a frequent problem.
# Please read the man page and use it properly; there is a
# --wait option you can use to set the delay between hits,
# for instance.
#
User-agent: wget
Disallow: /

#
# The 'grub' distributed client has been *very* poorly behaved.
#
User-agent: grub-client
Disallow: /

#
# Doesn't follow robots.txt anyway, but...
#
User-agent: k2spider
Disallow: /

#
# Hits many times per second, not acceptable
# http://www.nameprotect.com/botinfo.html
User-agent: NPBot
Disallow: /

# A capture bot, downloads gazillions of pages with no public benefit
# http://www.webreaper.net/
User-agent: WebReaper
Disallow: /

#disallow daumoa
User-agent: daumoa
Disallow: /

#disallow webot
User-agent: webot
Disallow: / 

#GOOGLE
User-agent: Googlebot
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm

#Yahoo Search
User-agent: Slurp
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm

#MSN LiveSearch
User-agent: bingbot
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm

#ASK.COM Search
User-agent: Teoma
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm

#ProQuest Crawler Search
User-agent: Summon
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm


#DeepDyve Crawl
User-agent: Infovell
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm

#Yandex Crawl
User-agent: Yandex
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm

#Microsoft Academic Search
User-agent: librabot
Disallow: /results.cfm
Disallow: /authorendnotes.cfm
Disallow: /authorbibtex.cfm
Disallow: /authoracmref.cfm
Disallow: /authorize*
Disallow: /stats/authorize*
Disallow: /authors.cfm


#Don't allow indexing
User-agent: *
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/doi.ieeecomputersociety.org/10.1109/TDSC.2007.1005.html version [44017704f9].

cannot compute difference between binary files

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/doi.ieeecomputersociety.org/robots.txt version [790af8fc20].









































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Sitemap: http://www.computer.org/cms/sitemap/sitemap.xml
User-agent: *
Disallow: /alfresco/
Disallow: /plugins/
Disallow: /promo/
Disallow: /portal/c/
Disallow: /portal/c/layout_configuration/templates/
Disallow: /web/store
Disallow: /portal/group/
Disallow: /web/search/
Disallow: /search/
Disallow: /web/search/
Disallow: /19385854/
Disallow: /html/js/aui/
Disallow: /ieeecs-CNP-theme/
Disallow: /ieeecs-home-v4-theme/
Disallow: /ieeecs-CSCommunity-theme/
Disallow: /newton.computer.org/
Disallow: /staging.computer.org/
Disallow: /web/store/checkout/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dsu.edu/robots.txt version [838f06b7a8].

















>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
# www.robotstxt.org/

# www.google.com/support/webmasters/bin/answer.py?hl=en&answer=156449


User-agent: *

Disallow:

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/dx.doi.org/robots.txt version [36004c79bb].





>
>
1
2
Crawl-delay: 5
Request-rate: 1/5

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/en.wikipedia.org/robots.txt version [521a9105da].































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
# robots.txt for http://www.wikipedia.org/ and friends
#
# Please note: There are a lot of pages on this site, and there are
# some misbehaved spiders out there that go _way_ too fast. If you're
# irresponsible, your access to the site may be blocked.
#

# advertising-related bots:
User-agent: Mediapartners-Google*
Disallow: /

# Wikipedia work bots:
User-agent: IsraBot
Disallow:

User-agent: Orthogaffe
Disallow:

# Crawlers that are kind enough to obey, but which we'd rather not have
# unless they're feeding search engines.
User-agent: UbiCrawler
Disallow: /

User-agent: DOC
Disallow: /

User-agent: Zao
Disallow: /

# Some bots are known to be trouble, particularly those designed to copy
# entire sites. Please obey robots.txt.
User-agent: sitecheck.internetseer.com
Disallow: /

User-agent: Zealbot
Disallow: /

User-agent: MSIECrawler
Disallow: /

User-agent: SiteSnagger
Disallow: /

User-agent: WebStripper
Disallow: /

User-agent: WebCopier
Disallow: /

User-agent: Fetch
Disallow: /

User-agent: Offline Explorer
Disallow: /

User-agent: Teleport
Disallow: /

User-agent: TeleportPro
Disallow: /

User-agent: WebZIP
Disallow: /

User-agent: linko
Disallow: /

User-agent: HTTrack
Disallow: /

User-agent: Microsoft.URL.Control
Disallow: /

User-agent: Xenu
Disallow: /

User-agent: larbin
Disallow: /

User-agent: libwww
Disallow: /

User-agent: ZyBORG
Disallow: /

User-agent: Download Ninja
Disallow: /

# Misbehaving: requests much too fast:
User-agent: fast
Disallow: /

#
# Sorry, wget in its recursive mode is a frequent problem.
# Please read the man page and use it properly; there is a
# --wait option you can use to set the delay between hits,
# for instance.
#
User-agent: wget
Disallow: /

#
# The 'grub' distributed client has been *very* poorly behaved.
#
User-agent: grub-client
Disallow: /

#
# Doesn't follow robots.txt anyway, but...
#
User-agent: k2spider
Disallow: /

#
# Hits many times per second, not acceptable
# http://www.nameprotect.com/botinfo.html
User-agent: NPBot
Disallow: /

# A capture bot, downloads gazillions of pages with no public benefit
# http://www.webreaper.net/
User-agent: WebReaper
Disallow: /

# Wayback Machine: defaults and whether to index user-pages
# FIXME: Complete the removal of this block, per T7582.
# User-agent: archive.org_bot
# Allow: /


#
# Friendly, low-speed bots are welcome viewing article pages, but not
# dynamically-generated pages please.
#
# Inktomi's "Slurp" can read a minimum delay between hits; if your
# bot supports such a thing using the 'Crawl-delay' or another
# instruction, please let us know.
#
# There is a special exception for API mobileview to allow dynamic
# mobile web & app views to load section content.
# These views aren't HTTP-cached but use parser cache aggressively
# and don't expose special: pages etc.
#
# Another exception is for REST API documentation, located at
# /api/rest_v1/?doc.
#
User-agent: *
Allow: /w/api.php?action=mobileview&
Allow: /w/load.php?
Allow: /api/rest_v1/?doc
Disallow: /w/
Disallow: /api/
Disallow: /trap/
#
# ar:
Disallow: /wiki/%D8%AE%D8%A7%D8%B5:Search
Disallow: /wiki/%D8%AE%D8%A7%D8%B5%3ASearch
#
# dewiki:
# T6937
# sensible deletion and meta user discussion pages:
Disallow: /wiki/Wikipedia:L%C3%B6schkandidaten/
Disallow: /wiki/Wikipedia:Löschkandidaten/
Disallow: /wiki/Wikipedia:Vandalensperrung/
Disallow: /wiki/Wikipedia:Benutzersperrung/
Disallow: /wiki/Wikipedia:Vermittlungsausschuss/
Disallow: /wiki/Wikipedia:Administratoren/Probleme/
Disallow: /wiki/Wikipedia:Adminkandidaturen/
Disallow: /wiki/Wikipedia:Qualitätssicherung/
Disallow: /wiki/Wikipedia:Qualit%C3%A4tssicherung/
# Search- and random-page
Disallow: /wiki/Spezial:Suche
Disallow: /wiki/Special:Suche
Disallow: /wiki/Spezial:Zufällige_Seite
Disallow: /wiki/Spezial:Zuf%C3%A4llige_Seite
Disallow: /wiki/Special:Zufällige_Seite
Disallow: /wiki/Special:Zuf%C3%A4llige_Seite
# 4937#5
Disallow: /wiki/Wikipedia:Vandalismusmeldung/
Disallow: /wiki/Wikipedia:Gesperrte_Lemmata/
Disallow: /wiki/Wikipedia:Löschprüfung/
Disallow: /wiki/Wikipedia:L%C3%B6schprüfung/
Disallow: /wiki/Wikipedia:Administratoren/Notizen/
Disallow: /wiki/Wikipedia:Schiedsgericht/Anfragen/
Disallow: /wiki/Wikipedia:L%C3%B6schpr%C3%BCfung/
# T14111
Disallow: /wiki/Wikipedia:Checkuser/
Disallow: /wiki/Wikipedia_Diskussion:Checkuser/
Disallow: /wiki/Wikipedia_Diskussion:Adminkandidaturen/
# T15961
Disallow: /wiki/Wikipedia:Spam-Blacklist-Log
Disallow: /wiki/Wikipedia%3ASpam-Blacklist-Log
Disallow: /wiki/Wikipedia_Diskussion:Spam-Blacklist-Log
Disallow: /wiki/Wikipedia_Diskussion%3ASpam-Blacklist-Log
#
# enwiki:
# Folks get annoyed when VfD discussions end up the number 1 google hit for
# their name. See T6776
Disallow: /wiki/Wikipedia:Articles_for_deletion/
Disallow: /wiki/Wikipedia%3AArticles_for_deletion/
Disallow: /wiki/Wikipedia:Votes_for_deletion/
Disallow: /wiki/Wikipedia%3AVotes_for_deletion/
Disallow: /wiki/Wikipedia:Pages_for_deletion/
Disallow: /wiki/Wikipedia%3APages_for_deletion/
Disallow: /wiki/Wikipedia:Miscellany_for_deletion/
Disallow: /wiki/Wikipedia%3AMiscellany_for_deletion/
Disallow: /wiki/Wikipedia:Miscellaneous_deletion/
Disallow: /wiki/Wikipedia%3AMiscellaneous_deletion/
Disallow: /wiki/Wikipedia:Copyright_problems
Disallow: /wiki/Wikipedia%3ACopyright_problems
Disallow: /wiki/Wikipedia:Protected_titles/
Disallow: /wiki/Wikipedia%3AProtected_titles/
# T15398
Disallow: /wiki/Wikipedia:WikiProject_Spam/
Disallow: /wiki/Wikipedia%3AWikiProject_Spam/
# T16075
Disallow: /wiki/MediaWiki:Spam-blacklist
Disallow: /wiki/MediaWiki%3ASpam-blacklist
Disallow: /wiki/MediaWiki_talk:Spam-blacklist
Disallow: /wiki/MediaWiki_talk%3ASpam-blacklist
# T13261
Disallow: /wiki/Wikipedia:Requests_for_arbitration/
Disallow: /wiki/Wikipedia%3ARequests_for_arbitration/
Disallow: /wiki/Wikipedia:Requests_for_comment/
Disallow: /wiki/Wikipedia%3ARequests_for_comment/
Disallow: /wiki/Wikipedia:Requests_for_adminship/
Disallow: /wiki/Wikipedia%3ARequests_for_adminship/
# T12288
Disallow: /wiki/Wikipedia_talk:Articles_for_deletion/
Disallow: /wiki/Wikipedia_talk%3AArticles_for_deletion/
Disallow: /wiki/Wikipedia_talk:Votes_for_deletion/
Disallow: /wiki/Wikipedia_talk%3AVotes_for_deletion/
Disallow: /wiki/Wikipedia_talk:Pages_for_deletion/
Disallow: /wiki/Wikipedia_talk%3APages_for_deletion/
Disallow: /wiki/Wikipedia_talk:Miscellany_for_deletion/
Disallow: /wiki/Wikipedia_talk%3AMiscellany_for_deletion/
Disallow: /wiki/Wikipedia_talk:Miscellaneous_deletion/
Disallow: /wiki/Wikipedia_talk%3AMiscellaneous_deletion/
# T16793
Disallow: /wiki/Wikipedia:Changing_username
Disallow: /wiki/Wikipedia%3AChanging_username
Disallow: /wiki/Wikipedia:Changing_username/
Disallow: /wiki/Wikipedia%3AChanging_username/
Disallow: /wiki/Wikipedia_talk:Changing_username
Disallow: /wiki/Wikipedia_talk%3AChanging_username
Disallow: /wiki/Wikipedia_talk:Changing_username/
Disallow: /wiki/Wikipedia_talk%3AChanging_username/
#
# eswiki:
# T8746
Disallow: /wiki/Wikipedia:Consultas_de_borrado/
Disallow: /wiki/Wikipedia%3AConsultas_de_borrado/
#
# fiwiki:
# T10695
Disallow: /wiki/Wikipedia:Poistettavat_sivut
Disallow: /wiki/K%C3%A4ytt%C3%A4j%C3%A4:
Disallow: /wiki/Käyttäjä:
Disallow: /wiki/Keskustelu_k%C3%A4ytt%C3%A4j%C3%A4st%C3%A4:
Disallow: /wiki/Keskustelu_käyttäjästä:
Disallow: /wiki/Wikipedia:Yll%C3%A4pit%C3%A4j%C3%A4t/
Disallow: /wiki/Wikipedia:Ylläpitäjät/
#
# frwiki:
Disallow: /wiki/Wikip%C3%A9dia:Pages_%C3%A0_supprimer/
Disallow: /wiki/Wikip%C3%A9dia:Pages_soup%C3%A7onn%C3%A9es_de_violation_de_copyright/
#
# hewiki:
Disallow: /wiki/%D7%9E%D7%99%D7%95%D7%97%D7%93:Search
Disallow: /wiki/%D7%9E%D7%99%D7%95%D7%97%D7%93%3ASearch
#T11517
Disallow: /wiki/ויקיפדיה:רשימת_מועמדים_למחיקה/
Disallow: /wiki/ויקיפדיה%3Aרשימת_מועמדים_למחיקה/
Disallow: /wiki/%D7%95%D7%99%D7%A7%D7%99%D7%A4%D7%93%D7%99%D7%94:%D7%A8%D7%A9%D7%99%D7%9E%D7%AA_%D7%9E%D7%95%D7%A2%D7%9E%D7%93%D7%99%D7%9D_%D7%9C%D7%9E%D7%97%D7%99%D7%A7%D7%94/
Disallow: /wiki/%D7%95%D7%99%D7%A7%D7%99%D7%A4%D7%93%D7%99%D7%94%3A%D7%A8%D7%A9%D7%99%D7%9E%D7%AA_%D7%9E%D7%95%D7%A2%D7%9E%D7%93%D7%99%D7%9D_%D7%9C%D7%9E%D7%97%D7%99%D7%A7%D7%94/
Disallow: /wiki/ויקיפדיה:ערכים_לא_קיימים_ומוגנים
Disallow: /wiki/ויקיפדיה%3Aערכים_לא_קיימים_ומוגנים
Disallow: /wiki/%D7%95%D7%99%D7%A7%D7%99%D7%A4%D7%93%D7%99%D7%94:%D7%A2%D7%A8%D7%9B%D7%99%D7%9D_%D7%9C%D7%90_%D7%A7%D7%99%D7%99%D7%9E%D7%99%D7%9D_%D7%95%D7%9E%D7%95%D7%92%D7%A0%D7%99%D7%9D
Disallow: /wiki/%D7%95%D7%99%D7%A7%D7%99%D7%A4%D7%93%D7%99%D7%94%3A%D7%A2%D7%A8%D7%9B%D7%99%D7%9D_%D7%9C%D7%90_%D7%A7%D7%99%D7%99%D7%9E%D7%99%D7%9D_%D7%95%D7%9E%D7%95%D7%92%D7%A0%D7%99%D7%9D
Disallow: /wiki/ויקיפדיה:דפים_לא_קיימים_ומוגנים
Disallow: /wiki/ויקיפדיה%3Aדפים_לא_קיימים_ומוגנים
Disallow: /wiki/%D7%95%D7%99%D7%A7%D7%99%D7%A4%D7%93%D7%99%D7%94:%D7%93%D7%A4%D7%99%D7%9D_%D7%9C%D7%90_%D7%A7%D7%99%D7%99%D7%9E%D7%99%D7%9D_%D7%95%D7%9E%D7%95%D7%92%D7%A0%D7%99%D7%9D
Disallow: /wiki/%D7%95%D7%99%D7%A7%D7%99%D7%A4%D7%93%D7%99%D7%94%3A%D7%93%D7%A4%D7%99%D7%9D_%D7%9C%D7%90_%D7%A7%D7%99%D7%99%D7%9E%D7%99%D7%9D_%D7%95%D7%9E%D7%95%D7%92%D7%A0%D7%99%D7%9D
#
# huwiki:
Disallow: /wiki/Speci%C3%A1lis:Search
Disallow: /wiki/Speci%C3%A1lis%3ASearch
#
# itwiki:
# T7545
Disallow: /wiki/Wikipedia:Pagine_da_cancellare
Disallow: /wiki/Wikipedia%3APagine_da_cancellare
Disallow: /wiki/Wikipedia:Utenti_problematici
Disallow: /wiki/Wikipedia%3AUtenti_problematici
Disallow: /wiki/Wikipedia:Vandalismi_in_corso
Disallow: /wiki/Wikipedia%3AVandalismi_in_corso
Disallow: /wiki/Wikipedia:Amministratori
Disallow: /wiki/Wikipedia%3AAmministratori
Disallow: /wiki/Wikipedia:Proposte_di_cancellazione_semplificata
Disallow: /wiki/Wikipedia%3AProposte_di_cancellazione_semplificata
Disallow: /wiki/Categoria:Da_cancellare_subito
Disallow: /wiki/Categoria%3ADa_cancellare_subito
Disallow: /wiki/Wikipedia:Sospette_violazioni_di_copyright
Disallow: /wiki/Wikipedia%3ASospette_violazioni_di_copyright
Disallow: /wiki/Categoria:Da_controllare_per_copyright
Disallow: /wiki/Categoria%3ADa_controllare_per_copyright
Disallow: /wiki/Progetto:Rimozione_contributi_sospetti
Disallow: /wiki/Progetto%3ARimozione_contributi_sospetti
Disallow: /wiki/Categoria:Da_cancellare_subito_per_violazione_integrale_copyright
Disallow: /wiki/Categoria%3ADa_cancellare_subito_per_violazione_integrale_copyright
Disallow: /wiki/Progetto:Cococo
Disallow: /wiki/Progetto%3ACococo
Disallow: /wiki/Discussioni_progetto:Cococo
Disallow: /wiki/Discussioni_progetto%3ACococo
#
# jawiki
Disallow: /wiki/%E7%89%B9%E5%88%A5:Search
Disallow: /wiki/%E7%89%B9%E5%88%A5%3ASearch
# T7239
Disallow: /wiki/Wikipedia:%E5%89%8A%E9%99%A4%E4%BE%9D%E9%A0%BC/
Disallow: /wiki/Wikipedia%3A%E5%89%8A%E9%99%A4%E4%BE%9D%E9%A0%BC/
Disallow: /wiki/Wikipedia:%E5%88%A9%E7%94%A8%E8%80%85%E3%83%9A%E3%83%BC%E3%82%B8%E3%81%AE%E5%89%8A%E9%99%A4%E4%BE%9D%E9%A0%BC
Disallow: /wiki/Wikipedia%3A%E5%88%A9%E7%94%A8%E8%80%85%E3%83%9A%E3%83%BC%E3%82%B8%E3%81%AE%E5%89%8A%E9%99%A4%E4%BE%9D%E9%A0%BC
# nowiki
# T13432
Disallow: /wiki/Bruker:
Disallow: /wiki/Bruker%3A
Disallow: /wiki/Brukerdiskusjon
Disallow: /wiki/Wikipedia:Administratorer
Disallow: /wiki/Wikipedia%3AAdministratorer
Disallow: /wiki/Wikipedia-diskusjon:Administratorer
Disallow: /wiki/Wikipedia-diskusjon%3AAdministratorer
Disallow: /wiki/Wikipedia:Sletting
Disallow: /wiki/Wikipedia%3ASletting
Disallow: /wiki/Wikipedia-diskusjon:Sletting
Disallow: /wiki/Wikipedia-diskusjon%3ASletting
Disallow: /wiki/Spesial:
Disallow: /wiki/Spesial%3A
#
# plwiki
# T10067
Disallow: /wiki/Wikipedia:Strony_do_usuni%C4%99cia
Disallow: /wiki/Wikipedia%3AStrony_do_usuni%C4%99cia
Disallow: /wiki/Wikipedia:Do_usuni%C4%99cia
Disallow: /wiki/Wikipedia%3ADo_usuni%C4%99cia
Disallow: /wiki/Wikipedia:SDU/
Disallow: /wiki/Wikipedia%3ASDU/
Disallow: /wiki/Wikipedia:Strony_podejrzane_o_naruszenie_praw_autorskich
Disallow: /wiki/Wikipedia%3AStrony_podejrzane_o_naruszenie_praw_autorskich
#
# ptwiki:
# T7394
Disallow: /wiki/Wikipedia:Páginas_para_eliminar/
Disallow: /wiki/Wikipedia:P%C3%A1ginas_para_eliminar/
Disallow: /wiki/Wikipedia%3AP%C3%A1ginas_para_eliminar/
Disallow: /wiki/Wikipedia_Discussão:Páginas_para_eliminar/
Disallow: /wiki/Wikipedia_Discuss%C3%A3o:P%C3%A1ginas_para_eliminar/
Disallow: /wiki/Wikipedia_Discuss%C3%A3o%3AP%C3%A1ginas_para_eliminar/
#
# rowiki:
# T14546
Disallow: /wiki/Wikipedia:Pagini_de_%C5%9Fters
Disallow: /wiki/Wikipedia%3APagini_de_%C5%9Fters
Disallow: /wiki/Discu%C5%A3ie_Wikipedia:Pagini_de_%C5%9Fters
Disallow: /wiki/Discu%C5%A3ie_Wikipedia%3APagini_de_%C5%9Fters
#
# ruwiki:
Disallow: /wiki/%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5:Search
Disallow: /wiki/%D0%A1%D0%BF%D0%B5%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5%3ASearch
#
# svwiki:
# T12229
Disallow: /wiki/Wikipedia%3ASidor_f%C3%B6reslagna_f%C3%B6r_radering
Disallow: /wiki/Wikipedia:Sidor_f%C3%B6reslagna_f%C3%B6r_radering
Disallow: /wiki/Wikipedia:Sidor_föreslagna_för_radering
Disallow: /wiki/Användare
Disallow: /wiki/Anv%C3%A4ndare
Disallow: /wiki/Användardiskussion
Disallow: /wiki/Anv%C3%A4ndardiskussion
Disallow: /wiki/Wikipedia:Skyddade_sidnamn
Disallow: /wiki/Wikipedia%3ASkyddade_sidnamn
# T13291
Disallow: /wiki/Wikipedia:Sidor_som_bör_raderas
Disallow: /wiki/Wikipedia:Sidor_som_b%C3%B6r_raderas
Disallow: /wiki/Wikipedia%3ASidor_som_b%C3%B6r_raderas
#
# zhwiki:
# T7104
Disallow: /wiki/Wikipedia:删除投票/侵权
Disallow: /wiki/Wikipedia:%E5%88%A0%E9%99%A4%E6%8A%95%E7%A5%A8/%E4%BE%B5%E6%9D%83
Disallow: /wiki/Wikipedia:删除投票和请求
Disallow: /wiki/Wikipedia:%E5%88%A0%E9%99%A4%E6%8A%95%E7%A5%A8%E5%92%8C%E8%AF%B7%E6%B1%82
Disallow: /wiki/Category:快速删除候选
Disallow: /wiki/Category:%E5%BF%AB%E9%80%9F%E5%88%A0%E9%99%A4%E5%80%99%E9%80%89
Disallow: /wiki/Category:维基百科需要翻译的文章
Disallow: /wiki/Category:%E7%BB%B4%E5%9F%BA%E7%99%BE%E7%A7%91%E9%9C%80%E8%A6%81%E7%BF%BB%E8%AF%91%E7%9A%84%E6%96%87%E7%AB%A0
#
# sister projects
#
# enwikinews:
# T7340
Disallow: /wiki/Portal:Prepared_stories/
Disallow: /wiki/Portal%3APrepared_stories/
#
# itwikinews
# T11138
Disallow: /wiki/Wikinotizie:Richieste_di_cancellazione
Disallow: /wiki/Wikinotizie:Sospette_violazioni_di_copyright
Disallow: /wiki/Categoria:Da_cancellare_subito
Disallow: /wiki/Categoria:Da_cancellare_subito_per_violazione_integrale_copyright
Disallow: /wiki/Wikinotizie:Storie_in_preparazione
#
# enwikiquote:
# T17095
Disallow: /wiki/Wikiquote:Votes_for_deletion/
Disallow: /wiki/Wikiquote%3AVotes_for_deletion/
Disallow: /wiki/Wikiquote_talk:Votes_for_deletion/
Disallow: /wiki/Wikiquote_talk%3AVotes_for_deletion/
Disallow: /wiki/Wikiquote:Votes_for_deletion_archive/
Disallow: /wiki/Wikiquote%3AVotes_for_deletion_archive/
Disallow: /wiki/Wikiquote_talk:Votes_for_deletion_archive/
Disallow: /wiki/Wikiquote_talk%3AVotes_for_deletion_archive/
#
# enwikibooks
Disallow: /wiki/Wikibooks:Votes_for_deletion
#
# working...
Disallow: /wiki/Fundraising_2007/comments
#
Disallow: /wiki/Special:Maintenance
# Do not show banner content or record hits
Disallow: /wiki/Special:BannerLoader
Disallow: /wiki/Special:RecordImpression
#
#
#----------------------------------------------------------#
#
#
#
 # <!-- Please do not remove the space at the start of this line, it breaks the rendering.  http://www.robotstxt.org/orig.html says spaces before comments are OK. --><pre>
#
# Localisable part of robots.txt for en.wikipedia.org
#
# Edit at https://en.wikipedia.org/w/index.php?title=MediaWiki:Robots.txt&action=edit
# Don't add newlines here. All rules set here are active for every user-agent.
#
# Please check any changes using a syntax validator such as http://tool.motoricerca.info/robots-checker.phtml
# Enter https://en.wikipedia.org/robots.txt as the URL to check.
#
# https://bugzilla.wikimedia.org/show_bug.cgi?id=14075
Disallow: /wiki/MediaWiki:Spam-blacklist
Disallow: /wiki/MediaWiki%3ASpam-blacklist
Disallow: /wiki/MediaWiki_talk:Spam-blacklist
Disallow: /wiki/MediaWiki_talk%3ASpam-blacklist
Disallow: /wiki/Wikipedia:WikiProject_Spam
Disallow: /wiki/Wikipedia_talk:WikiProject_Spam
#
# Folks get annoyed when XfD discussions end up the number 1 google hit for
# their name. 
# https://phabricator.wikimedia.org/T16075
Disallow: /wiki/Wikipedia:Articles_for_deletion
Disallow: /wiki/Wikipedia%3AArticles_for_deletion
Disallow: /wiki/Wikipedia:Votes_for_deletion
Disallow: /wiki/Wikipedia%3AVotes_for_deletion
Disallow: /wiki/Wikipedia:Pages_for_deletion
Disallow: /wiki/Wikipedia%3APages_for_deletion
Disallow: /wiki/Wikipedia:Miscellany_for_deletion
Disallow: /wiki/Wikipedia%3AMiscellany_for_deletion
Disallow: /wiki/Wikipedia:Miscellaneous_deletion
Disallow: /wiki/Wikipedia%3AMiscellaneous_deletion
Disallow: /wiki/Wikipedia:Categories_for_discussion
Disallow: /wiki/Wikipedia%3ACategories_for_discussion
Disallow: /wiki/Wikipedia:Templates_for_deletion
Disallow: /wiki/Wikipedia%3ATemplates_for_deletion
Disallow: /wiki/Wikipedia:Redirects_for_discussion
Disallow: /wiki/Wikipedia%3ARedirects_for_discussion
Disallow: /wiki/Wikipedia:Deletion_review
Disallow: /wiki/Wikipedia%3ADeletion_review
Disallow: /wiki/Wikipedia:WikiProject_Deletion_sorting
Disallow: /wiki/Wikipedia%3AWikiProject_Deletion_sorting
Disallow: /wiki/Wikipedia:Files_for_deletion
Disallow: /wiki/Wikipedia%3AFiles_for_deletion
Disallow: /wiki/Wikipedia:Files_for_discussion
Disallow: /wiki/Wikipedia%3AFiles_for_discussion
Disallow: /wiki/Wikipedia:Possibly_unfree_files
Disallow: /wiki/Wikipedia%3APossibly_unfree_files
#
# https://phabricator.wikimedia.org/T12288
Disallow: /wiki/Wikipedia_talk:Articles_for_deletion
Disallow: /wiki/Wikipedia_talk%3AArticles_for_deletion
Disallow: /wiki/Wikipedia_talk:Votes_for_deletion
Disallow: /wiki/Wikipedia_talk%3AVotes_for_deletion
Disallow: /wiki/Wikipedia_talk:Pages_for_deletion
Disallow: /wiki/Wikipedia_talk%3APages_for_deletion
Disallow: /wiki/Wikipedia_talk:Miscellany_for_deletion
Disallow: /wiki/Wikipedia_talk%3AMiscellany_for_deletion
Disallow: /wiki/Wikipedia_talk:Miscellaneous_deletion
Disallow: /wiki/Wikipedia_talk%3AMiscellaneous_deletion
Disallow: /wiki/Wikipedia_talk:Templates_for_deletion
Disallow: /wiki/Wikipedia_talk%3ATemplates_for_deletion
Disallow: /wiki/Wikipedia_talk:Categories_for_discussion
Disallow: /wiki/Wikipedia_talk%3ACategories_for_discussion
Disallow: /wiki/Wikipedia_talk:Deletion_review
Disallow: /wiki/Wikipedia_talk%3ADeletion_review
Disallow: /wiki/Wikipedia_talk:WikiProject_Deletion_sorting
Disallow: /wiki/Wikipedia_talk%3AWikiProject_Deletion_sorting
Disallow: /wiki/Wikipedia_talk:Files_for_deletion
Disallow: /wiki/Wikipedia_talk%3AFiles_for_deletion
Disallow: /wiki/Wikipedia_talk:Files_for_discussion
Disallow: /wiki/Wikipedia_talk%3AFiles_for_discussion
Disallow: /wiki/Wikipedia_talk:Possibly_unfree_files
Disallow: /wiki/Wikipedia_talk%3APossibly_unfree_files
#
Disallow: /wiki/Wikipedia:Copyright_problems
Disallow: /wiki/Wikipedia%3ACopyright_problems
Disallow: /wiki/Wikipedia_talk:Copyright_problems
Disallow: /wiki/Wikipedia_talk%3ACopyright_problems
Disallow: /wiki/Wikipedia:Suspected_copyright_violations
Disallow: /wiki/Wikipedia%3ASuspected_copyright_violations
Disallow: /wiki/Wikipedia_talk:Suspected_copyright_violations
Disallow: /wiki/Wikipedia_talk%3ASuspected_copyright_violations
Disallow: /wiki/Wikipedia:Contributor_copyright_investigations
Disallow: /wiki/Wikipedia%3AContributor_copyright_investigations
Disallow: /wiki/Wikipedia:Contributor_copyright_investigations
Disallow: /wiki/Wikipedia%3AContributor_copyright_investigations
Disallow: /wiki/Wikipedia_talk:Contributor_copyright_investigations
Disallow: /wiki/Wikipedia_talk%3AContributor_copyright_investigations
Disallow: /wiki/Wikipedia_talk:Contributor_copyright_investigations
Disallow: /wiki/Wikipedia_talk%3AContributor_copyright_investigations
Disallow: /wiki/Wikipedia:Protected_titles
Disallow: /wiki/Wikipedia%3AProtected_titles
Disallow: /wiki/Wikipedia_talk:Protected_titles
Disallow: /wiki/Wikipedia_talk%3AProtected_titles
Disallow: /wiki/Wikipedia:Articles_for_creation
Disallow: /wiki/Wikipedia%3AArticles_for_creation
Disallow: /wiki/Wikipedia_talk:Articles_for_creation
Disallow: /wiki/Wikipedia_talk%3AArticles_for_creation
Disallow: /wiki/Wikipedia_talk:Article_wizard
Disallow: /wiki/Wikipedia_talk%3AArticle_wizard
#
# https://phabricator.wikimedia.org/T13261
Disallow: /wiki/Wikipedia:Requests_for_arbitration
Disallow: /wiki/Wikipedia%3ARequests_for_arbitration
Disallow: /wiki/Wikipedia_talk:Requests_for_arbitration
Disallow: /wiki/Wikipedia_talk%3ARequests_for_arbitration
Disallow: /wiki/Wikipedia:Requests_for_comment
Disallow: /wiki/Wikipedia%3ARequests_for_comment
Disallow: /wiki/Wikipedia_talk:Requests_for_comment
Disallow: /wiki/Wikipedia_talk%3ARequests_for_comment
Disallow: /wiki/Wikipedia:Requests_for_adminship
Disallow: /wiki/Wikipedia%3ARequests_for_adminship
Disallow: /wiki/Wikipedia_talk:Requests_for_adminship
Disallow: /wiki/Wikipedia_talk%3ARequests_for_adminship
#
# https://phabricator.wikimedia.org/T14111
Disallow: /wiki/Wikipedia:Requests_for_checkuser
Disallow: /wiki/Wikipedia%3ARequests_for_checkuser
Disallow: /wiki/Wikipedia_talk:Requests_for_checkuser
Disallow: /wiki/Wikipedia_talk%3ARequests_for_checkuser
#
# https://phabricator.wikimedia.org/T15398
Disallow: /wiki/Wikipedia:WikiProject_Spam
Disallow: /wiki/Wikipedia%3AWikiProject_Spam
#
# https://phabricator.wikimedia.org/T16793
Disallow: /wiki/Wikipedia:Changing_username
Disallow: /wiki/Wikipedia%3AChanging_username
Disallow: /wiki/Wikipedia:Changing_username
Disallow: /wiki/Wikipedia%3AChanging_username
Disallow: /wiki/Wikipedia_talk:Changing_username
Disallow: /wiki/Wikipedia_talk%3AChanging_username
Disallow: /wiki/Wikipedia_talk:Changing_username
Disallow: /wiki/Wikipedia_talk%3AChanging_username
#
Disallow: /wiki/Wikipedia:Administrators%27_noticeboard
Disallow: /wiki/Wikipedia%3AAdministrators%27_noticeboard
Disallow: /wiki/Wikipedia_talk:Administrators%27_noticeboard
Disallow: /wiki/Wikipedia_talk%3AAdministrators%27_noticeboard
Disallow: /wiki/Wikipedia:Community_sanction_noticeboard
Disallow: /wiki/Wikipedia%3ACommunity_sanction_noticeboard
Disallow: /wiki/Wikipedia_talk:Community_sanction_noticeboard
Disallow: /wiki/Wikipedia_talk%3ACommunity_sanction_noticeboard
Disallow: /wiki/Wikipedia:Bureaucrats%27_noticeboard
Disallow: /wiki/Wikipedia%3ABureaucrats%27_noticeboard
Disallow: /wiki/Wikipedia_talk:Bureaucrats%27_noticeboard
Disallow: /wiki/Wikipedia_talk%3ABureaucrats%27_noticeboard
#
Disallow: /wiki/Wikipedia:Sockpuppet_investigations
Disallow: /wiki/Wikipedia%3ASockpuppet_investigations
Disallow: /wiki/Wikipedia_talk:Sockpuppet_investigations
Disallow: /wiki/Wikipedia_talk%3ASockpuppet_investigations
#
Disallow: /wiki/Wikipedia:Neutral_point_of_view/Noticeboard
Disallow: /wiki/Wikipedia%3ANeutral_point_of_view/Noticeboard
Disallow: /wiki/Wikipedia_talk:Neutral_point_of_view/Noticeboard
Disallow: /wiki/Wikipedia_talk%3ANeutral_point_of_view/Noticeboard
#
Disallow: /wiki/Wikipedia:No_original_research/noticeboard
Disallow: /wiki/Wikipedia%3ANo_original_research/noticeboard
Disallow: /wiki/Wikipedia_talk:No_original_research/noticeboard
Disallow: /wiki/Wikipedia_talk%3ANo_original_research/noticeboard
#
Disallow: /wiki/Wikipedia:Fringe_theories/Noticeboard
Disallow: /wiki/Wikipedia%3AFringe_theories/Noticeboard
Disallow: /wiki/Wikipedia_talk:Fringe_theories/Noticeboard
Disallow: /wiki/Wikipedia_talk%3AFringe_theories/Noticeboard
#
Disallow: /wiki/Wikipedia:Conflict_of_interest/Noticeboard
Disallow: /wiki/Wikipedia%3AConflict_of_interest/Noticeboard
Disallow: /wiki/Wikipedia_talk:Conflict_of_interest/Noticeboard
Disallow: /wiki/Wikipedia_talk%3AConflict_of_interest/Noticeboard
#
Disallow: /wiki/Wikipedia:Long-term_abuse
Disallow: /wiki/Wikipedia%3ALong-term_abuse
Disallow: /wiki/Wikipedia_talk:Long-term_abuse
Disallow: /wiki/Wikipedia_talk%3ALong-term_abuse
Disallow: /wiki/Wikipedia:Long_term_abuse
Disallow: /wiki/Wikipedia%3ALong_term_abuse
Disallow: /wiki/Wikipedia_talk:Long_term_abuse
Disallow: /wiki/Wikipedia_talk%3ALong_term_abuse
#
Disallow: /wiki/Wikipedia:Wikiquette_assistance
Disallow: /wiki/Wikipedia%3AWikiquette_assistance
#
Disallow: /wiki/Wikipedia:Abuse_reports
Disallow: /wiki/Wikipedia%3AAbuse_reports
Disallow: /wiki/Wikipedia_talk:Abuse_reports
Disallow: /wiki/Wikipedia_talk%3AAbuse_reports
Disallow: /wiki/Wikipedia:Abuse_response
Disallow: /wiki/Wikipedia%3AAbuse_response
Disallow: /wiki/Wikipedia_talk:Abuse_response
Disallow: /wiki/Wikipedia_talk%3AAbuse_response
#
Disallow: /wiki/Wikipedia:Reliable_sources/Noticeboard
Disallow: /wiki/Wikipedia%3AReliable_sources/Noticeboard
Disallow: /wiki/Wikipedia_talk:Reliable_sources/Noticeboard
Disallow: /wiki/Wikipedia_talk%3AReliable_sources/Noticeboard
#
Disallow: /wiki/Wikipedia:Suspected_sock_puppets
Disallow: /wiki/Wikipedia%3ASuspected_sock_puppets
Disallow: /wiki/Wikipedia_talk:Suspected_sock_puppets
Disallow: /wiki/Wikipedia_talk%3ASuspected_sock_puppets
#
Disallow: /wiki/Wikipedia:Biographies_of_living_persons/Noticeboard
Disallow: /wiki/Wikipedia%3ABiographies_of_living_persons/Noticeboard
Disallow: /wiki/Wikipedia_talk:Biographies_of_living_persons/Noticeboard
Disallow: /wiki/Wikipedia_talk%3ABiographies_of_living_persons/Noticeboard
#
Disallow: /wiki/Wikipedia:Content_noticeboard
Disallow: /wiki/Wikipedia%3AContent_noticeboard
Disallow: /wiki/Wikipedia_talk:Content_noticeboard
Disallow: /wiki/Wikipedia_talk%3AContent_noticeboard
#
Disallow: /wiki/Template:Editnotices
Disallow: /wiki/Template%3AEditnotices
#
Disallow: /wiki/Wikipedia:Arbitration
Disallow: /wiki/Wikipedia%3AArbitration
Disallow: /wiki/Wikipedia_talk:Arbitration
Disallow: /wiki/Wikipedia_talk%3AArbitration
#
Disallow: /wiki/Wikipedia:Arbitration_Committee
Disallow: /wiki/Wikipedia%3AArbitration_Committee
Disallow: /wiki/Wikipedia_talk:Arbitration_Committee
Disallow: /wiki/Wikipedia_talk%3AArbitration_Committee
#
Disallow: /wiki/Wikipedia:Arbitration_Committee_Elections
Disallow: /wiki/Wikipedia%3AArbitration_Committee_Elections
Disallow: /wiki/Wikipedia_talk:Arbitration_Committee_Elections
Disallow: /wiki/Wikipedia_talk%3AArbitration_Committee_Elections
#
Disallow: /wiki/Wikipedia:Mediation_Committee
Disallow: /wiki/Wikipedia%3AMediation_Committee
Disallow: /wiki/Wikipedia_talk:Mediation_Committee
Disallow: /wiki/Wikipedia_talk%3AMediation_Committee
#
Disallow: /wiki/Wikipedia:Mediation_Cabal/Cases
Disallow: /wiki/Wikipedia%3AMediation_Cabal/Cases
#
Disallow: /wiki/Wikipedia:Requests_for_bureaucratship
Disallow: /wiki/Wikipedia%3ARequests_for_bureaucratship
Disallow: /wiki/Wikipedia_talk:Requests_for_bureaucratship
Disallow: /wiki/Wikipedia_talk%3ARequests_for_bureaucratship
#
Disallow: /wiki/Wikipedia:Administrator_review
Disallow: /wiki/Wikipedia%3AAdministrator_review
Disallow: /wiki/Wikipedia_talk:Administrator_review
Disallow: /wiki/Wikipedia_talk%3AAdministrator_review
#
Disallow: /wiki/Wikipedia:Editor_review
Disallow: /wiki/Wikipedia%3AEditor_review
Disallow: /wiki/Wikipedia_talk:Editor_review
Disallow: /wiki/Wikipedia_talk%3AEditor_review
#
Disallow: /wiki/Wikipedia:Article_Incubator
Disallow: /wiki/Wikipedia%3AArticle_Incubator
Disallow: /wiki/Wikipedia_talk:Article_Incubator
Disallow: /wiki/Wikipedia_talk%3AArticle_Incubator
#
Disallow: /wiki/Category:Noindexed_pages
Disallow: /wiki/Category%3ANoindexed_pages
#
# </pre>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/eprint.iacr.org/2005/401.html version [3bc41ec73e].















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<!DOCTYPE html
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Cryptology ePrint Archive: Report 2005/401</title>
<link rev="made" href="mailto:eprint-admin%40iacr.org" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="white">
<h2>Cryptology ePrint Archive: Report 2005/401</h2><p />
<p /><script type="text/javascript" 
src="/javascript/mathjax-2.6.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">  
MathJax.Hub.Config({
extensions: ["tex2jax.js","TeX/AMSmath.js","TeX/AMSsymbols.js"], 
jax: ["input/TeX", "output/HTML-CSS"], 
tex2jax: {
inlineMath: [ ['$','$'], ["\\(","\\)"] ], 
displayMath: [ ['$$','$$'], ["\\[","\\]"] ],
}, 
"HTML-CSS": { availableFonts: ["TeX"] }
}); 
</script>
<b>A  Computationally  Sound  Mechanized  Prover  for  Security  Protocols</b><p />
<i>Bruno  Blanchet</i><p />
<b>Abstract: </b>We  present  a  new  mechanized  prover  for  secrecy  properties  of
cryptographic  protocols.  In  contrast  to  most  previous  provers,  our
tool  does  not  rely  on  the  Dolev-Yao  model,  but  on  the  computational
model.  It  produces  proofs  presented  as  sequences  of  games;  these
games  are  formalized  in  a  probabilistic  polynomial-time  process
calculus.  Our  tool  provides  a  generic  method  for  specifying  security
properties  of  the  cryptographic  primitives,  which  can  handle  shared-
and  public-key  encryption,  signatures,  message  authentication  codes,
and  hash  functions.  Our  tool  produces  proofs  valid  for  a  number  of
sessions  polynomial  in  the  security  parameter,  in  the  presence  of  an
active  adversary.   We  have  implemented  our  tool   and  tested  it  on  a
number  of  examples  of  protocols  from  the  literature.
<P>
<p />
<b>Category / Keywords: </b>cryptographic protocols / <p />
<b>Publication Info: </b>A short version of this paper appears at IEEE Symposium on Security and Privacy, Oakland, 2006. This is the full version.<p />
<b>Date: </b>received 7 Nov 2005, last revised 16 Jun 2012<p />
<b>Contact author: </b>blanchet at di ens fr<p />
<b>Available format(s): </b><a href="/2005/401.ps">Postscript (PS)</a> | <a href="/2005/401.ps.gz">Compressed Postscript (PS.GZ)</a>  | <a href="/2005/401.pdf">PDF</a>  | <a href="/eprint-bin/cite.pl?entry=2005/401">BibTeX Citation</a>
<p />
<b>Note: </b>The revision includes extensions to handle more cryptographic primitives, improvements in the simplification of games, and a few minor updates and bug fixes. 
<p />
<b>Version: </b><a href="/2005/401/20120616:095147">20120616:095147</a> (<a href="/eprint-bin/versions.pl?entry=2005/401">All versions of this report</a>)

<p />
<b>Short URL: </b><a href='http://ia.cr/2005/401'>ia.cr/2005/401</a>
<p /><b><a href="/forum/">Discussion forum</a>: </b><a href="/forum/search.php?5,search=2005/401,page=1,match_type=PHRASE,match_dates=0,match_forum=THISONE">Show discussion</a> | <a href="/forum/posting.php?5">Start new discussion</a><p /><p /><hr />[ <A HREF="/">Cryptology ePrint archive</A> ]

</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/eprint.iacr.org/2006/069.html version [45c3dee871].



















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<!DOCTYPE html
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Cryptology ePrint Archive: Report 2006/069</title>
<link rev="made" href="mailto:eprint-admin%40iacr.org" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="white">
<h2>Cryptology ePrint Archive: Report 2006/069</h2><p />
<p /><script type="text/javascript" 
src="/javascript/mathjax-2.6.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">  
MathJax.Hub.Config({
extensions: ["tex2jax.js","TeX/AMSmath.js","TeX/AMSsymbols.js"], 
jax: ["input/TeX", "output/HTML-CSS"], 
tex2jax: {
inlineMath: [ ['$','$'], ["\\(","\\)"] ], 
displayMath: [ ['$$','$$'], ["\\[","\\]"] ],
}, 
"HTML-CSS": { availableFonts: ["TeX"] }
}); 
</script>
<b>Automated  Security  Proofs  with  Sequences  of  Games</b><p />
<i>Bruno  Blanchet   and  David  Pointcheval</i><p />
<b>Abstract: </b>This  paper  presents  the  first  automatic  technique  for  proving  not  only
protocols  but  also  primitives  in  the  exact  security  computational
model.   Automatic  proofs  of  cryptographic  protocols  were  up  to  now
reserved  to  the  Dolev-Yao  model,  which  however  makes  quite  strong
assumptions  on  the  primitives.   On  the  other  hand,  with  the  proofs  by
reductions,  in  the  complexity  theoretic  framework,  more  subtle
security  assumptions  can  be  considered,  but  security  analyses  are
manual.  A  process  calculus  is  thus  defined  in  order  to  take  into
account  the  probabilistic  semantics  of  the  computational  model.  It  is
already  rich  enough  to  describe  all  the  usual  security  notions  of  both
symmetric   and  asymmetric  cryptography,  as  well  as  the  basic
computational  assumptions.  As  an  example,  we  illustrate  the  use  of  the
new  tool  with  the  proof  of  a  quite  famous  asymmetric  primitive:
unforgeability  under  chosen-message  attacks (UF-CMA)  of  the
Full-Domain  Hash  signature  scheme  under  the (trapdoor)-one-wayness  of
some  permutations.
<P>
<p />
<b>Category / Keywords: </b>security proof; automatic proofs; sequences of games; computationally sound<p />
<b>Publication Info: </b>A short version of this paper appears at CRYPTO'06. This is the full version.<p />
<b>Date: </b>received 23 Feb 2006, last revised 11 Jun 2006<p />
<b>Contact author: </b>blanchet at di ens fr<p />
<b>Available format(s): </b><a href="/2006/069.ps">Postscript (PS)</a> | <a href="/2006/069.ps.gz">Compressed Postscript (PS.GZ)</a>  | <a href="/2006/069.pdf">PDF</a>  | <a href="/eprint-bin/cite.pl?entry=2006/069">BibTeX Citation</a>
<p />
<b>Version: </b><a href="/2006/069/20060611:085657">20060611:085657</a> (<a href="/eprint-bin/versions.pl?entry=2006/069">All versions of this report</a>)

<p />
<b>Short URL: </b><a href='http://ia.cr/2006/069'>ia.cr/2006/069</a>
<p /><b><a href="/forum/">Discussion forum</a>: </b><a href="/forum/search.php?6,search=2006/069,page=1,match_type=PHRASE,match_dates=0,match_forum=THISONE">Show discussion</a> | <a href="/forum/posting.php?6">Start new discussion</a><p /><p /><hr />[ <A HREF="/">Cryptology ePrint archive</A> ]

</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/eprint.iacr.org/2007/128.html version [c02bc59005].

















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<!DOCTYPE html
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Cryptology ePrint Archive: Report 2007/128</title>
<link rev="made" href="mailto:eprint-admin%40iacr.org" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="white">
<h2>Cryptology ePrint Archive: Report 2007/128</h2><p />
<p /><script type="text/javascript" 
src="/javascript/mathjax-2.6.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">  
MathJax.Hub.Config({
extensions: ["tex2jax.js","TeX/AMSmath.js","TeX/AMSsymbols.js"], 
jax: ["input/TeX", "output/HTML-CSS"], 
tex2jax: {
inlineMath: [ ['$','$'], ["\\(","\\)"] ], 
displayMath: [ ['$$','$$'], ["\\[","\\]"] ],
}, 
"HTML-CSS": { availableFonts: ["TeX"] }
}); 
</script>
<b>Computationally  Sound  Mechanized  Proofs  of  Correspondence  Assertions</b><p />
<i>Bruno  Blanchet</i><p />
<b>Abstract: </b>We  present  a  new  mechanized  prover  for  showing  correspondence
assertions  for  cryptographic  protocols  in  the  computational  model.
Correspondence  assertions  are  useful  in  particular  for  establishing
authentication.
Our  technique  produces  proofs  by  sequences  of  games,  as  standard  in
cryptography.   These  proofs  are  valid  for  a  number  of  sessions
polynomial  in  the  security  parameter,  in  the  presence  of  an  active
adversary.   Our  technique  can  handle  a  wide  variety  of  cryptographic
primitives,  including  shared-   and  public-key  encryption,  signatures,
message  authentication  codes,   and  hash  functions.   It  has  been
implemented  in  the  tool  CryptoVerif   and  successfully  tested  on
examples  from  the  literature.
<p />
<b>Category / Keywords: </b>cryptographic protocols / cryptographic protocols, automatic verification, computationally sound, correspondence assertions, authentication<p />
<b>Original Publication</b><b> (with major differences): </b>CSF'07 (IEEE Computer Security Foundations Symposium) 
<b><BR>DOI: </b><a href="http://dx.doi.org/10.1109/CSF.2007.16">10.1109/CSF.2007.16<b></a></b>
<p />
<b>Date: </b>received 4 Apr 2007, last revised 6 Jun 2017<p />
<b>Contact author: </b>bruno blanchet at inria fr<p />
<b>Available format(s): </b><a href="/2007/128.pdf">PDF</a>  | <a href="/eprint-bin/cite.pl?entry=2007/128">BibTeX Citation</a>
<p />
<b>Note: </b>This is the full version of the paper. Compared to the conference version, this version adds appendices, which contain details on the semantics of the calculus, the proof engine we use for reasoning on games, the proofs of our results, and our experiments. Version 2 fixes Definition 4, updates Definition 2 to use the same notations, and provides other minor updates.
<p />
<b>Version: </b><a href="/2007/128/20170606:072301">20170606:072301</a> (<a href="/eprint-bin/versions.pl?entry=2007/128">All versions of this report</a>)

<p />
<b>Short URL: </b><a href='http://ia.cr/2007/128'>ia.cr/2007/128</a>
<p /><b><a href="/forum/">Discussion forum</a>: </b><a href="/forum/search.php?7,search=2007/128,page=1,match_type=PHRASE,match_dates=0,match_forum=THISONE">Show discussion</a> | <a href="/forum/posting.php?7">Start new discussion</a><p /><p /><hr />[ <A HREF="/">Cryptology ePrint archive</A> ]

</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/eprint.iacr.org/2012/173.html version [1a4661f3ae].

























































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<!DOCTYPE html
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Cryptology ePrint Archive: Report 2012/173</title>
<link rev="made" href="mailto:eprint-admin%40iacr.org" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="white">
<h2>Cryptology ePrint Archive: Report 2012/173</h2><p />
<p /><script type="text/javascript" 
src="/javascript/mathjax-2.6.1/MathJax.js?config=TeX-AMS-MML_HTMLorMML">  
MathJax.Hub.Config({
extensions: ["tex2jax.js","TeX/AMSmath.js","TeX/AMSsymbols.js"], 
jax: ["input/TeX", "output/HTML-CSS"], 
tex2jax: {
inlineMath: [ ['$','$'], ["\\(","\\)"] ], 
displayMath: [ ['$$','$$'], ["\\[","\\]"] ],
}, 
"HTML-CSS": { availableFonts: ["TeX"] }
}); 
</script>
<b>Automatically  Verified  Mechanized  Proof  of  One-Encryption  Key  Exchange</b><p />
<i>Bruno  Blanchet</i><p />
<b>Abstract: </b>We  present  a  mechanized  proof  of  the  password-based  protocol  One-Encryption  Key  Exchange (OEKE)  using  the  computationally-sound  protocol  prover  CryptoVerif.  OEKE  is  a  non-trivial  protocol,   and  thus  mechanizing  its  proof  provides  additional  confidence  that  it  is  correct.
This  case  study  was  also  an  opportunity  to  implement  several  important  extensions  of  CryptoVerif,  useful  for  proving  many  other  protocols.  We  have  indeed  extended  CryptoVerif  to  support  the  computational  Diffie-Hellman  assumption.  We  have  also  added  support  for  proofs  that  rely  on  Shoup's  lemma   and  additional  game  transformations.  In  particular,  it  is  now  possible  to  insert  case  distinctions  manually   and  to  merge  cases  that  no  longer  need  to  be  distinguished.  Eventually,  some  improvements  have  been  added  on  the  computation  of  the  probability  bounds  for  attacks,  providing  better  reductions.  In  particular,  we  improve  over  the  standard  computation  of  probabilities  when  Shoup's  lemma  is  used,  which  allows  us  to  improve  the  bound  given  in  a  previous  manual  proof  of  OEKE,   and  to  show  that  the  adversary  can  test  at  most  one  password  per  session  of  the  protocol.
In  this  paper,  we  present  these  extensions,  with  their  application  to  the  proof  of  OEKE.  All  steps  of  the  proof,  both  automatic   and  manually  guided,  are  verified  by  CryptoVerif.
<P>
<p />
<b>Category / Keywords: </b>cryptographic protocols / Automatic proofs, Formal methods, Provable security, Protocols, Password-based authentication<p />
<b>Publication Info: </b>This is the full version of a paper to appear at CSF'12 (IEEE Computer Security Foundations Symposium). The full version adds all appendices.<p />
<b>Date: </b>received 2 Apr 2012<p />
<b>Contact author: </b>blanchet at di ens fr<p />
<b>Available format(s): </b><a href="/2012/173.ps">Postscript (PS)</a> | <a href="/2012/173.ps.gz">Compressed Postscript (PS.GZ)</a>  | <a href="/2012/173.pdf">PDF</a>  | <a href="/eprint-bin/cite.pl?entry=2012/173">BibTeX Citation</a>
<p />
<b>Version: </b><a href="/2012/173/20120411:155519">20120411:155519</a> (<a href="/eprint-bin/versions.pl?entry=2012/173">All versions of this report</a>)

<p />
<b>Short URL: </b><a href='http://ia.cr/2012/173'>ia.cr/2012/173</a>
<p /><b><a href="/forum/">Discussion forum</a>: </b><a href="/forum/search.php?12,search=2012/173,page=1,match_type=PHRASE,match_dates=0,match_forum=THISONE">Show discussion</a> | <a href="/forum/posting.php?12">Start new discussion</a><p /><p /><hr />[ <A HREF="/">Cryptology ePrint archive</A> ]

</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/eprint.iacr.org/robots.txt version [88bb29ef78].

















>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
# robots.txt for http://eprint.iacr.org/
# we also use other mechanisms to control crawling. 
# for questions about this, send email to Kevin McCurley
User-agent: *
Disallow: /cgi-bin/
Disallow: /eprint-bin/
Disallow: /eprint-test-bin/
Crawl-delay: 20

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/eurospace.org/robots.txt version [0e25427568].







































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# robots.txt
User-agent: *
Disallow: /*.axd
Disallow: /*.axd$
Disallow: /*.csshandler.ashx
Disallow: /*.csshandler.ashx$
Disallow: /*.csshandler.ashx*
Disallow: /?skin=
Disallow: /ScriptResource.axd$
Disallow: /ScriptResource.axd*
Disallow: /Admin/
Disallow: /App_Browsers/
Disallow: /App_Code/
Disallow: /App_Data/
Disallow: /App_Themes/
Disallow: /aspnet_client/
Disallow: /bin/
Disallow: /Blog/ViewCategory.aspx$
Disallow: /Blog/ViewArchive.aspx$
Disallow: /ClientScript/
Disallow: /MyPage.aspx
Disallow: /MyPage.aspx$
Disallow: /MyPage.aspx*
Disallow: /NeatHtml/
Disallow: /NeatUpload/
Disallow: /Secure/
Disallow: /Setup/
Disallow: /SearchResults.aspx$
Disallow: /SearchResults.aspx*
Disallow: /SiteMap.aspx
Disallow: /SiteOffice/
Disallow: /WebStore/CartAdd.aspx$
Disallow: /WebStore/CartAdd.aspx*
Disallow: /WebStore/Cart.aspx$
Disallow: /WebStore/Cart.aspx*

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/feedburner.google.com/robots.txt version [88a8390db1].





>
>
1
2
User-agent: *
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/fivu.dk/robots.txt version [f6ceb8f966].





















































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
# Define access-restrictions for robots/spiders
# http://www.robotstxt.org/wc/norobots.html

# By default we allow robots to access all areas of our site 
# already accessible to anonymous users

User-agent: *
Disallow: /*sendto_form$
Disallow: /*sendto_form
Disallow: /*folder_factories$
Disallow: /resolvePermaLink
Disallow: /site
Disallow: /search
Disallow: /indholdsoversigt/
Disallow: /filer/
Disallow: /nyheder/nyheder-udefra/emner/
Disallow: /*.rss$
Disallow: /*.RSS$
Disallow: /*.pdf$
Disallow: /*.PDF$
Disallow: /*.png$
Disallow: /*.PNG$
Disallow: /*.gif$
Disallow: /*.GIF$
Disallow: /*.jpg$
Disallow: /*.JPG$
Disallow: /*.jpeg$
Disallow: /*.JPEG$
Disallow: /*.tiff$
Disallow: /*.TIFF$
Disallow: /*.doc$
Disallow: /*.DOC$
Disallow: /*.docx$
Disallow: /*.DOCX$
Disallow: /*.ppt$
Disallow: /*.PPT$
Disallow: /*.pptx$
Disallow: /*.PPTX$
Disallow: /*.xls$
Disallow: /*.XLS$
Disallow: /*.xlsx$
Disallow: /*.XLSX$
Disallow: /*.mpeg4$
Disallow: /*.MPEG$
Disallow: /*.wmv$
Disallow: /*.WMV$
Disallow: /*.flv$
Disallow: /*.FLV$
Disallow: /*.wmov$
Disallow: /*.WMOV$
Disallow: /*.mp3$
Disallow: /*.MP3$
Disallow: /*.wav$
Disallow: /*.WAV$
Disallow: /*.zip$
Disallow: /*.ZIP$
Disallow: /*.rtf$
Disallow: /*.RTF$

# Add Googlebot-specific syntax extension to exclude forms 
# that are repeated for each piece of content in the site 
# the wildcard is only supported by Googlebot
# http://www.google.com/support/webmasters/bin/answer.py?answer=40367&ctx=sibling

User-Agent: Googlebot
Disallow: /*static/js/cookieoptout.js
Disallow: /*sendto_form$
Disallow: /*sendto_form
Disallow: /*folder_factories$
Disallow: /resolvePermaLink
Disallow: /site
Disallow: /search
Disallow: /indholdsoversigt/
Disallow: /filer/
Disallow: /nyheder/nyheder-udefra/emner/
Disallow: /*.rss$
Disallow: /*.RSS$
Disallow: /*.pdf$
Disallow: /*.PDF$
Disallow: /*.png$
Disallow: /*.PNG$
Disallow: /*.gif$
Disallow: /*.GIF$
Disallow: /*.jpg$
Disallow: /*.JPG$
Disallow: /*.jpeg$
Disallow: /*.JPEG$
Disallow: /*.tiff$
Disallow: /*.TIFF$
Disallow: /*.doc$
Disallow: /*.DOC$
Disallow: /*.docx$
Disallow: /*.DOCX$
Disallow: /*.ppt$
Disallow: /*.PPT$
Disallow: /*.pptx$
Disallow: /*.PPTX$
Disallow: /*.xls$
Disallow: /*.XLS$
Disallow: /*.xlsx$
Disallow: /*.XLSX$
Disallow: /*.mpeg4$
Disallow: /*.MPEG$
Disallow: /*.wmv$
Disallow: /*.WMV$
Disallow: /*.flv$
Disallow: /*.FLV$
Disallow: /*.wmov$
Disallow: /*.WMOV$
Disallow: /*.mp3$
Disallow: /*.MP3$
Disallow: /*.wav$
Disallow: /*.WAV$
Disallow: /*.zip$
Disallow: /*.ZIP$
Disallow: /*.rtf$
Disallow: /*.RTF$

ACAP-crawler: *
ACAP-disallow-crawl: /*sendto_form$
ACAP-disallow-crawl: /*sendto_form
ACAP-disallow-crawl: /*folder_factories$
ACAP-disallow-crawl: /resolvePermaLink
ACAP-disallow-crawl: /site
ACAP-disallow-crawl: /search
ACAP-disallow-crawl: /indholdsoversigt/
ACAP-disallow-crawl: /filer/
ACAP-disallow-crawl: /nyheder/nyheder-udefra/emner/
ACAP-disallow-crawl: /*.rss$
ACAP-disallow-crawl: /*.RSS$
ACAP-disallow-crawl: /*.pdf$
ACAP-disallow-crawl: /*.PDF$
ACAP-disallow-crawl: /*.png$
ACAP-disallow-crawl: /*.PNG$
ACAP-disallow-crawl: /*.gif$
ACAP-disallow-crawl: /*.GIF$
ACAP-disallow-crawl: /*.jpg$
ACAP-disallow-crawl: /*.JPG$
ACAP-disallow-crawl: /*.jpeg$
ACAP-disallow-crawl: /*.JPEG$
ACAP-disallow-crawl: /*.tiff$
ACAP-disallow-crawl: /*.TIFF$
ACAP-disallow-crawl: /*.doc$
ACAP-disallow-crawl: /*.DOC$
ACAP-disallow-crawl: /*.docx$
ACAP-disallow-crawl: /*.DOCX$
ACAP-disallow-crawl: /*.ppt$
ACAP-disallow-crawl: /*.PPT$
ACAP-disallow-crawl: /*.pptx$
ACAP-disallow-crawl: /*.PPTX$
ACAP-disallow-crawl: /*.xls$
ACAP-disallow-crawl: /*.XLS$
ACAP-disallow-crawl: /*.xlsx$
ACAP-disallow-crawl: /*.XLSX$
ACAP-disallow-crawl: /*.mpeg4$
ACAP-disallow-crawl: /*.MPEG$
ACAP-disallow-crawl: /*.wmv$
ACAP-disallow-crawl: /*.WMV$
ACAP-disallow-crawl: /*.flv$
ACAP-disallow-crawl: /*.FLV$
ACAP-disallow-crawl: /*.wmov$
ACAP-disallow-crawl: /*.WMOV$
ACAP-disallow-crawl: /*.mp3$
ACAP-disallow-crawl: /*.MP3$
ACAP-disallow-crawl: /*.wav$
ACAP-disallow-crawl: /*.WAV$
ACAP-disallow-crawl: /*.zip$
ACAP-disallow-crawl: /*.ZIP$
ACAP-disallow-crawl: /*.rtf$
ACAP-disallow-crawl: /*.RTF$

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/fonts.googleapis.com/robots.txt version [7a02e01558].





>
>
1
2
User-agent: *
Disallow: 

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/fr.arxiv.org/robots.txt.html version [f931191eed].































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<title>arXiv mirror fr.arxiv.org has been discontinued</title>
<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" media="screen" href="https://arxiv.org/css/arXiv.css" />
<base href="https://arxiv.org/" />
<meta http-equiv="refresh" content="15;URL=https://arxiv.org/robots.txt" />

<!-- Piwik -->
<script type="text/javascript">
var _paq = _paq || [];
_paq.push(["setDomains", ["*.arxiv.org"]]);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function()
{ var u="//webanalytics.library.cornell.edu/"; _paq.push(['setTrackerUrl', u+'piwik.php']); _paq.push(['setSiteId', 538]); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.defer=true; g.src=u+'piwik.js'; s.parentNode.insertBefore(g,s); }
)();
</script>
<!-- End Piwik Code -->


</head>
<body class="with-cu-identity">

<noscript><img src="//webanalytics.library.cornell.edu/piwik.php?idsite=538&rec=1" style="border:0;" alt="" /></noscript>

<div id="cu-identity">
<div id="cu-logo">
<a id="insignia-link" href="http://www.cornell.edu/"><img src="/icons/cu/cul_signature_unstyled.gif" alt="Cornell University" width="283" height="76" border="0" /></a>
<div id="unit-signature-links">
<a id="cornell-link" href="http://www.cornell.edu/">Cornell University</a>
<a id="unit-link" href="http://www.library.cornell.edu/">Library</a>
</div>
</div>
<div id="support-ack">
<a href="https://confluence.cornell.edu/x/ALlRF">We gratefully acknowledge support from<br />the Simons Foundation<br /> and member institutions</a>
</div>
</div>
<div id="header">
<h1><a href="/">arXiv.org</a></h1>
<div id="search">
<form id="search-arxiv" method="post" action="/search">
                
<div class="wrapper-search-arxiv">
<input class="keyword-field" type="text" name="query" placeholder="Search or Article ID"/>

<div class="filter-field">
 <select name="searchtype">
<option value="all" selected="selected">All papers</option>
<option value="ti">Titles</option>
<option value="au">Authors</option>
<option value="abs">Abstracts</option>
<option value="ft">Full text</option>
<option value="help">Help pages</option>
</select>
</div>
<input class="btn-search-arxiv" value="" type="submit">
<div class="links">(<a href="/help">Help</a> | <a href="/find">Advanced search</a>)</div>
</div>
</form>
</div>
</div>
<div id="content">
<h1>arXiv mirror fr.arxiv.org has been discontinued</h1>
<p>See <a href="/help/mirrors">arXiv mirror sites</a> for details of the arXiv mirror network.</p>
<p>You should be automatically redirected in 15 seconds, you may also follow this link: <a href="https://arxiv.org/robots.txt">https://arxiv.org/robots.txt</a>.</p>
</div>
<div id="footer">
<div class="footer-text">
<address>
<a href="/help/contact">Contact</a>
</address>
</div>
<div class="social"><a href="https://twitter.com/arxiv"><img src="//static.arxiv.org/icons/twitter_logo_blue.png" alt="Twitter" title="Follow arXiv on Twitter"></a></div>
</div>
</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/gale.cengage.co.uk/robots.txt version [da223a7d47].





>
>
1
2
User-agent: * 
Disallow: 

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/gale.cengage.com/robots.txt version [da39a3ee5e].

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/github.com/robots.txt version [06eda428a9].































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
# If you would like to crawl GitHub contact us at support@github.com.
# We also provide an extensive API: https://developer.github.com/

User-agent: CCBot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: coccoc
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Daumoa
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: dotbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: duckduckbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: EtaoSpider
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Googlebot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: HTTrack
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: ia_archiver
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: IntuitGSACrawler
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Mail.RU_Bot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: msnbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Bingbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: naverbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: red-app-gsa-p-one
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: rogerbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: SandDollar
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: seznambot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Slurp
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Swiftbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Telefonica
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: teoma
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Twitterbot
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login

User-agent: Yandex
Allow: /*/*/tree/master
Allow: /*/*/blob/master
Disallow: /ekansa/Open-Context-Data
Disallow: /ekansa/opencontext-*
Disallow: /*/*/pulse
Disallow: /*/*/tree/*
Disallow: /*/*/blob/*
Disallow: /*/*/wiki/*/*
Disallow: /gist/*/*/*
Disallow: /oembed
Disallow: /*/forks
Disallow: /*/stars
Disallow: /*/download
Disallow: /*/revisions
Disallow: /*/*/issues/new
Disallow: /*/*/issues/search
Disallow: /*/*/commits/*/*
Disallow: /*/*/commits/*?author
Disallow: /*/*/commits/*?path
Disallow: /*/*/branches
Disallow: /*/*/tags
Disallow: /*/*/contributors
Disallow: /*/*/comments
Disallow: /*/*/stargazers
Disallow: /*/*/search
Disallow: /*/tarball/
Disallow: /*/zipball/
Disallow: /*/*/archive/
Disallow: /raw/*
Disallow: /*/followers
Disallow: /*/following
Disallow: /stars/*
Disallow: /*/blame/
Disallow: /*/watchers
Disallow: /*/network
Disallow: /*/graphs
Disallow: /*/raw/
Disallow: /*/compare/
Disallow: /*/cache/
Disallow: /*/*/blame/
Disallow: /*/*/watchers
Disallow: /*/*/network
Disallow: /*/*/graphs
Disallow: /*/*/raw/
Disallow: /*/*/compare/
Disallow: /*/*/cache/
Disallow: /.git/
Disallow: /*/.git/
Disallow: /*.git$
Disallow: /*/sitemap.xml
Disallow: /search/advanced
Disallow: /search
Disallow: /*q=
Disallow: /*.atom
Disallow: /login


User-agent: *
Allow: /humans.txt
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/google-analytics.com/robots.txt version [0dcbf987de].









>
>
>
>
1
2
3
4
User-agent: *
Disallow: /ga_exp.js
Disallow: /siteopt.js
Disallow: /config.js

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/hal.archives-ouvertes.fr/robots.txt version [0f7b7ca0b2].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# HAL robots.txt
# If you want to download lots of metadata, please use our API at https://api.archives-ouvertes.fr/
# The API is far more efficient for metadata harvesting.
# To learn more, please contact hal.support@ccsd.cnrs.fr
User-Agent: *
Disallow: /RePEc/
Disallow: /search/
Disallow: /*/search/
Disallow: /*/browse/last
Disallow: /browse/last
Disallow: /*/browse/latest-publications
Disallow: /browse/latest-publications
Disallow: */tei
Disallow: */rdf
Disallow: */bibtex
Disallow: */dc
Disallow: */endnote
Disallow: */json
Disallow: /ping
Disallow: /login
Disallow: /submit
Disallow: /user
Disallow: /error
# Sitemap
Sitemap: https://hal.archives-ouvertes.fr/robots/sitemap

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/hal.inria.fr/hal-01527671.html version [42a5e724d8].













































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr">
<head>
<title>Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols</title>
<link href="http://purl.org/dc/elements/1.1/" rel="schema.DC" />
<link href="//static.ccsd.cnrs.fr" rel="dns-prefetch" />
<link href="//cas.ccsd.cnrs.fr" rel="dns-prefetch" />
<link href="//cdn.mathjax.org" rel="dns-prefetch" />
<link href="/img/favicon.png" rel="icon" type="type/png" />
<link href="/search/opensearch" rel="search" type="application/opensearchdescription+xml" title="HAL" />
<link href="/css/print_hal.css" media="print" rel="stylesheet" type="text/css" />
<meta name="DC.publisher" content="Inria Paris" />
<meta name="citation_dissertation_institution" content="Inria Paris" />
<meta name="citation_firstpage" content="40" />
<meta name="DC.issued" content="2017/05" />
<meta name="DC.date" content="2017/05" />
<meta name="citation_publication_date" content="2017/05" />
<meta name="citation_online_date" content="2017/05/24" />
<meta property="og:url" content="https://hal.inria.fr/hal-01527671/document" />
<meta name="DC.identifier" content="https://hal.inria.fr/hal-01527671/document" />
<meta name="citation_pdf_url" content="https://hal.inria.fr/hal-01527671/document" />
<meta name="keywords" content="protocoles cryptographiques ; vérification ; modèle symbolique ; modèle calculatoire" />
<meta name="DC.subject" content="protocoles cryptographiques ; vérification ; modèle symbolique ; modèle calculatoire" />
<meta name="citation_keywords" content="protocoles cryptographiques ; vérification ; modèle symbolique ; modèle calculatoire" />
<meta name="keywords" content="security protocols ; symbolic model ; computational model" />
<meta name="DC.subject" content="security protocols ; symbolic model ; computational model" />
<meta name="citation_keywords" content="security protocols ; symbolic model ; computational model" />
<meta property="og:description" content="We present the first formal analysis of two avionic protocols that aim to secure air-ground communications, the ARINC823 public-key and shared-key protocols. We verify these protocols both in the symbolic model of cryptography, using ProVerif, and in the computational model, using CryptoVerif.  While we confirm many security properties of these protocols, we also find several weaknesses, attacks, and imprecisions in the standard.  We propose fixes for these problems. This case study required the specification of new cryptographic primitives in CryptoVerif. It also illustrates the complementarity between symbolic and computational verification." />
<meta name="description" content="We present the first formal analysis of two avionic protocols that aim to secure air-ground communications, the ARINC823 public-key and shared-key protocols. We verify these protocols both in the symbolic model of cryptography, using ProVerif, and in the computational model, using CryptoVerif.  While we confirm many security properties of these protocols, we also find several weaknesses, attacks, and imprecisions in the standard.  We propose fixes for these problems. This case study required the specification of new cryptographic primitives in CryptoVerif. It also illustrates the complementarity between symbolic and computational verification." />
<meta name="DC.description" content="We present the first formal analysis of two avionic protocols that aim to secure air-ground communications, the ARINC823 public-key and shared-key protocols. We verify these protocols both in the symbolic model of cryptography, using ProVerif, and in the computational model, using CryptoVerif.  While we confirm many security properties of these protocols, we also find several weaknesses, attacks, and imprecisions in the standard.  We propose fixes for these problems. This case study required the specification of new cryptographic primitives in CryptoVerif. It also illustrates the complementarity between symbolic and computational verification." />
<meta name="citation_abstract" content="We present the first formal analysis of two avionic protocols that aim to secure air-ground communications, the ARINC823 public-key and shared-key protocols. We verify these protocols both in the symbolic model of cryptography, using ProVerif, and in the computational model, using CryptoVerif.  While we confirm many security properties of these protocols, we also find several weaknesses, attacks, and imprecisions in the standard.  We propose fixes for these problems. This case study required the specification of new cryptographic primitives in CryptoVerif. It also illustrates the complementarity between symbolic and computational verification." />
<meta name="DC.creator" content="Bruno Blanchet" />
<meta name="citation_author" content="Bruno Blanchet" />
<meta property="og:url" content="https://hal.inria.fr/hal-01527671" />
<meta name="DC.identifier" content="hal-01527671" />
<meta name="DC.identifier" content="https://hal.inria.fr/hal-01527671" />
<meta property="og:title" content="Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols" />
<meta name="DC.title" content="Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols" />
<meta name="citation_title" content="Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols" />
<meta property="og:type" content="report" />
<meta name="DC.type" content="report" />
<meta name="DC.language" content="en" />
<meta name="citation_language" content="en" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Language" content="fr" />
<script type="text/javascript">
    //<![CDATA[
    var lang = 'fr';    //]]>
</script>
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/ccsd_form.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/custom-theme/jquery-ui-1.10.0.custom.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/v3/css/bootstrap.min.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/ccsd.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/css/hal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/public/style.css?1496128467" type="text/css" media="screen" />

<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/jquery/min.1.9.1.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/jquery/ui/min.1.10.3.js"></script>
<script type="text/javascript" src="/js/translations.php?lang=fr"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/v3/js/bootstrap.min.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/form.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/datepicker/datepicker-fr.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/datepicker.js"></script>
<script type="text/javascript" src="/js/utile.js"></script>


<script type="text/javascript" src="//cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
<script type='text/x-mathjax-config'>
    MathJax.Hub.Config({tex2jax: {inlineMath: [['$','$'], ['$$','$$']]}});
</script>
<style type="text/css">
html {
	position: relative;
	min-height: 100%;
}

body {
	/* Margin bottom by footer height */
	margin-bottom: 140px;
}

</style>
</head>
<body>

        <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
                        <div class="navbar-header ">
                <button type="button" class="navbar-toggle" data-toggle="collapse"
                        data-target="#nav-services">
                    <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span
                        class="icon-bar"></span> <span class="icon-bar"></span>
                </button>
                <div class="logo-ccsd">
                    <a class="brand" href="https://www.ccsd.cnrs.fr/"
                       title="Centre pour la communication Scientifique directe"><img src="/img/ccsd.png"
                                                                                      border="0"/></a>
                                    </div>
            </div>
                        <div class="collapse navbar-collapse" id="nav-services">
                <ul class="nav navbar-nav">
                    <li class="dropdown active"><a
                            href="#" class="dropdown-toggle" data-toggle="dropdown">HAL <b class="caret"
                                                                                           style="border-top-color:#ee5a35;border-bottom-color:#ee5a35;"></b></a>
                        <ul class="dropdown-menu">
                            <li><a href="https://hal.archives-ouvertes.fr">HAL</a></li>
                            <li><a href="https://halshs.archives-ouvertes.fr">HALSHS</a>
                            </li>
                            <li><a href="https://tel.archives-ouvertes.fr">TEL</a></li>
                            <li><a href="https://medihal.archives-ouvertes.fr">MédiHAL</a>
                            </li>
                            <li><a href="https://hal.archives-ouvertes.fr/browse/portal">Liste
                                    des portails</a></li>
                            <li class="divider"></li>
                            <li><a href="https://aurehal.archives-ouvertes.fr"
                                   target="_blank">AURéHAL</a></li>
                            <li><a href="http://api.archives-ouvertes.fr/docs">API</a></li>
                            <li>
                                <a href="https://hal.archives-ouvertes.fr/section/documentation">Documentation</a>
                            </li>
                        </ul>
                    </li>
                    <li class=""><a
                            href="https://www.episciences.org?lang=fr">Episciences.org</a></li>
                    <li class=""><a
                            href="https://www.sciencesconf.org">Sciencesconf.org</a></li>
                    <li><a href="https://support.ccsd.cnrs.fr">Support</a></li>
                </ul>
                                    <div class="nav navbar-nav navbar-right">
                                                    <form class="form-inline pull-right"
                                  style="margin-top: 8px; margin-right: 8px;"
                                  action="/user/login" id="form-login" method="post">
                                <input type="hidden" name="forward-controller"
                                       value="view"/>
                                <input type="hidden" name="forward-action"
                                       value="index"/>
                                <input type="hidden" name="identifiant" value="hal-01527671" />                                <div class="btn-group">
                                    <button class="btn btn-small btn-primary" type="button"
                                            onclick="$('#form-login').submit();" accesskey="l">
                                        <i class="glyphicon glyphicon-user glyphicon-white"></i>&nbsp;Connexion                                    </button>
                                    <button class="btn btn-small btn-primary dropdown-toggle" data-toggle="dropdown"
                                            type="button">
                                        <span class="caret"
                                              style="border-top-color: #fff; border-bottom-color: #fff;"></span>
                                    </button>


                                                                        <ul class="dropdown-menu pull-right">
                                    <li><a href="#" onclick="$('#form-login').submit();" accesskey="l">Connexion</a></li>
                                                                                <li class="divider"></li>
                                        <li><a href="/user/create">Créer un compte</a></li>
                                        <li class="divider"></li>
                                        <li><a href="/user/lostpassword">Mot de passe oublié ?</a></li>
                                        <li><a href="/user/lostlogin">Login oublié ?</a></li>
                                    </ul>
                                </div>
                            </form>
                                            </div>
                                <form action="" method="post" id="formLang">
                    <input type="hidden" name="lang" id="lang" value=""/>
                    <ul class="nav navbar-nav navbar-right navbar-lang">
                                                        <li class=" active"><a
                                        href="javascript:void(0);" title="fr"
                                        onclick="$('#lang').val('fr');$('#formLang').submit();"><span
                                            class="badge small">fr</span></a></li>
                                                                <li class=" "><a
                                        href="javascript:void(0);" title="en"
                                        onclick="$('#lang').val('en');$('#formLang').submit();"><span
                                            class="badge small">en</span></a></li>
                                                    </ul>
                </form>
            </div>
        </div>
        
<div id="container" class="container">
    <div class="logo">
        <table width="100%" cellpadding="0" style="position:relative;">
<tr>
<td align="left"><a href="http://www.inria.fr" border="0" target="_blank"><img src="/public/Inria_logoWeb_50_red_FR_2x.png" width="320" height="108" /></a></td>
<td align="center"><img src="/public/logo_hal_inria.png" width="71" height="72" alt="Logo HAL-Inria" /></td>
<td align="center"><img src="/public/INRIA_bandeau_hal.png" width="350" height="59" alt="HAL-Inria archive ouverte/open archive" /></td>
<td align="center"><a href="http://hal.archives-ouvertes.fr" border="0" target="_blank"><img src="/img/tampon-hal.jpg" width="71" height="72" alt="HAL - hal.archives-ouvertes.fr" /></a></td>
</tr>
</table>
    </div>
    <div class="row">
            <div class="col-md-12">
        <style type="text/css">
    .nav-tabs > li {
        margin-bottom: -2px;
    }
    .dropdown:hover>.dropdown-menu {
        display: block;
     }
</style>
<div id="global-navigation" class="sidebar-nav">
    <ul class="nav nav-tabs">
                        <li class=""><a href="/"  >Accueil</a></li>
                            <li class=""><a href="/submit/index"  >Déposer</a></li>
                            <li class="dropdown ">
                    <a href="/section/list3" class="dropdown-toggle" data-toggle="dropdown">Consulter<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                                                                                    <li><a href="/browse/period"  >par date de publication/rédaction</a></li>
                                                                                                                <li><a href="/browse/domain"  >par domaine</a></li>
                                                                                                                <li><a href="/browse/doctype"  >par type de publication</a></li>
                                                                                                                <li><a href="/browse/collection"  >par collection</a></li>
                                                                                                                <li><a href="http://fr.arxiv.org"  >arXiv</a></li>
                                                                                                                <li><a href="/browse/last"  >Consultation les derniers dépôts</a></li>
                                                                        </ul>
                </li>
                                <li class=""><a href="/search/index"  >Recherche</a></li>
                            <li class="dropdown ">
                    <a href="/section/list11" class="dropdown-toggle" data-toggle="dropdown">Services<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                                                                                    <li><a href="https://haltools.inria.fr/?action=export&lang=fr"  >HalTools : créer sa page web</a></li>
                                                                                                                <li><a href="https://haltools.inria.fr/?action=exportXML&lang=fr"  >Haltools : export RAWEB</a></li>
                                                                                                                <li><a href="https://bib2hal.inria.fr"  >Bib2Hal : import par lot à partir d'un fichier BibTeX</a></li>
                                                                                                                <li><a href="https://aurehal.archives-ouvertes.fr/structure/index"  >Consulter les structures de recherche connues de HAL</a></li>
                                                                        </ul>
                </li>
                                <li class="dropdown ">
                    <a href="/section/list16" class="dropdown-toggle" data-toggle="dropdown">Documentation<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                                                                                    <li><a href="https://hal.archives-ouvertes.fr/section/documentation"  >Aide en ligne de HAL V3</a></li>
                                                                                                                <li><a href="http://blog.ccsd.cnrs.fr/2015/07/hal-un-etat-des-lieux-des-recentes-evolutions/"  >Dernières évolutions de HAL V3</a></li>
                                                                                                                <li><a href="http://api.archives-ouvertes.fr/docs"  >Documentation API HAL</a></li>
                                                                                                                <li><a href="/page/add-thumbnails"  >Ajouter des vignettes</a></li>
                                                                                                                <li><a href="https://iww.inria.fr/hal/aide/spip.php%3Farticle142&lang=fr.html"  >Aide en ligne Haltools</a></li>
                                                                                                                <li><a href="https://hal.archives-ouvertes.fr/section/imports-bib2hal"  >Aide en ligne de Bib2hal</a></li>
                                                                        </ul>
                </li>
                                <li class=""><a href="/page/openaccessinria"  >OpenAccess@Inria</a></li>
                            <li class=""><a href="/page/tutoriels"  >Supports</a></li>
                </ul>
</div>            <div class="corps">
                        <div id="flash-messages">
                </div>
         
<div class="row" id="document">
    <div class="col-md-8">

                            <div class="btn-group dropdown">
                <button type="button" class="btn btn-danger">hal-01527671, version 1</button>
                            </div>
                                    <h1 class="title">
                                    <div class="row">
                        <div class="col-md-1 col-lang">
                            <div class="btn-group-vertical btn-lang opacity">
                                                                    <button type="button" class="btn btn-default btn-xs active" attr-lang="en">en</button>
                                                                    <button type="button" class="btn btn-default btn-xs " attr-lang="fr">fr</button>
                                                            </div>
                        </div>
                        <div class="col-md-11 col-content">
                                                            <div class="linkify content-en" >
                                    Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols                                </div>
                                                            <div class="linkify content-fr" style="display:none;">
                                    Vérification mécanisée, symbolique et calculatoire, des protocoles avioniques ARINC823                                </div>
                                                    </div>
                    </div>
                            </h1>
        
                <div class="authors">
                            <span class="author">
                    <a href="/search/index/q/*/authFullName_s/Bruno+Blanchet" target="_blank">Bruno Blanchet</a>
                                                                <sup>1</sup>
                                    </span>
                        <button type="button" class="btn btn-default btn-xs opacity" onclick="displayDiv('.authors', '.authors-details')">Détails</button>
            <div class="structs">
                <div class="struct">
                                </div>
                                    <div class="struct">
                        <span class="structid">1</span>
                        <a href="/search/index/q/*/structId_i/454680/" target="_blank">
                            PROSECCO  - Programming securely with cryptography                        </a>
                                                            <div style="padding-left:22px;">Inria de Paris</div>
                                                        </div>
                            </div>
        </div>
                <div class="authors-details well" style="display:none;">
                        <div class="row">
                            <div class="col-md-12">
                    <blockquote>
                        <strong><i class="glyphicon glyphicon-user"></i>&nbsp;
                                                        <a href="/search/index/q/*/authFullName_s/Bruno+Blanchet" target="_blank">Bruno Blanchet</a>
                                                                                        <sup>1</sup>
                                                    </strong>
                                                                        <br/><span class="label label-default">Auteur</span>
                                                                                            </blockquote>
                </div>
                                    </div><div class="row">
                                        </div>
            <div class="structs">
                                    <div class="well struct">
                        <span class="structid">1</span>
                        <a href="/search/index/q/*/structId_i/454680" target="_blank">PROSECCO  - Programming securely with cryptography</a><small> (France)</small><ul><li><a href="/search/index/q/*/structId_i/454310" target="_blank">Inria de Paris</a><small> (2 rue Simone Iff -
CS 42112 -
75589 Paris Cedex 12 - France)</small><ul><li><a href="/search/index/q/*/structId_i/300009" target="_blank">Inria - Institut National de Recherche en Informatique et en Automatique</a><small> (Domaine de Voluceau
Rocquencourt - BP 105
78153 Le Chesnay Cedex - France)</small><ul></ul></li></ul></li></ul>                    </div>
                            </div>
            <div class="text-center">
                <button type="button" class="btn btn-default btn-xs" onclick="displayDiv('.authors', '.authors-details')">Masquer les détails</button>
            </div>
        </div>
                            <div class="abstract">
                                    <div class="row">
                        <div class="col-md-1 col-lang">
                            <div class="btn-group-vertical btn-lang opacity">
                                                                    <button type="button" class="btn btn-default btn-xs " attr-lang="en">en</button>
                                                                    <button type="button" class="btn btn-default btn-xs active" attr-lang="fr">fr</button>
                                                            </div>
                        </div>
                        <div class="col-md-11 col-content">
                                                            <div class="content-en" style="display:none;">
                                    <div class="linkify abstract-content">
                                        <strong>Abstract</strong> : We present the first formal analysis of two avionic protocols that aim to secure air-ground communications, the ARINC823 public-key and shared-key protocols. We verify these protocols both in the symbolic model of cryptography, using ProVerif, and in the computational model, using CryptoVerif.  While we confirm many security properties of these protocols, we also find several weaknesses, attacks, and imprecisions in the standard.  We propose fixes for these problems. This case study required the specification of new cryptographic primitives in CryptoVerif. It also illustrates the complementarity between symbolic and computational verification.                                    </div>
                                </div>
                                                            <div class="content-fr" >
                                    <div class="linkify abstract-content">
                                        <strong>Résumé</strong> : Nous présentons la première analyse formelle de deux protocoles avioniques qui visent à sécuriser les communications air-sol, les protocoles ARINC823 à clé publique et à clé partagée. Nous vérifions ces protocoles, à la fois dans le modèle symbolique de la cryptographie, en utilisant ProVerif, et dans le modèle calculatoire, en utilisant CryptoVerif. Si nous confirmons beaucoup de propriétés de sécurité de ces protocoles, nous trouvons aussi plusieurs faiblesses, attaques, et imprécisions dans le standard. Nous proposons des corrections pour ces problèmes. Cette étude de cas a nécessité la spécification de nouvelles primitives cryptographiques dans CryptoVerif. Elle illustre aussi la complémentarité entre la vérification symbolique et la vérification calculatoire.                                    </div>
                                </div>
                                                    </div>
                    </div>
                            </div>
        
                                    <div class="keywords">
                                    <div class="row">
                        <div class="col-md-1 col-lang">
                            <div class="btn-group-vertical btn-lang opacity">
                                                                    <button type="button" class="btn btn-default btn-xs " attr-lang="en">en</button>
                                                                    <button type="button" class="btn btn-default btn-xs active" attr-lang="fr">fr</button>
                                                            </div>
                        </div>
                        <div class="col-md-11 col-content">
                                                            <div class="content-en" style="display:none;">
                                    <div class="linkify keyword-content">
                                        <strong>Keywords</strong> :
                                                                                    <a href="/search/index/q/*/keyword_t/security protocols/" target="_blank" class="btn btn-default btn-xs">security protocols</a>
                                                                                    <a href="/search/index/q/*/keyword_t/symbolic model/" target="_blank" class="btn btn-default btn-xs">symbolic model</a>
                                                                                    <a href="/search/index/q/*/keyword_t/computational model/" target="_blank" class="btn btn-default btn-xs">computational model</a>
                                                                            </div>
                                </div>
                                                            <div class="content-fr" >
                                    <div class="linkify keyword-content">
                                        <strong>Mots-clés</strong> :
                                                                                    <a href="/search/index/q/*/keyword_t/protocoles cryptographiques/" target="_blank" class="btn btn-default btn-xs">protocoles cryptographiques</a>
                                                                                    <a href="/search/index/q/*/keyword_t/vérification/" target="_blank" class="btn btn-default btn-xs">vérification</a>
                                                                                    <a href="/search/index/q/*/keyword_t/modèle symbolique/" target="_blank" class="btn btn-default btn-xs">modèle symbolique</a>
                                                                                    <a href="/search/index/q/*/keyword_t/modèle calculatoire/" target="_blank" class="btn btn-default btn-xs">modèle calculatoire</a>
                                                                            </div>
                                </div>
                                                    </div>
                    </div>
                            </div>
        
        <div class="metadatas">
            <div><strong>Type de document</strong> :
                <div class="label label-warning">Rapport</div>
                <div style="margin-left:116px;">[Research Report] RR-9072, Inria Paris. 2017, pp.40</div>
            </div>
                                        <div><strong>Domaine</strong> :
                <blockquote style="margin-left:65px;margin-top:-15px;">
                    <div>
                                                    <div>
                                <strong>                                <a href="/search/index/q/*/level0_domain_s/info" target="_blank">Informatique [cs]</a>                                </strong>                            </div>
                                                    <div>
                                                                <a href="/search/index/q/*/level0_domain_s/info" target="_blank">Informatique [cs]</a> / <a href="/search/index/q/*/level1_domain_s/info.info-cr" target="_blank">Cryptographie et sécurité [cs.CR]</a>                                                            </div>
                                            </div>
                </blockquote>
                </div>
                                </div>
        <!--<hr />-->
        <div class="metadatas-complete">
            <span class="metadatas-complete-title">
                Liste complète des métadonnées             </span>
            <span class="btn-view text-center"><button type="button" class="btn btn-default btn-sm" onclick="viewDocMetadatas(1527671)"><i class="glyphicon glyphicon-th-list"></i>&nbsp;Voir</button></span>
            <span class="btn-hide text-center" style="display:none;"><button type="button" class="btn btn-default btn-sm" onclick="hideDocMetadatas()"><i class="glyphicon glyphicon-th-list"></i>&nbsp;Masquer</button></span>
            <div class="content"></div>
        </div>

        <!-- Cited References -->
        <br />
        <!-- Gallery -->
                <hr />
        <div>
            <small>
                https://hal.inria.fr/hal-01527671<br />
                Contributeur : <a href="/search/index/q/*/contributorId_i/306204/" target="_blank">Bruno Blanchet</a> &lt;<a href="" id="link593e8149e1587" ></a><script type="text/javascript" language="javascript"> decryptMail("Oehab.Oynapurg@vaevn.se", "link593e8149e1587", "")</script>&gt;<br />
                Soumis le : mercredi 24 mai 2017 - 18:38:55<br />
                Dernière modification le : mercredi 31 mai 2017 - 15:31:34<br />
                <br />
            </small>
        </div>

    </div>
    <div class="col-md-4">
        <!-- Fichiers -->
            <div class="widget widget-files">
        <h3 class="widget-header">
            Fichier        </h3>
        <div class="widget-content">
                                                        <div class="row">
                        <div class="col-md-4 text-center">
                                                        <a href="/hal-01527671/document" target="_blank">
                                <img src="//thumb.ccsd.cnrs.fr/8193112/small" border="0" class="img-thumbnail"/>
                            </a>
                        </div>
                        <div class="col-md-8">
                                                            <a href="/hal-01527671/document" target="_blank" data-toggle="tooltip" title="RR-9072.pdf - 993.97 Ko">RR-9072.pdf</a>
                            
                                                            <div>Fichiers produits par l'(les) auteur(s)</div>
                                                                                </div>
                    </div>
                        
            
                    </div>
    </div>

        <!-- Licence -->
        
        <!-- Identifiants  -->
        
<div class="widget widget-identifiants">
    <h3 class="widget-header">Identifiants</h3>
    <div class="widget-content">
        <ul>
                        <li>HAL Id : <strong>hal-01527671, version 1</strong></li>
                                            </ul>
    </div>
</div>

        <!-- Collections -->
            <div class="widget widget-collection">
        <h3 class="widget-header">Collections</h3>
        <div class="widget-content">
                                                                                                            <p><a href="/INRIA" target="_blank" data-toggle="tooltip" title="INRIA - Institut National de Recherche en Informatique et en Automatique">INRIA</a> | <a href="/LARA" target="_blank" data-toggle="tooltip" title="LARA">LARA</a> | <a href="/INRIA-RRRT" target="_blank" data-toggle="tooltip" title="Rapports de recherche et Technique de l'Inria">INRIA-RRRT</a></p>
        </div>
    </div>

        <!-- Relations -->
        
        <!-- Citation -->
        <div class="widget widget-citation">
    <h3 class="widget-header">Citation</h3>
    <div class="widget-content ref-biblio">
        Bruno Blanchet. Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols. [Research Report] RR-9072, Inria Paris. 2017, pp.40. <a target="_blank" href="https://hal.inria.fr/hal-01527671">&lt;hal-01527671&gt;</a>    </div>
</div>

        <!-- Export -->
        
<div class="widget widget-export">
    <h3 class="widget-header">Exporter</h3>
    <div class="widget-content" style="text-align:center">
        <!-- Begin ZMO - Bootstrap buttons and Show DC and DCterms -->
            <a class="btn btn-default btn-sm" href="/hal-01527671v1/bibtex" role="button" target="_blank">BibTeX</a>
            <a class="btn btn-default btn-sm" href="/hal-01527671v1/tei" role="button" target="_blank">TEI</a>
            <a class="btn btn-default btn-sm" href="/hal-01527671v1/dc" role="button" target="_blank">DC</a>
            <a class="btn btn-default btn-sm" href="/hal-01527671v1/dcterms" role="button" target="_blank">DCterms</a>
            <a class="btn btn-default btn-sm" href="/hal-01527671v1/endnote" role="button"                >EndNote</a>
    </div>
</div>

        <!-- Partager -->
        <div class="widget widget-share">
    <h3 class="widget-header">Partager</h3>
    <div class="widget-content" >
                <!-- AddThis Button BEGIN -->
        <div style="text-align:center" class="addthis_toolbox addthis_default_style addthis_20x20_style">
            <a class="addthis_button_preferred_1"></a>
            <a class="addthis_button_preferred_2"></a>
            <a class="addthis_button_preferred_3"></a>
            <a class="addthis_button_compact"></a>
            <a class="addthis_counter addthis_bubble_style"></a>
        </div>
        <script type="text/javascript">var addthis_config = {"data_track_addressbar":false};</script>
        <script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5332d34a5b4fcb58"></script>
        <!--AddThis Button END -->
    </div>
</div>
        <!-- Altmetrics -->
            <div class="widget widget-metrics">
        <h3 class="widget-header">Métriques</h3>

        <div class="widget-content" style="text-align: center">
                                <div class="row">
                        <div class="col-md-6">
                            <strong>Consultations de <br> la notice</strong>
                            <h2 style="margin-top:10px;"><span class="label label-primary">40</span></h2>

                        </div>
                        <div class="col-md-6">
                            <strong>Téléchargements du document</strong>
                            <h2 style="margin-top:10px;"><span class="label label-primary">19</span></h2>
                        </div>
                    </div>
                
                                    </div>
    </div>

    </div>
</div>

<script type="text/javascript">
    $(function () {
        /*$('.dropdown').hover(function() {
            $(this).find('.dropdown-menu').stop(true,true).slideDown( 300 );
        }, function() {
            $(this).find('.dropdown-menu').stop(true,true).slideUp( 300 );
        });*/

        $('.btn-lang>button').click(function(){
            $(this).parent().find('button').removeClass('active');
            $(this).addClass('active').closest('.row').find('.col-content>div').hide();
            $(this).closest('.row').find('.col-content .content-' + $(this).attr('attr-lang')).show();
        });

        linkifyElem ('.linkify');
    });

    function linkifyElem (selector)
    {
        $('.linkify').each(function(){
            $(this).html(linkify($(this).html()));
        });
    }

    function displayDiv(selector1, selector2)
    {
        if ($(selector1).is(':visible')) {
            $(selector1).toggle('hide');
            $(selector2).toggle('show');
        } else {
            $(selector2).toggle('hide');
            $(selector1).toggle('show');
        }
    }

    function viewDocMetadatas(docid)
    {
        if ($('.metadatas-complete .content').is(':hidden')) {
            $('.metadatas-complete .btn-view').hide();
            $('.metadatas-complete .content').toggle('slow');
            $('.metadatas-complete .btn-hide').show();
        } else {
            $('.metadatas-complete .content').html(getLoader());
            $.ajax({
                url: "/view/metadata",
                type: "post",
                data: {docid:docid},
                success: function( data ) {
                    $('.metadatas-complete .btn-view').hide();
                    $('.metadatas-complete .content').html(data);
                    linkifyElem ('.metadatas-complete .content .linkify');
                    $('.metadatas-complete .btn-hide').show();
                }
            });
        }
    }
    function hideDocMetadatas()
    {
        $('.metadatas-complete .btn-view').show();
        $('.metadatas-complete .content, .metadatas-complete .btn-hide').hide();
    }
</script>


        </div>
        </div>
</div>
</div>
</div>

    <div class="footer">
        <div class="footer-contact">
<h4>Contact</h4>
<br /> <a href="mailto:archive-ouverte@inria.fr" target="_blank">archive-ouverte@inria.fr</a></div>    </div>
<script type="text/javascript">
    $(document).ready(function () {
        $(document.body).tooltip({ selector: '[data-toggle="tooltip"]' , html: true, container: 'body'});
    });
</script>

    <script type="text/javascript">
        var pkBaseURL = (("https:" == document.location.protocol) ? "https://piwik-hal.ccsd.cnrs.fr/" : "http://piwik-hal.ccsd.cnrs.fr/");
        document.write(decodeURI("%3Cscript src=\'" + pkBaseURL + "piwik.js\' type=\'text/javascript\'%3E%3C/script%3E"));
    </script>
    <script type="text/javascript">
        try {
            var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 27);
            piwikTracker.trackPageView();
            piwikTracker.enableLinkTracking();
            //Archive HAL
            var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 92);
            piwikTracker.trackPageView();
            piwikTracker.enableLinkTracking();
        } catch( err ) {}
    </script><noscript><p><img src="https://piwik-hal.ccsd.cnrs.fr/piwik.php?idsite=27" style="border:0" alt="" /></p></noscript>
    </body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/hal.inria.fr/hal-01528752.html version [cd0565f66d].



































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="fr">
<head>
<title>Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate</title>
<link href="http://purl.org/dc/elements/1.1/" rel="schema.DC" />
<link href="//static.ccsd.cnrs.fr" rel="dns-prefetch" />
<link href="//cas.ccsd.cnrs.fr" rel="dns-prefetch" />
<link href="//cdn.mathjax.org" rel="dns-prefetch" />
<link href="/img/favicon.png" rel="icon" type="type/png" />
<link href="/search/opensearch" rel="search" type="application/opensearchdescription+xml" title="HAL" />
<link href="/css/print_hal.css" media="print" rel="stylesheet" type="text/css" />
<meta name="DC.publisher" content="Inria Paris" />
<meta name="citation_dissertation_institution" content="Inria Paris" />
<meta name="citation_firstpage" content="51" />
<meta name="DC.issued" content="2017/05" />
<meta name="DC.date" content="2017/05" />
<meta name="citation_publication_date" content="2017/05" />
<meta name="citation_online_date" content="2017/05/29" />
<meta property="og:url" content="https://hal.inria.fr/hal-01528752/document" />
<meta name="DC.identifier" content="https://hal.inria.fr/hal-01528752/document" />
<meta name="citation_pdf_url" content="https://hal.inria.fr/hal-01528752/document" />
<meta name="keywords" content="protocoles cryptographiques ; vérification ; modèle symbolique ; modèle calculatoire ; implémentation ; TLS" />
<meta name="DC.subject" content="protocoles cryptographiques ; vérification ; modèle symbolique ; modèle calculatoire ; implémentation ; TLS" />
<meta name="citation_keywords" content="protocoles cryptographiques ; vérification ; modèle symbolique ; modèle calculatoire ; implémentation ; TLS" />
<meta name="keywords" content="security protocols ; symbolic model ; computational model" />
<meta name="DC.subject" content="security protocols ; symbolic model ; computational model" />
<meta name="citation_keywords" content="security protocols ; symbolic model ; computational model" />
<meta property="og:description" content="TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate design is a reaction both to the increasing demand for low-latency HTTPS connections and to a series of recent high-profile attacks on TLS. The hope is that a fresh protocol with modern cryptography will prevent legacy problems; the danger is that it will expose new kinds of attacks, or reintroduce old flaws that were fixed in previous versions of TLS. After 18 drafts, the protocol is nearing completion, and the working group has appealed to researchers to analyze the protocol before publication. This paper responds by presenting a comprehensive analysis of the TLS 1.3 Draft-18 protocol.

We seek to answer three questions that have not been fully addressed in previous work on TLS 1.3: (1) Does TLS 1.3 prevent well-known attacks on TLS 1.2, such as Logjam or the Triple Handshake, even if it is run in parallel with TLS 1.2? (2) Can we mechanically verify the computational security of TLS 1.3 under standard (strong) assumptions on its cryptographic primitives? (3) How can we extend the guarantees of the TLS 1.3 protocol to the details of its implementations?

To answer these questions, we propose a methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol. We present symbolic ProVerif models for various intermediate versions of TLS 1.3 and evaluate them against a rich class of attacks to reconstruct both known and previously unpublished vulnerabilities that influenced the current design of the protocol. We present a computational CryptoVerif model for TLS 1.3 Draft-18 and prove its security. We present RefTLS, an interoperable implementation of TLS 1.0-1.3 and automatically analyze its protocol core by extracting a ProVerif model from its typed JavaScript code." />
<meta name="description" content="TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate design is a reaction both to the increasing demand for low-latency HTTPS connections and to a series of recent high-profile attacks on TLS. The hope is that a fresh protocol with modern cryptography will prevent legacy problems; the danger is that it will expose new kinds of attacks, or reintroduce old flaws that were fixed in previous versions of TLS. After 18 drafts, the protocol is nearing completion, and the working group has appealed to researchers to analyze the protocol before publication. This paper responds by presenting a comprehensive analysis of the TLS 1.3 Draft-18 protocol.

We seek to answer three questions that have not been fully addressed in previous work on TLS 1.3: (1) Does TLS 1.3 prevent well-known attacks on TLS 1.2, such as Logjam or the Triple Handshake, even if it is run in parallel with TLS 1.2? (2) Can we mechanically verify the computational security of TLS 1.3 under standard (strong) assumptions on its cryptographic primitives? (3) How can we extend the guarantees of the TLS 1.3 protocol to the details of its implementations?

To answer these questions, we propose a methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol. We present symbolic ProVerif models for various intermediate versions of TLS 1.3 and evaluate them against a rich class of attacks to reconstruct both known and previously unpublished vulnerabilities that influenced the current design of the protocol. We present a computational CryptoVerif model for TLS 1.3 Draft-18 and prove its security. We present RefTLS, an interoperable implementation of TLS 1.0-1.3 and automatically analyze its protocol core by extracting a ProVerif model from its typed JavaScript code." />
<meta name="DC.description" content="TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate design is a reaction both to the increasing demand for low-latency HTTPS connections and to a series of recent high-profile attacks on TLS. The hope is that a fresh protocol with modern cryptography will prevent legacy problems; the danger is that it will expose new kinds of attacks, or reintroduce old flaws that were fixed in previous versions of TLS. After 18 drafts, the protocol is nearing completion, and the working group has appealed to researchers to analyze the protocol before publication. This paper responds by presenting a comprehensive analysis of the TLS 1.3 Draft-18 protocol.

We seek to answer three questions that have not been fully addressed in previous work on TLS 1.3: (1) Does TLS 1.3 prevent well-known attacks on TLS 1.2, such as Logjam or the Triple Handshake, even if it is run in parallel with TLS 1.2? (2) Can we mechanically verify the computational security of TLS 1.3 under standard (strong) assumptions on its cryptographic primitives? (3) How can we extend the guarantees of the TLS 1.3 protocol to the details of its implementations?

To answer these questions, we propose a methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol. We present symbolic ProVerif models for various intermediate versions of TLS 1.3 and evaluate them against a rich class of attacks to reconstruct both known and previously unpublished vulnerabilities that influenced the current design of the protocol. We present a computational CryptoVerif model for TLS 1.3 Draft-18 and prove its security. We present RefTLS, an interoperable implementation of TLS 1.0-1.3 and automatically analyze its protocol core by extracting a ProVerif model from its typed JavaScript code." />
<meta name="citation_abstract" content="TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate design is a reaction both to the increasing demand for low-latency HTTPS connections and to a series of recent high-profile attacks on TLS. The hope is that a fresh protocol with modern cryptography will prevent legacy problems; the danger is that it will expose new kinds of attacks, or reintroduce old flaws that were fixed in previous versions of TLS. After 18 drafts, the protocol is nearing completion, and the working group has appealed to researchers to analyze the protocol before publication. This paper responds by presenting a comprehensive analysis of the TLS 1.3 Draft-18 protocol.

We seek to answer three questions that have not been fully addressed in previous work on TLS 1.3: (1) Does TLS 1.3 prevent well-known attacks on TLS 1.2, such as Logjam or the Triple Handshake, even if it is run in parallel with TLS 1.2? (2) Can we mechanically verify the computational security of TLS 1.3 under standard (strong) assumptions on its cryptographic primitives? (3) How can we extend the guarantees of the TLS 1.3 protocol to the details of its implementations?

To answer these questions, we propose a methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol. We present symbolic ProVerif models for various intermediate versions of TLS 1.3 and evaluate them against a rich class of attacks to reconstruct both known and previously unpublished vulnerabilities that influenced the current design of the protocol. We present a computational CryptoVerif model for TLS 1.3 Draft-18 and prove its security. We present RefTLS, an interoperable implementation of TLS 1.0-1.3 and automatically analyze its protocol core by extracting a ProVerif model from its typed JavaScript code." />
<meta name="DC.creator" content="Karthikeyan Bhargavan" />
<meta name="citation_author" content="Karthikeyan Bhargavan" />
<meta name="DC.creator" content="Bruno Blanchet" />
<meta name="citation_author" content="Bruno Blanchet" />
<meta name="DC.creator" content="Nadim Kobeissi" />
<meta name="citation_author" content="Nadim Kobeissi" />
<meta property="og:url" content="https://hal.inria.fr/hal-01528752" />
<meta name="DC.identifier" content="hal-01528752" />
<meta name="DC.identifier" content="https://hal.inria.fr/hal-01528752" />
<meta property="og:title" content="Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate" />
<meta name="DC.title" content="Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate" />
<meta name="citation_title" content="Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate" />
<meta property="og:type" content="report" />
<meta name="DC.type" content="report" />
<meta name="DC.language" content="en" />
<meta name="citation_language" content="en" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Language" content="fr" />
<script type="text/javascript">
    //<![CDATA[
    var lang = 'fr';    //]]>
</script>
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/ccsd_form.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/custom-theme/jquery-ui-1.10.0.custom.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/v3/css/bootstrap.min.css" type="text/css" media="screen" />
<link rel="stylesheet" href="//static.ccsd.cnrs.fr/css/ccsd.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/css/hal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/public/style.css?1496128467" type="text/css" media="screen" />

<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/jquery/min.1.9.1.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/jquery/ui/min.1.10.3.js"></script>
<script type="text/javascript" src="/js/translations.php?lang=fr"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/v3/js/bootstrap.min.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/form.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/datepicker/datepicker-fr.js"></script>
<script type="text/javascript" src="//static.ccsd.cnrs.fr/js/datepicker.js"></script>
<script type="text/javascript" src="/js/utile.js"></script>


<script type="text/javascript" src="//cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
<script type='text/x-mathjax-config'>
    MathJax.Hub.Config({tex2jax: {inlineMath: [['$','$'], ['$$','$$']]}});
</script>
<style type="text/css">
html {
	position: relative;
	min-height: 100%;
}

body {
	/* Margin bottom by footer height */
	margin-bottom: 140px;
}

</style>
</head>
<body>

        <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
                        <div class="navbar-header ">
                <button type="button" class="navbar-toggle" data-toggle="collapse"
                        data-target="#nav-services">
                    <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span
                        class="icon-bar"></span> <span class="icon-bar"></span>
                </button>
                <div class="logo-ccsd">
                    <a class="brand" href="https://www.ccsd.cnrs.fr/"
                       title="Centre pour la communication Scientifique directe"><img src="/img/ccsd.png"
                                                                                      border="0"/></a>
                                    </div>
            </div>
                        <div class="collapse navbar-collapse" id="nav-services">
                <ul class="nav navbar-nav">
                    <li class="dropdown active"><a
                            href="#" class="dropdown-toggle" data-toggle="dropdown">HAL <b class="caret"
                                                                                           style="border-top-color:#ee5a35;border-bottom-color:#ee5a35;"></b></a>
                        <ul class="dropdown-menu">
                            <li><a href="https://hal.archives-ouvertes.fr">HAL</a></li>
                            <li><a href="https://halshs.archives-ouvertes.fr">HALSHS</a>
                            </li>
                            <li><a href="https://tel.archives-ouvertes.fr">TEL</a></li>
                            <li><a href="https://medihal.archives-ouvertes.fr">MédiHAL</a>
                            </li>
                            <li><a href="https://hal.archives-ouvertes.fr/browse/portal">Liste
                                    des portails</a></li>
                            <li class="divider"></li>
                            <li><a href="https://aurehal.archives-ouvertes.fr"
                                   target="_blank">AURéHAL</a></li>
                            <li><a href="http://api.archives-ouvertes.fr/docs">API</a></li>
                            <li>
                                <a href="https://hal.archives-ouvertes.fr/section/documentation">Documentation</a>
                            </li>
                        </ul>
                    </li>
                    <li class=""><a
                            href="https://www.episciences.org?lang=fr">Episciences.org</a></li>
                    <li class=""><a
                            href="https://www.sciencesconf.org">Sciencesconf.org</a></li>
                    <li><a href="https://support.ccsd.cnrs.fr">Support</a></li>
                </ul>
                                    <div class="nav navbar-nav navbar-right">
                                                    <form class="form-inline pull-right"
                                  style="margin-top: 8px; margin-right: 8px;"
                                  action="/user/login" id="form-login" method="post">
                                <input type="hidden" name="forward-controller"
                                       value="view"/>
                                <input type="hidden" name="forward-action"
                                       value="index"/>
                                <input type="hidden" name="identifiant" value="hal-01528752" />                                <div class="btn-group">
                                    <button class="btn btn-small btn-primary" type="button"
                                            onclick="$('#form-login').submit();" accesskey="l">
                                        <i class="glyphicon glyphicon-user glyphicon-white"></i>&nbsp;Connexion                                    </button>
                                    <button class="btn btn-small btn-primary dropdown-toggle" data-toggle="dropdown"
                                            type="button">
                                        <span class="caret"
                                              style="border-top-color: #fff; border-bottom-color: #fff;"></span>
                                    </button>


                                                                        <ul class="dropdown-menu pull-right">
                                    <li><a href="#" onclick="$('#form-login').submit();" accesskey="l">Connexion</a></li>
                                                                                <li class="divider"></li>
                                        <li><a href="/user/create">Créer un compte</a></li>
                                        <li class="divider"></li>
                                        <li><a href="/user/lostpassword">Mot de passe oublié ?</a></li>
                                        <li><a href="/user/lostlogin">Login oublié ?</a></li>
                                    </ul>
                                </div>
                            </form>
                                            </div>
                                <form action="" method="post" id="formLang">
                    <input type="hidden" name="lang" id="lang" value=""/>
                    <ul class="nav navbar-nav navbar-right navbar-lang">
                                                        <li class=" active"><a
                                        href="javascript:void(0);" title="fr"
                                        onclick="$('#lang').val('fr');$('#formLang').submit();"><span
                                            class="badge small">fr</span></a></li>
                                                                <li class=" "><a
                                        href="javascript:void(0);" title="en"
                                        onclick="$('#lang').val('en');$('#formLang').submit();"><span
                                            class="badge small">en</span></a></li>
                                                    </ul>
                </form>
            </div>
        </div>
        
<div id="container" class="container">
    <div class="logo">
        <table width="100%" cellpadding="0" style="position:relative;">
<tr>
<td align="left"><a href="http://www.inria.fr" border="0" target="_blank"><img src="/public/Inria_logoWeb_50_red_FR_2x.png" width="320" height="108" /></a></td>
<td align="center"><img src="/public/logo_hal_inria.png" width="71" height="72" alt="Logo HAL-Inria" /></td>
<td align="center"><img src="/public/INRIA_bandeau_hal.png" width="350" height="59" alt="HAL-Inria archive ouverte/open archive" /></td>
<td align="center"><a href="http://hal.archives-ouvertes.fr" border="0" target="_blank"><img src="/img/tampon-hal.jpg" width="71" height="72" alt="HAL - hal.archives-ouvertes.fr" /></a></td>
</tr>
</table>
    </div>
    <div class="row">
            <div class="col-md-12">
        <style type="text/css">
    .nav-tabs > li {
        margin-bottom: -2px;
    }
    .dropdown:hover>.dropdown-menu {
        display: block;
     }
</style>
<div id="global-navigation" class="sidebar-nav">
    <ul class="nav nav-tabs">
                        <li class=""><a href="/"  >Accueil</a></li>
                            <li class=""><a href="/submit/index"  >Déposer</a></li>
                            <li class="dropdown ">
                    <a href="/section/list3" class="dropdown-toggle" data-toggle="dropdown">Consulter<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                                                                                    <li><a href="/browse/period"  >par date de publication/rédaction</a></li>
                                                                                                                <li><a href="/browse/domain"  >par domaine</a></li>
                                                                                                                <li><a href="/browse/doctype"  >par type de publication</a></li>
                                                                                                                <li><a href="/browse/collection"  >par collection</a></li>
                                                                                                                <li><a href="http://fr.arxiv.org"  >arXiv</a></li>
                                                                                                                <li><a href="/browse/last"  >Consultation les derniers dépôts</a></li>
                                                                        </ul>
                </li>
                                <li class=""><a href="/search/index"  >Recherche</a></li>
                            <li class="dropdown ">
                    <a href="/section/list11" class="dropdown-toggle" data-toggle="dropdown">Services<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                                                                                    <li><a href="https://haltools.inria.fr/?action=export&lang=fr"  >HalTools : créer sa page web</a></li>
                                                                                                                <li><a href="https://haltools.inria.fr/?action=exportXML&lang=fr"  >Haltools : export RAWEB</a></li>
                                                                                                                <li><a href="https://bib2hal.inria.fr"  >Bib2Hal : import par lot à partir d'un fichier BibTeX</a></li>
                                                                                                                <li><a href="https://aurehal.archives-ouvertes.fr/structure/index"  >Consulter les structures de recherche connues de HAL</a></li>
                                                                        </ul>
                </li>
                                <li class="dropdown ">
                    <a href="/section/list16" class="dropdown-toggle" data-toggle="dropdown">Documentation<b class="caret"></b></a>
                    <ul class="dropdown-menu">
                                                                                    <li><a href="https://hal.archives-ouvertes.fr/section/documentation"  >Aide en ligne de HAL V3</a></li>
                                                                                                                <li><a href="http://blog.ccsd.cnrs.fr/2015/07/hal-un-etat-des-lieux-des-recentes-evolutions/"  >Dernières évolutions de HAL V3</a></li>
                                                                                                                <li><a href="http://api.archives-ouvertes.fr/docs"  >Documentation API HAL</a></li>
                                                                                                                <li><a href="/page/add-thumbnails"  >Ajouter des vignettes</a></li>
                                                                                                                <li><a href="https://iww.inria.fr/hal/aide/spip.php%3Farticle142&lang=fr.html"  >Aide en ligne Haltools</a></li>
                                                                                                                <li><a href="https://hal.archives-ouvertes.fr/section/imports-bib2hal"  >Aide en ligne de Bib2hal</a></li>
                                                                        </ul>
                </li>
                                <li class=""><a href="/page/openaccessinria"  >OpenAccess@Inria</a></li>
                            <li class=""><a href="/page/tutoriels"  >Supports</a></li>
                </ul>
</div>            <div class="corps">
                        <div id="flash-messages">
                </div>
         
<div class="row" id="document">
    <div class="col-md-8">

                            <div class="btn-group dropdown">
                <button type="button" class="btn btn-danger">hal-01528752, version 1</button>
                            </div>
                                    <h1 class="title">
                                    <div class="row">
                        <div class="col-md-1 col-lang">
                            <div class="btn-group-vertical btn-lang opacity">
                                                                    <button type="button" class="btn btn-default btn-xs active" attr-lang="en">en</button>
                                                                    <button type="button" class="btn btn-default btn-xs " attr-lang="fr">fr</button>
                                                            </div>
                        </div>
                        <div class="col-md-11 col-content">
                                                            <div class="linkify content-en" >
                                    Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate                                </div>
                                                            <div class="linkify content-fr" style="display:none;">
                                    Modèles vérifiés et implémentations de référence pour le candidat standard TLS 1.3                                </div>
                                                    </div>
                    </div>
                            </h1>
        
                <div class="authors">
                            <span class="author">
                    <a href="/search/index/q/*/authIdHal_s/karthik" target="_blank">Karthikeyan Bhargavan</a>
                                                                <sup>1</sup>
                                    </span>
                            <span class="author">
                    <a href="/search/index/q/*/authFullName_s/Bruno+Blanchet" target="_blank">Bruno Blanchet</a>
                                                                <sup>1</sup>
                                    </span>
                            <span class="author">
                    <a href="/search/index/q/*/authIdHal_s/nadim-kobeissi" target="_blank">Nadim Kobeissi</a>
                                                                <sup>1</sup>
                                    </span>
                        <button type="button" class="btn btn-default btn-xs opacity" onclick="displayDiv('.authors', '.authors-details')">Détails</button>
            <div class="structs">
                <div class="struct">
                                </div>
                                    <div class="struct">
                        <span class="structid">1</span>
                        <a href="/search/index/q/*/structId_i/454680/" target="_blank">
                            PROSECCO  - Programming securely with cryptography                        </a>
                                                            <div style="padding-left:22px;">Inria de Paris</div>
                                                        </div>
                            </div>
        </div>
                <div class="authors-details well" style="display:none;">
                        <div class="row">
                            <div class="col-md-4">
                    <blockquote>
                        <strong><i class="glyphicon glyphicon-user"></i>&nbsp;
                                                        <a href="/search/index/q/*/authIdHal_s/karthik" target="_blank">Karthikeyan Bhargavan</a>
                                                                                        <sup>1</sup>
                                                    </strong>
                                                                        <br/><span class="label label-default">Auteur</span>
                                                                            <small>IdHAL : <a href="//cv.archives-ouvertes.fr/karthik" title="CV HAL" target="_blank">karthik</a></small>
                                                                    </blockquote>
                </div>
                                            <div class="col-md-4">
                    <blockquote>
                        <strong><i class="glyphicon glyphicon-user"></i>&nbsp;
                                                        <a href="/search/index/q/*/authFullName_s/Bruno+Blanchet" target="_blank">Bruno Blanchet</a>
                                                                                        <sup>1</sup>
                                                    </strong>
                                                                        <br/><span class="label label-default">Auteur</span>
                                                                                            </blockquote>
                </div>
                                            <div class="col-md-4">
                    <blockquote>
                        <strong><i class="glyphicon glyphicon-user"></i>&nbsp;
                                                        <a href="/search/index/q/*/authIdHal_s/nadim-kobeissi" target="_blank">Nadim Kobeissi</a>
                                                                                        <sup>1</sup>
                                                    </strong>
                                                                        <br/><span class="label label-default">Auteur</span>
                                                                            <small>IdHAL : <a href="//cv.archives-ouvertes.fr/nadim-kobeissi" title="CV HAL" target="_blank">nadim-kobeissi</a></small>
                                                                    </blockquote>
                </div>
                                    </div><div class="row">
                                        </div>
            <div class="structs">
                                    <div class="well struct">
                        <span class="structid">1</span>
                        <a href="/search/index/q/*/structId_i/454680" target="_blank">PROSECCO  - Programming securely with cryptography</a><small> (France)</small><ul><li><a href="/search/index/q/*/structId_i/454310" target="_blank">Inria de Paris</a><small> (2 rue Simone Iff -
CS 42112 -
75589 Paris Cedex 12 - France)</small><ul><li><a href="/search/index/q/*/structId_i/300009" target="_blank">Inria - Institut National de Recherche en Informatique et en Automatique</a><small> (Domaine de Voluceau
Rocquencourt - BP 105
78153 Le Chesnay Cedex - France)</small><ul></ul></li></ul></li></ul>                    </div>
                            </div>
            <div class="text-center">
                <button type="button" class="btn btn-default btn-xs" onclick="displayDiv('.authors', '.authors-details')">Masquer les détails</button>
            </div>
        </div>
                            <div class="abstract">
                                    <div class="row">
                        <div class="col-md-1 col-lang">
                            <div class="btn-group-vertical btn-lang opacity">
                                                                    <button type="button" class="btn btn-default btn-xs " attr-lang="en">en</button>
                                                                    <button type="button" class="btn btn-default btn-xs active" attr-lang="fr">fr</button>
                                                            </div>
                        </div>
                        <div class="col-md-11 col-content">
                                                            <div class="content-en" style="display:none;">
                                    <div class="linkify abstract-content">
                                        <strong>Abstract</strong> : TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate design is a reaction both to the increasing demand for low-latency HTTPS connections and to a series of recent high-profile attacks on TLS. The hope is that a fresh protocol with modern cryptography will prevent legacy problems; the danger is that it will expose new kinds of attacks, or reintroduce old flaws that were fixed in previous versions of TLS. After 18 drafts, the protocol is nearing completion, and the working group has appealed to researchers to analyze the protocol before publication. This paper responds by presenting a comprehensive analysis of the TLS 1.3 Draft-18 protocol.

We seek to answer three questions that have not been fully addressed in previous work on TLS 1.3: (1) Does TLS 1.3 prevent well-known attacks on TLS 1.2, such as Logjam or the Triple Handshake, even if it is run in parallel with TLS 1.2? (2) Can we mechanically verify the computational security of TLS 1.3 under standard (strong) assumptions on its cryptographic primitives? (3) How can we extend the guarantees of the TLS 1.3 protocol to the details of its implementations?

To answer these questions, we propose a methodology for developing verified symbolic and computational models of TLS 1.3 hand-in-hand with a high-assurance reference implementation of the protocol. We present symbolic ProVerif models for various intermediate versions of TLS 1.3 and evaluate them against a rich class of attacks to reconstruct both known and previously unpublished vulnerabilities that influenced the current design of the protocol. We present a computational CryptoVerif model for TLS 1.3 Draft-18 and prove its security. We present RefTLS, an interoperable implementation of TLS 1.0-1.3 and automatically analyze its protocol core by extracting a ProVerif model from its typed JavaScript code.                                    </div>
                                </div>
                                                            <div class="content-fr" >
                                    <div class="linkify abstract-content">
                                        <strong>Résumé</strong> : TLS 1.3 est la prochaine version du protocole TLS (Transport Layer Security). Sa conception à partir de zéro est une réaction à la fois à la demande croissante de connexions HTTPS à faible latence et à une série d'attaques récentes de haut niveau sur TLS. L'espoir est qu'un nouveau protocole avec de la cryptographie moderne éviterait d'hériter des problèmes des versions précédentes; le danger est que cela pourrait exposer à de nouveaux types d'attaques ou réintroduire d'anciens défauts corrigés dans les versions précédentes de TLS. Après 18 versions préliminaires, le protocole est presque terminé, et le groupe de travail a appelé les chercheurs à analyser le protocole avant publication. Cet article répond en présentant une analyse globale du protocole TLS 1.3 Draft-18.

Nous cherchons à répondre à trois questions qui n'ont pas été entièrement traitées dans les travaux antérieurs sur TLS 1.3: (1) TLS 1.3 empêche-t-il les attaques connues sur TLS 1.2, comme Logjam ou Triple Handshake, même s'il est exécuté en parallèle avec TLS 1.2 ? (2) Peut-on vérifier mécaniquement la sécurité calculatoire de TLS 1.3 sous des hypothèses standard (fortes) sur ses primitives cryptographiques? (3) Comment pouvons-nous étendre les garanties du protocole TLS 1.3 aux détails de ses implémentations?

Pour répondre à ces questions, nous proposons une méthodologie pour développer des modèles symboliques et calculatoires vérifiés de TLS 1.3 en même temps qu'une implémentation de référence du protocole. Nous présentons des modèles symboliques dans ProVerif pour différentes versions intermédiaires de TLS 1.3 et nous les évaluons contre une riche classe d'attaques, pour reconstituer à la fois des vulnérabilités connues et des vulnérabilités précédemment non publiées qui ont influencé la conception actuelle du protocole. Nous présentons un modèle calculatoire dans CryptoVerif de TLS 1.3 Draft-18 et prouvons sa sécurité.  Nous présentons RefTLS, une implémentation interopérable de TLS 1.0-1.3 et analysons automatiquement le coeur de son protocole en extrayant un modèle ProVerif à partir de son code JavaScript typé.
                                    </div>
                                </div>
                                                    </div>
                    </div>
                            </div>
        
                                    <div class="keywords">
                                    <div class="row">
                        <div class="col-md-1 col-lang">
                            <div class="btn-group-vertical btn-lang opacity">
                                                                    <button type="button" class="btn btn-default btn-xs " attr-lang="en">en</button>
                                                                    <button type="button" class="btn btn-default btn-xs active" attr-lang="fr">fr</button>
                                                            </div>
                        </div>
                        <div class="col-md-11 col-content">
                                                            <div class="content-en" style="display:none;">
                                    <div class="linkify keyword-content">
                                        <strong>Keywords</strong> :
                                                                                    <a href="/search/index/q/*/keyword_t/security protocols/" target="_blank" class="btn btn-default btn-xs">security protocols</a>
                                                                                    <a href="/search/index/q/*/keyword_t/symbolic model/" target="_blank" class="btn btn-default btn-xs">symbolic model</a>
                                                                                    <a href="/search/index/q/*/keyword_t/computational model/" target="_blank" class="btn btn-default btn-xs">computational model</a>
                                                                            </div>
                                </div>
                                                            <div class="content-fr" >
                                    <div class="linkify keyword-content">
                                        <strong>Mots-clés</strong> :
                                                                                    <a href="/search/index/q/*/keyword_t/protocoles cryptographiques/" target="_blank" class="btn btn-default btn-xs">protocoles cryptographiques</a>
                                                                                    <a href="/search/index/q/*/keyword_t/vérification/" target="_blank" class="btn btn-default btn-xs">vérification</a>
                                                                                    <a href="/search/index/q/*/keyword_t/modèle symbolique/" target="_blank" class="btn btn-default btn-xs">modèle symbolique</a>
                                                                                    <a href="/search/index/q/*/keyword_t/modèle calculatoire/" target="_blank" class="btn btn-default btn-xs">modèle calculatoire</a>
                                                                                    <a href="/search/index/q/*/keyword_t/implémentation/" target="_blank" class="btn btn-default btn-xs">implémentation</a>
                                                                                    <a href="/search/index/q/*/keyword_t/TLS/" target="_blank" class="btn btn-default btn-xs">TLS</a>
                                                                            </div>
                                </div>
                                                    </div>
                    </div>
                            </div>
        
        <div class="metadatas">
            <div><strong>Type de document</strong> :
                <div class="label label-warning">Rapport</div>
                <div style="margin-left:116px;">[Research Report] RR-9040, Inria Paris. 2017, pp.51</div>
            </div>
                                        <div><strong>Domaine</strong> :
                <blockquote style="margin-left:65px;margin-top:-15px;">
                    <div>
                                                    <div>
                                <strong>                                <a href="/search/index/q/*/level0_domain_s/info" target="_blank">Informatique [cs]</a>                                </strong>                            </div>
                                                    <div>
                                                                <a href="/search/index/q/*/level0_domain_s/info" target="_blank">Informatique [cs]</a> / <a href="/search/index/q/*/level1_domain_s/info.info-cr" target="_blank">Cryptographie et sécurité [cs.CR]</a>                                                            </div>
                                            </div>
                </blockquote>
                </div>
                                </div>
        <!--<hr />-->
        <div class="metadatas-complete">
            <span class="metadatas-complete-title">
                Liste complète des métadonnées             </span>
            <span class="btn-view text-center"><button type="button" class="btn btn-default btn-sm" onclick="viewDocMetadatas(1528752)"><i class="glyphicon glyphicon-th-list"></i>&nbsp;Voir</button></span>
            <span class="btn-hide text-center" style="display:none;"><button type="button" class="btn btn-default btn-sm" onclick="hideDocMetadatas()"><i class="glyphicon glyphicon-th-list"></i>&nbsp;Masquer</button></span>
            <div class="content"></div>
        </div>

        <!-- Cited References -->
        <br />
        <!-- Gallery -->
                <hr />
        <div>
            <small>
                https://hal.inria.fr/hal-01528752<br />
                Contributeur : <a href="/search/index/q/*/contributorId_i/306204/" target="_blank">Bruno Blanchet</a> &lt;<a href="" id="link593e8174ecad3" ></a><script type="text/javascript" language="javascript"> decryptMail("Oehab.Oynapurg@vaevn.se", "link593e8174ecad3", "")</script>&gt;<br />
                Soumis le : lundi 29 mai 2017 - 16:06:18<br />
                Dernière modification le : mercredi 31 mai 2017 - 15:28:26<br />
                <br />
            </small>
        </div>

    </div>
    <div class="col-md-4">
        <!-- Fichiers -->
            <div class="widget widget-files">
        <h3 class="widget-header">
            Fichier        </h3>
        <div class="widget-content">
                                                        <div class="row">
                        <div class="col-md-4 text-center">
                                                        <a href="/hal-01528752/document" target="_blank">
                                <img src="//thumb.ccsd.cnrs.fr/8193662/small" border="0" class="img-thumbnail"/>
                            </a>
                        </div>
                        <div class="col-md-8">
                                                            <a href="/hal-01528752/document" target="_blank" data-toggle="tooltip" title="RR-9040.pdf - 1.39 Mo">RR-9040.pdf</a>
                            
                                                            <div>Fichiers produits par l'(les) auteur(s)</div>
                                                                                </div>
                    </div>
                        
            
                    </div>
    </div>

        <!-- Licence -->
        
        <!-- Identifiants  -->
        
<div class="widget widget-identifiants">
    <h3 class="widget-header">Identifiants</h3>
    <div class="widget-content">
        <ul>
                        <li>HAL Id : <strong>hal-01528752, version 1</strong></li>
                                            </ul>
    </div>
</div>

        <!-- Collections -->
            <div class="widget widget-collection">
        <h3 class="widget-header">Collections</h3>
        <div class="widget-content">
                                                                                                            <p><a href="/INRIA" target="_blank" data-toggle="tooltip" title="INRIA - Institut National de Recherche en Informatique et en Automatique">INRIA</a> | <a href="/LARA" target="_blank" data-toggle="tooltip" title="LARA">LARA</a> | <a href="/INRIA-RRRT" target="_blank" data-toggle="tooltip" title="Rapports de recherche et Technique de l'Inria">INRIA-RRRT</a></p>
        </div>
    </div>

        <!-- Relations -->
        
        <!-- Citation -->
        <div class="widget widget-citation">
    <h3 class="widget-header">Citation</h3>
    <div class="widget-content ref-biblio">
        Karthikeyan Bhargavan, Bruno Blanchet, Nadim Kobeissi. Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate. [Research Report] RR-9040, Inria Paris. 2017, pp.51. <a target="_blank" href="https://hal.inria.fr/hal-01528752">&lt;hal-01528752&gt;</a>    </div>
</div>

        <!-- Export -->
        
<div class="widget widget-export">
    <h3 class="widget-header">Exporter</h3>
    <div class="widget-content" style="text-align:center">
        <!-- Begin ZMO - Bootstrap buttons and Show DC and DCterms -->
            <a class="btn btn-default btn-sm" href="/hal-01528752v1/bibtex" role="button" target="_blank">BibTeX</a>
            <a class="btn btn-default btn-sm" href="/hal-01528752v1/tei" role="button" target="_blank">TEI</a>
            <a class="btn btn-default btn-sm" href="/hal-01528752v1/dc" role="button" target="_blank">DC</a>
            <a class="btn btn-default btn-sm" href="/hal-01528752v1/dcterms" role="button" target="_blank">DCterms</a>
            <a class="btn btn-default btn-sm" href="/hal-01528752v1/endnote" role="button"                >EndNote</a>
    </div>
</div>

        <!-- Partager -->
        <div class="widget widget-share">
    <h3 class="widget-header">Partager</h3>
    <div class="widget-content" >
                <!-- AddThis Button BEGIN -->
        <div style="text-align:center" class="addthis_toolbox addthis_default_style addthis_20x20_style">
            <a class="addthis_button_preferred_1"></a>
            <a class="addthis_button_preferred_2"></a>
            <a class="addthis_button_preferred_3"></a>
            <a class="addthis_button_compact"></a>
            <a class="addthis_counter addthis_bubble_style"></a>
        </div>
        <script type="text/javascript">var addthis_config = {"data_track_addressbar":false};</script>
        <script type="text/javascript" src="//s7.addthis.com/js/300/addthis_widget.js#pubid=ra-5332d34a5b4fcb58"></script>
        <!--AddThis Button END -->
    </div>
</div>
        <!-- Altmetrics -->
            <div class="widget widget-metrics">
        <h3 class="widget-header">Métriques</h3>

        <div class="widget-content" style="text-align: center">
                                <div class="row">
                        <div class="col-md-6">
                            <strong>Consultations de <br> la notice</strong>
                            <h2 style="margin-top:10px;"><span class="label label-primary">68</span></h2>

                        </div>
                        <div class="col-md-6">
                            <strong>Téléchargements du document</strong>
                            <h2 style="margin-top:10px;"><span class="label label-primary">34</span></h2>
                        </div>
                    </div>
                
                                    </div>
    </div>

    </div>
</div>

<script type="text/javascript">
    $(function () {
        /*$('.dropdown').hover(function() {
            $(this).find('.dropdown-menu').stop(true,true).slideDown( 300 );
        }, function() {
            $(this).find('.dropdown-menu').stop(true,true).slideUp( 300 );
        });*/

        $('.btn-lang>button').click(function(){
            $(this).parent().find('button').removeClass('active');
            $(this).addClass('active').closest('.row').find('.col-content>div').hide();
            $(this).closest('.row').find('.col-content .content-' + $(this).attr('attr-lang')).show();
        });

        linkifyElem ('.linkify');
    });

    function linkifyElem (selector)
    {
        $('.linkify').each(function(){
            $(this).html(linkify($(this).html()));
        });
    }

    function displayDiv(selector1, selector2)
    {
        if ($(selector1).is(':visible')) {
            $(selector1).toggle('hide');
            $(selector2).toggle('show');
        } else {
            $(selector2).toggle('hide');
            $(selector1).toggle('show');
        }
    }

    function viewDocMetadatas(docid)
    {
        if ($('.metadatas-complete .content').is(':hidden')) {
            $('.metadatas-complete .btn-view').hide();
            $('.metadatas-complete .content').toggle('slow');
            $('.metadatas-complete .btn-hide').show();
        } else {
            $('.metadatas-complete .content').html(getLoader());
            $.ajax({
                url: "/view/metadata",
                type: "post",
                data: {docid:docid},
                success: function( data ) {
                    $('.metadatas-complete .btn-view').hide();
                    $('.metadatas-complete .content').html(data);
                    linkifyElem ('.metadatas-complete .content .linkify');
                    $('.metadatas-complete .btn-hide').show();
                }
            });
        }
    }
    function hideDocMetadatas()
    {
        $('.metadatas-complete .btn-view').show();
        $('.metadatas-complete .content, .metadatas-complete .btn-hide').hide();
    }
</script>


        </div>
        </div>
</div>
</div>
</div>

    <div class="footer">
        <div class="footer-contact">
<h4>Contact</h4>
<br /> <a href="mailto:archive-ouverte@inria.fr" target="_blank">archive-ouverte@inria.fr</a></div>    </div>
<script type="text/javascript">
    $(document).ready(function () {
        $(document.body).tooltip({ selector: '[data-toggle="tooltip"]' , html: true, container: 'body'});
    });
</script>

    <script type="text/javascript">
        var pkBaseURL = (("https:" == document.location.protocol) ? "https://piwik-hal.ccsd.cnrs.fr/" : "http://piwik-hal.ccsd.cnrs.fr/");
        document.write(decodeURI("%3Cscript src=\'" + pkBaseURL + "piwik.js\' type=\'text/javascript\'%3E%3C/script%3E"));
    </script>
    <script type="text/javascript">
        try {
            var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 27);
            piwikTracker.trackPageView();
            piwikTracker.enableLinkTracking();
            //Archive HAL
            var piwikTracker = Piwik.getTracker(pkBaseURL + "piwik.php", 92);
            piwikTracker.trackPageView();
            piwikTracker.enableLinkTracking();
        } catch( err ) {}
    </script><noscript><p><img src="https://piwik-hal.ccsd.cnrs.fr/piwik.php?idsite=27" style="border:0" alt="" /></p></noscript>
    </body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/hal.inria.fr/robots.txt version [8ac2007e23].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# HAL robots.txt
# If you want to download lots of metadata, please use our API at https://api.archives-ouvertes.fr/
# The API is far more efficient for metadata harvesting.
# To learn more, please contact hal.support@ccsd.cnrs.fr
User-Agent: *
Disallow: /RePEc/
Disallow: /search/
Disallow: /*/search/
Disallow: /*/browse/last
Disallow: /browse/last
Disallow: /*/browse/latest-publications
Disallow: /browse/latest-publications
Disallow: */tei
Disallow: */rdf
Disallow: */bibtex
Disallow: */dc
Disallow: */endnote
Disallow: */json
Disallow: /ping
Disallow: /login
Disallow: /submit
Disallow: /user
Disallow: /error
# Sitemap
Sitemap: https://hal.inria.fr/robots/sitemap

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/halshs.archives-ouvertes.fr/robots.txt version [ef8bf3e3d7].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# HAL robots.txt
# If you want to download lots of metadata, please use our API at https://api.archives-ouvertes.fr/
# The API is far more efficient for metadata harvesting.
# To learn more, please contact hal.support@ccsd.cnrs.fr
User-Agent: *
Disallow: /RePEc/
Disallow: /search/
Disallow: /*/search/
Disallow: /*/browse/last
Disallow: /browse/last
Disallow: /*/browse/latest-publications
Disallow: /browse/latest-publications
Disallow: */tei
Disallow: */rdf
Disallow: */bibtex
Disallow: */dc
Disallow: */endnote
Disallow: */json
Disallow: /ping
Disallow: /login
Disallow: /submit
Disallow: /user
Disallow: /error
# Sitemap
Sitemap: https://halshs.archives-ouvertes.fr/robots/sitemap

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/ia.cr/robots.txt version [9cd29cedaa].







>
>
>
1
2
3
User-agent: *
Disallow: /test/
Disallow: /bod/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/ic.epfl.ch/robots.txt version [b60b4decf2].







































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Allow EPFL GSA Crawler
User-agent: gsa-crawler
Disallow: /cms/cms
Disallow: /cms/op
Disallow: /cms/site
Disallow: /cms/engineName/
Disallow: /site
Disallow: /op
Disallow: /Jahia
Disallow: /engineName/
Crawl-delay: 1

# Allow Google Crawler
User-agent: Googlebot
Disallow: /cms/cms
Disallow: /cms/op
Disallow: /cms/site
Disallow: /cms/engineName/
Disallow: /site
Disallow: /op
Disallow: /Jahia
Disallow: /engineName/
Disallow: /repository/default/
Crawl-delay: 1

# Allow Bing Crawler
User-agent: msnbot
Disallow: /cms/cms
Disallow: /cms/op
Disallow: /cms/site
Disallow: /cms/engineName/
Disallow: /site
Disallow: /op
Disallow: /Jahia
Disallow: /engineName/
Disallow: /repository/default/
Crawl-delay: 1

# Allow Yahoo Crawler
User-agent: Slurp
Disallow: /cms/cms
Disallow: /cms/op
Disallow: /cms/site
Disallow: /cms/engineName/
Disallow: /op
Disallow: /site
Disallow: /Jahia
Disallow: /engineName/
Disallow: /repository/default/
Crawl-delay: 1

# Allow archive.org Crawler
User-agent: ia_archiver
Disallow: /cms/cms
Disallow: /cms/op
Disallow: /cms/site
Disallow: /cms/engineName/
Disallow: /site
Disallow: /op
Disallow: /Jahia
Disallow: /engineName/
Disallow: /repository/default/
Crawl-delay: 1

# Deny anyone else
User-agent: *
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/icc2015.ieee-icc.org/robots.txt version [7b54e53c1d].



















































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites like Yahoo!
# and Google. By telling these "robots" where not to go on your site,
# you save bandwidth and server resources.
#
# This file will be ignored unless it is at the root of your host:
# Used:    http://example.com/robots.txt
# Ignored: http://example.com/site/robots.txt
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/robotstxt.html

User-agent: *
Crawl-delay: 10
# Directories
Disallow: /includes/
Disallow: /misc/
Disallow: /modules/
Disallow: /profiles/
Disallow: /scripts/
Disallow: /themes/
# Files
Disallow: /CHANGELOG.txt
Disallow: /cron.php
Disallow: /INSTALL.mysql.txt
Disallow: /INSTALL.pgsql.txt
Disallow: /INSTALL.sqlite.txt
Disallow: /install.php
Disallow: /INSTALL.txt
Disallow: /LICENSE.txt
Disallow: /MAINTAINERS.txt
Disallow: /update.php
Disallow: /UPGRADE.txt
Disallow: /xmlrpc.php
# Paths (clean URLs)
Disallow: /admin/
Disallow: /comment/reply/
Disallow: /filter/tips/
Disallow: /node/add/
Disallow: /search/
Disallow: /user/register/
Disallow: /user/password/
Disallow: /user/login/
Disallow: /user/logout/
# Paths (no clean URLs)
Disallow: /?q=admin/
Disallow: /?q=comment/reply/
Disallow: /?q=filter/tips/
Disallow: /?q=node/add/
Disallow: /?q=search/
Disallow: /?q=user/password/
Disallow: /?q=user/register/
Disallow: /?q=user/login/
Disallow: /?q=user/logout/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/imft.ftn.uns.ac.rs/robots.txt version [c47ccf1a49].





>
>
1
2
User-agent: *
Disallow:

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/inderscience.blogspot.com/robots.txt version [83cc44562f].



















>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
User-agent: Mediapartners-Google
Disallow: 

User-agent: *
Disallow: /search
Allow: /

Sitemap: https://inderscience.blogspot.com/sitemap.xml

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/info.scopus.com/robots.txt.html version [3427cec344].

































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
<!DOCTYPE html>
<html class="no-js" lang="en">
<head>
    
<script async src="//cdn.optimizely.com/js/269842467.js"></script>



<noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-5P8J8X"
height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-5P8J8X');</script>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
    <meta name="author" content="Elsevier">
    <meta name="google-site-verification" content="0-8Ig3YtfzbeUxQdZ-TM_y8P_se41D4JrW3e0o8xgdk" />
    <meta name="msapplication-TileColor" content="#da532c">
    <meta name="msapplication-TileImage" content="//design.elsevier.com/dist/favicons/mstile-144x144.png"> 
    <meta name="referrer" content="unsafe-url"> 
    
    <link href="https://www.elsevier.com/solutions/scopus" rel="canonical"/>    
<!-- General //-->

<!-- Details //-->
<meta name="description" content="Elsevier Scopus | Check our abstract and citation database of peer-reviewed literature: Scientific journals, Books and Conference proceedings." />

<!-- Functionality Related //-->
<meta name="link.url" content="" />
<meta name="display.thumbnail" content="Yes" />
<meta name="published date" content="01-01-2015" />
<meta name="published.date" content="2015-03-03 19:22:39" />

<!-- Canonical URL //-->
<meta name="Canonical.URL" content="https://www.elsevier.com/solutions/scopus" />

<!-- JS Includes //-->
<meta name="NeoLane" content="" />

<!-- Hero //-->
<meta name="Hero.image" content="2810" />

<!-- Secondary Navigation //-->
<meta name="secondaryNavigationOn" content="Yes" />

<!-- Breadcrumbs //-->
<meta name="breadcrumbsChildPagesOn" content="Yes" />
<meta name="breadcrumbsDisable" content="Enable" />

<!-- Site Catalyst //-->
<meta name="SC.pageType" content="NP-GP" />

<!-- Content Owner //-->

<!-- Product footer //-->
<meta name="product.footer" content="220688" />

<!-- Survey //-->

<!-- Configuration //-->
<meta name="SurveyDefault" content="Yes" />
<meta name="SurveyDeactivate" content="No" />
<meta name="SurveyUrl" content="" />
<meta name="SurveyStartDate" content="1420070400" />
<meta name="SurveyEndDate" content="1420070400" />
<meta name="SurveyFrequency" content="" />
<meta name="SurveyTargetUsers" content="100" />
<meta name="SurveyCookieName" content="survey" />

    <link rel="apple-touch-icon" sizes="57x57" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-57x57.png">
<link rel="apple-touch-icon" sizes="114x114" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-114x114.png">
<link rel="apple-touch-icon" sizes="72x72" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-72x72.png">
<link rel="apple-touch-icon" sizes="144x144" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-144x144.png">
<link rel="apple-touch-icon" sizes="60x60" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-60x60.png">
<link rel="apple-touch-icon" sizes="120x120" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-120x120.png">
<link rel="apple-touch-icon" sizes="76x76" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-76x76.png">
<link rel="apple-touch-icon" sizes="152x152" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-152x152.png">
<link rel="apple-touch-icon" sizes="180x180" href="https://cdn.elsevier.io/verona/includes/favicons/apple-touch-icon-180x180.png">
<link rel="icon" type="image/png" href="https://cdn.elsevier.io/verona/includes/favicons/favicon-192x192.png" sizes="192x192">
<link rel="icon" type="image/png" href="https://cdn.elsevier.io/verona/includes/favicons/favicon-160x160.png" sizes="160x160">
<link rel="icon" type="image/png" href="https://cdn.elsevier.io/verona/includes/favicons/favicon-96x96.png" sizes="96x96">
<link rel="icon" type="image/png" href="https://cdn.elsevier.io/verona/includes/favicons/favicon-16x16.png" sizes="16x16">
<link rel="icon" type="image/png" href="https://cdn.elsevier.io/verona/includes/favicons/favicon-32x32.png" sizes="32x32">    <title>Scopus | The largest database of peer-reviewed literature | Elsevier</title>    <meta name="last-modified-date" content='2017-06-01 12:08:03'>    <link rel="stylesheet" href="https://cdn.elsevier.io/verona/ui/1.11.23/mercutio.min.css">
<!--<link rel="stylesheet" href="https://cdn.elsevier.io/verona/ui/1.11.10/mercutio.min.css">-->
<link rel="stylesheet" href="https://cdn.elsevier.io/matrix/ui/1.6.29/matrix.min.css">
<style>
    .header-fixed header[role=banner].faded {
        background: #fff;
    }
</style>
    
    
    
    
       
     


<script src="https://cdn.elsevier.io/verona/includes/vendor/jquery-2.1.4/jquery.min.js"></script>
<script  src="https://cdn.elsevier.io/verona/includes/vendor/foundation-5.5.1/foundation.min.js"></script>
<script  src="https://cdn.elsevier.io/verona/ui/1.11.23/mercutio.js"></script><script>
jQuery(document).ready(function($) {
    $(document)
        .mercutio([ 
            'core/jquery-ui',
            'core/modernizr',
            'extensions/NProgress',
            'extensions/kubrickology',
            'extensions/lightbox',
            'extensions/accessibility',
            'extensions/prism'
        ], function(){
            $(document)
                .kubrickology();
            $(document)
                .foundation(
                    'reflow',
                    'topbar', 
                    'accordion', 
                    'offcanvas',
                    { scrolltop: false }
            );
        }
    );
});
</script><script>
    //MOVE <=IE8 USERS
    if(navigator.userAgent.match(/msie [6-8]/i) ){
       window.location="/browser-outdated";
    }
</script><script defer src="https://cdn.elsevier.io/matrix/ui/1.6.29/scripts-top.min.js"></script>
<script  src="//assets.adobedtm.com/376c5346e33126fdb6b2dbac81e307cbacfd7935/satelliteLib-203157332f7df01b28142e8c867d6813bc4995aa.js"></script>
<script type="text/javascript">
var pageData = null;
</script>


<!--
  Running Squiz Matrix
  Developed by Squiz - http://www.squiz.net
  Squiz, Squiz Matrix, MySource, MySource Matrix and Squiz.net are registered Trademarks of Squiz Pty Ltd
  Page generated: 12 June 2017 12:52:38
-->


</head>
<body class="">
    <a id="top"></a>
    <div class="accessibility-link" tabindex="1">
        <a class="accessibility-link-skip" title="Skip to content" href="#maincontent">Skip to content</a>  
    </div>
    <div class="off-canvas-wrap" data-offcanvas>
        <div class="inner-wrap">
            
            <div class="header-container header-fixed">
                <link rel="stylesheet" type="text/css" href="https://checkout.elsevier.com/stylesheets/cart_widget.css">
<header role="banner">
  <a class="elsevier-wordmark els_link-image" href="/" title="Homepage" tabindex="1">
    <img src="https://cdn.elsevier.io/verona/includes/svg/ns-logo.svg" class="ns-tree hide-for-small" alt="elsevier non solus tree">
    <img width="140" class="elsevier-wordmark-img" height="27" src="https://cdn.elsevier.io/verona/includes/svg/wordmark-elsevier.svg" alt="Elsevier Wordmark">
  </a>
  <a href="#" class="main-ui-item main-ui-item-menu js-header-menu-toggle-open" tabindex="4">
    <span class="main-ui-icon">
      <img src="https://cdn.elsevier.io/verona/includes/svg/icon-menu-hamburger-sized.svg" alt="Menu">
    </span>
    <span class="main-ui-text hide-for-small-only">Menu</span>
  </a>
  <div class="shopping-cart-content-container inline right">
      <div class="shopping-cart-container">
        <div class="main-ui-item main-ui-item-cart" tabindex="3" role="button">
            <span class="main-ui-icon">
                <img class="lightbox-is-image shopping-cart-icon" src="https://cdn.elsevier.io/verona/includes/svg/icon-shopping-cart-sized.svg" alt="Shopping Cart">
            </span>
            <span class="main-ui-text hide-for-small-only">Cart</span>
            <span class="shopping-cart-count start">0</span>
        </div>
      </div>
      <div class="shopping-cart-dropdown-container">
        <ul class="shopping-cart-dropdown">
          <li class="dd-view-cart"><a href="https://checkout.elsevier.com/cart" tabindex="3"><span class="icon-standalone-cart"></span> View Cart</a></li>
          <li class="dd-login-register"><a href="https://checkout.elsevier.com/auth" tabindex="3"><span class="icon-standalone-login"></span> Register/Login</a></li>
          <li class="dd-account hide"><a href="https://checkout.elsevier.com/account" tabindex="3"><span class="icon-standalone-user"></span> Account</a></li>
          <li class="dd-help"><a href="https://service.elsevier.com/app/home/supporthub/ecommerce" target="_blank" tabindex="3"><span class="icon-standalone-help"></span> Help and Contact</a></li>
          <li class="dd-logout hide"><a href="https://checkout.elsevier.com/logout" tabindex="3"><span class="icon-standalone-logout"></span> Logout</a></li>
        </ul>
      </div>
  </div>
  <div id="js-wrapper-search-link" class="container-form-search js-header-search-link">
    <a class="main-ui-item main-ui-item-search bigsearch-toggle right" href="#" tabindex="2">
        <span class="main-ui-icon bigsearch-toggle-icon">
            <img src="//cdn.elsevier.io/verona/includes/svg/icon-magnify-glass-sized.svg" alt="Icon search menu toggle">
        </span>
        <span class="main-ui-text hide-for-small-only">Search</span>
    </a>
  </div>
</header>

<div class="modal"></div>

<!-- Cart Widget JS/CSS -->
<script>var ECOMM_CART_URL="https://checkout.elsevier.com/api/cart";</script>
<script src="https://checkout.elsevier.com/javascripts/cart_widget.js"></script>
<script src="https://checkout.elsevier.com/javascripts/promotions.js"></script>                <div class="standout bigsearch-area hide ">
 <div class="row row-tight row-bigsearch">
  <form id="js-bigsearch" class="bigsearch-form form-full-width" role="search" action="/search-results" method="get">
   <div class="columns medium-12">
    <input id="search" name="query" placeholder="Search for books, journals or webpages..." class="bigsearch-input" type="search">
    <button class="search-form-button" aria-label="Search"><span>Search</span></button>
   </div>
   <div class="columns medium-12">

     <div class="form-field-horz label-horz-multiple">
      <p>Search in:</p>
     </div>
     <div class="form-field-horz">
      <input id="search-radio-all" class="bigsearch-radiobutton" name="labels" type="radio" value="all" checked>
      <label for="search-radio-all" class="r-label">All</label>
     </div>
     <div class="form-field-horz">
      <input id="search-radio-webpages" class="bigsearch-radiobutton" name="labels" type="radio" value="pages">
      <label for="search-radio-webpages" class="r-label">Webpages</label>
     </div>
     <div class="form-field-horz">
      <input id="search-radio-books" class="bigsearch-radiobutton" name="labels" type="radio" value="books">
      <label for="search-radio-books" class="r-label">Books</label>
     </div>
     <div class="form-field-horz">
      <input id="search-radio-journals" class="bigsearch-radiobutton" name="labels" type="radio" value="journals">
      <label for="search-radio-journals" class="r-label">Journals</label>
     </div>
     <!--div class="form-field-horz">
       <input id="search-radio-connect" class="bigsearch-radiobutton" name="labels" type="radio" value="connect">
       <label for="search-radio-connect" class="r-label">Elsevier Connect</label>
     </div-->

    </div>
   </form>
  </div>
</div>            </div>
            <main role="main" id="maincontent">
              <section class="hero" style="background-image:url(https://www.elsevier.com/__data/assets/image/0006/83355/scopus-hero-low-res.jpg);">
 <div class="row collapse fullWidth">
  <div class="columns small-12 medium-7 large-4 xlarge-3 hero-standout hero-standout-cta" style="background-image:url(https://www.elsevier.com/__data/assets/image/0008/67958/illustration_WOR_full-zoom1.jpg);">
   <div class="hero-standout-content"><p class="wordmark-product">Scopus<sup>&reg;</sup></p>
<h1>Scopus is the largest abstract and citation database of peer-reviewed literature: scientific journals, books and conference proceedings.</h1>

<a class="cta-primary cta-white" href="https://www.elsevier.com/solutions/scopus/contact-sales">Contact sales</a>

<a class="cta-tertiary cta-white" href="
https://www.scopus.com/
">
Login to Scopus
</a>

   </div><!-- END .hero-standout-content -->
  </div><!-- END .hero-standout hero-standout-orientation -->
 </div><!-- END .row -->
</section>              
                            

                                                                                <section class="row row-breadrumbs show-breadcrumbs
">
                      <div class="columns large-12">
                       <div class="breadcrumb-container">
                        <ol id="breadcrumb" class="breadcrumb">
                         <li>
                            <a href="https://www.elsevier.com">Home</a>
                          </li>                          
                            
                          
                          
                          
                          
                                                      <li>
                              <a href="https://www.elsevier.com/solutions">All Solutions</a>
                            </li>
                                                    
                          <li>
                            <a href="https://www.elsevier.com/solutions/scopus">Scopus</a>
                          </li>
                        </ol>
                       </div>
                       <div class="breadcrumb-mobile-push show-for-small-only"></div>
                      </div>
                  </section>
                              
              
                                                            
                  <nav id="secondary-nav" aria-label="secondary"><div class="row">
  <ul class="not-enum">
        <li>
        <a data-id="2890" data-globals-id="2508" title="Who uses Scopus" href="https://www.elsevier.com/solutions/scopus/who-uses-scopus">Who uses Scopus</a>
    </li>
    <li>
        <a data-id="2894" data-globals-id="2508" title="Content" href="https://www.elsevier.com/solutions/scopus/content">Content</a>
    </li>
    <li>
        <a data-id="21056" data-globals-id="2508" title="Features" href="https://www.elsevier.com/solutions/scopus/features">Features</a>
    </li>
    <li>
        <a data-id="3481" data-globals-id="2508" title="Learn &amp; Support" href="https://www.elsevier.com/solutions/scopus/support">Learn &amp; Support</a>
    </li>
    <li>
        <a data-id="120471" data-globals-id="2508" title="Resource Library" href="https://www.elsevier.com/solutions/scopus/resource-library">Resource Library</a>
    </li>

  </ul>
</div></nav>                
              <div class="article-content"><div class="row row-tight">
    <div class="large-6 columns">
        <h2>About Scopus</h2><p style="padding: 0px;text-align: start;text-indent: 0px">Scopus is the largest abstract and citation database of peer-reviewed literature: scientific journals, books and conference proceedings. Delivering a comprehensive overview of the world's research output in&nbsp;&nbsp; the fields of science, technology, medicine, social sciences, and arts&nbsp;&nbsp; and humanities, Scopus features smart tools to track, analyze and&nbsp;&nbsp; visualize research.</p><p>As research becomes increasingly global, interdisciplinary and collaborative, you can make sure that critical research from around the world is not missed when you choose Scopus.</p>
    </div>
    <div class="large-6 columns">
        <blockquote><a name="citescore"></a> &ldquo;Speed is very important &hellip; I can easily identify what I need to know, read it, digest it, and move on to the next one.&rdquo; <cite> James, Research Pathologist, Medical Device R&amp;D, Scopus user <br /><a style="color:#007398" title="How Scopus improves product development outcomes" href="https://www.elsevier.com/__data/assets/pdf_file/0007/58129/how_scopus_improves_product_development_outcomes.pdf">How Scopus improves product development outcomes pdf</a> (718 KB) </cite></blockquote><blockquote> &ldquo;Scopus informs every phase of the editorial process. I would not want to do this job without it, and I intend to continue using it throughout my career.&rdquo; <cite> William, Professor of Economics, University of Tennessee <br /><a style="color:#007398" target="_blank" title="Why I wouldn't want to be without Scopus" href="http://editorsupdate.elsevier.com/issue-44-september-2014/wouldnt-want-without-scopus-editors-story/">Why I wouldn&rsquo;t want to be without Scopus; an editor&rsquo;s story</a></cite></blockquote>
    </div>
</div> </div> <a style="text-decoration:none;" href="https://journalmetrics.scopus.com/"><section style="background-color:#FF8200; padding-top:5px; padding-bottom:0px;" class="standout">
    
<div class="row">
  
    
    <div class="large-6 columns"><img src="https://www.elsevier.com/__data/assets/image/0014/233231/CSM_White_RGB.png" /></div>   
      <div style="color:#ffffff; font-size:25px;" class="large-6 columns">It’s time for a new standard of journal citation impact.
Don’t Speculate. Validate. </div>   
    
</div> 
 
</section></a>





<section class="standout">
<div class="row">

<div class="large-6 columns" id="i_want_scopus">
<h2>CiteScore 2016 values are now available.</h2><p>A new standard for measuring serial citation impact, CiteScore&trade; metrics are freely available for more than 22,600 titles on Scopus &mdash; 11,000+ more titles than the leading competitor.</p><p>Learn how CiteScore 2016 annual values are calculated.</p><p><a href="https://journalmetrics.scopus.com/" title="CiteScore 2016 value" class="cta-secondary" target="_blank">Find a title&rsquo;s CiteScore 2016 value now</a></p><p><a href="https://www.elsevier.com/__data/assets/pdf_file/0008/308294/CiteScore_Infographic.pdf" title="CiteScore Infographic" target="_blank" class="cta-secondary">Download the CiteScore metrics infographic</a></p>
</div>

<div class="large-6 columns" id="contact_sales">
<div style="display: block; position: relative; max-width: 100%;"><div style="padding-top: 56.25%;"><iframe src="//players.brightcove.net/35121347001/90a548b7-13db-4c44-bbdf-c5ea8749dbea_default/index.html?videoId=5448615181001" 
allowfullscreen 
webkitallowfullscreen 
mozallowfullscreen 
style="width: 100%; height: 100%; position: absolute; top: 0px; bottom: 0px; right: 0px; left: 0px;"></iframe></div></div>
</div>
</div></section>
<div class="article-content"><div class="row row-tight">
    <div class="large-6 columns">
        <h2>Content</h2><p>You need to keep track of what's happening in your research world. Across all research fields &mdash; science, mathematics, engineering, technology, health and medicine, social sciences, and arts and humanities &mdash; Scopus delivers a broad overview of global, interdisciplinary scientific information that researchers like you need.</p><p><a title="Content" href="https://www.elsevier.com/solutions/scopus/content">More about Content</a></p>
    </div>
    <div class="large-6 columns">
        <h2>Features</h2><p>Research is a complex pursuit. More than ever, finding the right result is as important as uncovering trends, discovering sources and collaborators, and analyzing results to yield further insights. Scopus features smart tools to track, analyze and visualize research.</p><p><a title="Features" href="https://www.elsevier.com/solutions/scopus/features">More about Features</a></p>
    </div>
</div> </div><div class="article-content"><div class="row row-tight">
    <div class="large-12 columns">
    <hr />
    </div>
</div></div><div class="row">
<div class="large-6 columns" id="featured_video">
<h2>Featured Video</h2>

<p>Get credit for your work. Watch how to manage your Scopus author profile.</p> 

<div style="display: block; position: relative; max-width: 100%;"><div style="padding-top: 56.25%;"><video data-video-id="2125230788001" 
data-account="35121347001" 
data-player="bc4db362-aef8-4b3e-b70b-903bbcf10616" 
data-embed="default" 
class="video-js" 
controls 
style="width: 100%; height: 100%; position: absolute; top: 0px; bottom: 0px; right: 0px; left: 0px;"></video>
<script src="//players.brightcove.net/35121347001/bc4db362-aef8-4b3e-b70b-903bbcf10616_default/index.min.js"></script></div></div>

<p>Visit <a href="http://orcid.scopusfeedback.com/">orcid.scopusfeedback.com</a> now to check your author profile. Does not require access to Scopus.</p>

</div>

<div class="large-6 columns" id="scopus_headlines">
<h2>Latest News</h2><p><p><a target="_blank" href="http://feedproxy.google.com/~r/scopus/blog/~3/EvzAEVNgnzg/new-on-scopus-citescore-2016-export-an-affiliation-s-listed-authors-and-more">New on Scopus: CiteScore 2016, export an affiliation’s listed authors and more</a></p><p><a target="_blank" href="http://feedproxy.google.com/~r/scopus/blog/~3/pQ7VB9vHnS4/citescore-metrics-along-with-new-values-come-improvements">CiteScore metrics: Along with new values come improvements</a></p><p><a target="_blank" href="http://feedproxy.google.com/~r/scopus/blog/~3/CVJun02Tgz4/need-help-on-scopus-head-to-the-scopus-support-center">Need help on Scopus? Head to the Scopus Support Center</a></p><p><a target="_blank" href="http://feedproxy.google.com/~r/scopus/blog/~3/wC-rtw7wFYM/citescore-revealed-more-transparency-more-clarity">CiteScore Revealed: More Transparency, More Clarity</a></p></p><p><small>
     Headlines syndicated from <a href="http://blog.scopus.com">blog.scopus.com</a>.</small></p>
</div>
</div>


                <div class="fixed-side-links side-bottom"> 
                  <div class="row row-back-to-top"> 
                    <div class="columns large-12"> 
                      <a class="back-to-top right" href="#top" title="Back to the top of the page"><!--span class="back-to-top-text">Back to top</span--></a>
                    </div><!-- .columns large-12 -->
                  </div><!-- .row .row-back-to-top -->
                </div><!-- .fixed-side-links .side-bottom -->

            </main>

               
               <!--noindex-->

               <aside class="primary-menu">
               <div class="spine-section">
                    <div class="main-ui-item main-ui-item-menu js-close-primary-menu" tabindex="5" role="button">
                        <span class="main-ui-icon">
                            <img src="https://cdn.elsevier.io/verona/includes/svg/icon-menu-hamburger-white-sized.svg" alt="Close menu" />
                        </span>
                        <span class="main-ui-text hide-for-small-only">Close</span>
                    </div>
                </div>
                <div class="spine-section">    
                    <nav class="main-navigation" role="navigation" aria-label="primary">

                        
                        		
                        <!--  BEGIN LEVEL 1 -->
                        
                            <ul class="spine-level-1">
                                <li><a href='https://www.elsevier.com' tabindex="5">Home</a></li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/about" tabindex="5">
                                            About                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/books-and-journals" tabindex="5">
                                            Books and Journals                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/authors" tabindex="5">
                                            Authors                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/editors" tabindex="5">
                                            Editors                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/librarians" tabindex="5">
                                            Librarians                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/reviewers" tabindex="5">
                                            Reviewers                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/research-platforms" tabindex="5">
                                            Research Platforms                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/research-intelligence" tabindex="5">
                                            Research Intelligence                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/rd-solutions" tabindex="5">
                                            R&amp;D Solutions                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/clinical-solutions" tabindex="5">
                                            Clinical Solutions                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/education" tabindex="5">
                                            Education Solutions                                        </a>
                                        		                                    </li>
                                                                    <li class="child-active">
                                        <a href="https://www.elsevier.com/solutions" tabindex="5">
                                            All Solutions                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/elsevier-store-ii" tabindex="5">
                                            Shop Books and Journals                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/author-webshop" tabindex="5">
                                            Author Webshop                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/elsevier-connect" tabindex="5">
                                            Elsevier Connect                                        </a>
                                        		                                    </li>
                                                                    <li class="">
                                        <a href="https://www.elsevier.com/support-center" tabindex="5">
                                            Support Center                                        </a>
                                        		                                    </li>
                                                            </ul>
                                            </nav>
                </div>
            </aside>

        
        
        
<footer class="footer-product fat-footer">
 <section class="top">
  <div class="row">
    <div class="large-12 columns">
                <ul class="accordion" data-accordion role="tablist"> 
                    <!-- col 1 product info -->
                    <li class="accordion-navigation"> 
                        <a href="#footer-product-info" id="footer-solutions-heading" class="hide-for-large-up" role="tab" aria-controls="footer-product-info">
                            <p class="heading">Solution info<span class="open-icon"></span></p>
                        </a>
                        <div id="footer-product-info" class="content" role="tabpanel" aria-labelledby="footer-product-info-heading">
                                                                                    <ul class="first"> 
                                <li>
                                                                <p><img src="https://www.elsevier.com/__data/assets/image/0004/98887/ScopusR_Wmk_151_RGB.png" alt="wordmark" width="150" height="50"></p>
                                </li> 
                                <li>
                                                                <a href="http://www.scopus.com/" class="cta-secondary">Visit Scopus</a>
                                </li>
                                <li>
                                                                <a href="https://www.elsevier.com/solutions/scopus/contact-sales" class="cta-secondary">Contact sales</a>
                                </li>
                            </ul>
                                                    </div>
                    </li> 
                    <!-- col 2 ADDITIONAL CONDITION ADDED TO TEST REMOVING GREY SPACE IF MAX # LINKS NOT USED IN COLUMN-->
                    <li class="accordion-navigation"> 
                        <a href="#footer-product-stayintouch" id="footer-researchers-heading" class="hide-for-large-up" role="tab" aria-controls="footer-product-stayintouch">
                            <p class="heading">Stay in touch<span class="open-icon"></span></p> 
                        </a>
                        <p class="heading show-for-large-up">Stay in touch</p> 
                        <div id="footer-product-stayintouch" class="content" role="tabpanel" aria-labelledby="footer-stayintouch-heading">
                            <ul>
                                <li>
                                                                    <a href="http://blog.scopus.com/">Visit the Scopus blog</a>
                                                                </li>
                                <li>
                                                                    <a href="https://communications.elsevier.com/webApp/els_doubleOptInWA?do=0&srv=els_scopus&sid=71&uif=0&uvis=3">Sign up for the newsletter</a>
                                                                </li>
                                <li>
                                                                                                    </li>
                                <li>
                                                                                                    </li>
                                <li>
                                                                                                    </li>
                            </ul>
                        </div>
                    </li>
                    <!-- col 3 -->
                    <li class="accordion-navigation"> 
                        <a href="#footer-product-elsevier" id="footer-elsevier-support" class="hide-for-large-up" role="tab" aria-controls="footer-product-elsevier">
                        <!--<a href="#footer-support" id="footer-elsevier-support" class="hide-for-large-up" role="tab" aria-controls="footer-support">-->
                        <p class="heading">Support<span class="open-icon"></span></p> 
                        </a>  
                        <p class="heading show-for-large-up">Support</p> 
                        <div id="footer-product-elsevier" class="content" role="tabpanel" aria-labelledby="footer-elsevier-heading">
                            <ul>
                                <li>
                                                                    <a href="https://service.elsevier.com/app/overview/scopus/">Visit Scopus support</a>
                                                                    </li>
                                <li>
                                                                                                    </li>
                                <li>
                                                                                                    </li>
                                <li>
                                                                                                    </li>
                                <li>
                                                                                                    </li>
                            </ul>
                        </div>
                    </li>
                    <!-- col 4 -->
                    <li class="accordion-navigation"> 
                        <p class="heading show-for-large-up">Follow Scopus</p>
                        <div class="social-share">
                            
                            <a target="_blank" class="svg-icon-social" href="http://www.facebook.com/elsevierscopus"><img alt="Facebook" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-facebook.svg"/></a> 
                            
                            <a target="_blank" class="svg-icon-social" href="http://www.linkedin.com/company/scopus-an-eye-on-global-research?trk=biz-companies-cym"><img alt="LinkedIn" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-linkedin.svg"/></a>
                            
                            <a target="_blank" class="svg-icon-social" href="http://twitter.com/intent/follow?source=followbutton&variant=1.0&screen_name=scopus"><img alt="Twitter" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-twitter.svg"/></a>
                            
                            <a target="_blank" class="svg-icon-social" href="https://plus.google.com/103217987967170709181"><img alt="GooglePlus" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-googleplus-2.svg"/>
                            </a>
                            
                            <a target="_blank" class="svg-icon-social" href="http://www.youtube.com/channel/UCdBxVf17uMtOMAOsGE36WKQ?sub_confirmation=1"><img alt="YouTube" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-youtube.svg"/></a>
                        </div>
                    </li>
                </ul>
                
            </div>
        </div>
    </div>
</section>
</footer>
        
            <!--endnoindex-->

         <footer class="footer-main fat-footer"> 
    <section class="top"> 
        <div class="row"> 
            <div class="large-12 columns"> 
                <ul class="accordion" data-accordion role="tablist"> 
                    <li class="accordion-navigation"> 
                        <a href="#footer-solutions" id="footer-solutions-heading" class="hide-for-large-up" role="tab" aria-controls="footer-solutions"> 
                            <p class="heading">Solutions<span class="open-icon"></span></p> 
                        </a> 
                        <p class="heading show-for-large-up">Solutions</p> 
                        <div id="footer-solutions" class="content" role="tabpanel" aria-labelledby="footer-solutions-heading"> 
                            <ul class="first"> 
                                <li><a href="//www.elsevier.com/solutions/scopus" title="Scopus">Scopus</a></li> 
                                <li><a href="//www.elsevier.com/solutions/sciencedirect" title="ScienceDirect">ScienceDirect</a></li> 
                                <li><a href="//www.elsevier.com/solutions/mendeley" title="Mendeley">Mendeley</a></li> 
                                <li><a href="//evolve.elsevier.com/" title="Evolve" rel="external" target="_blank">Evolve</a></li> 
                                <li><a href="//www.elsevier.com/solutions/knovel-engineering-information" title="Knovel">Knovel</a></li> 
                                <li><a href="//www.elsevier.com/solutions/reaxys" title="Reaxys">Reaxys</a></li> 
                                <li><a href="//www.clinicalkey.com/" title="Clinical Key" rel="external" target="_blank">ClinicalKey</a></li> 
                            </ul> 
                        </div> 
                    </li> 
                    <li class="accordion-navigation"> 
                        <a href="#footer-researchers" id="footer-researchers-heading" class="hide-for-large-up" role="tab" aria-controls="footer-researchers"> 
                            <p class="heading">Researchers<span class="open-icon"></span></p> 
                        </a> 
                        <p class="heading show-for-large-up">Researchers</p> 
                        <div id="footer-researchers" class="content" role="tabpanel" aria-labelledby="footer-researchers-heading"> 
                            <ul> 
                                <li><a href="//www.elsevier.com/authors/journal-authors/submit-your-paper" title="Submit your paper">Submit your paper</a></li> 
                                <li><a href="//www.elsevier.com/books-and-journals" title="Find Books & Journals">Find books &amp; journals</a></li> 
                                <li><a href="//www.elsevier.com/authors" title="visit Author Hub">Visit Author Hub</a></li> 
                                <li><a href="//www.elsevier.com/editors" title="visit Editor Hub">Visit Editor Hub</a></li> 
                                <li><a href="//www.elsevier.com/librarians" title="visit Librarian Hub">Visit Librarian Hub</a></li> 
                                <li><a href="//www.elsevier.com/reviewers" title="visit Reviewer Hub">Visit Reviewer Hub</a></li>
                                <li><a href="//service.elsevier.com/" title="Support center" target="_blank">Support center</a></li>
                            </ul> 
                        </div> 
                    </li> 
                    <li class="accordion-navigation"> 
                        <a href="#footer-elsevier" id="footer-elsevier-heading" class="hide-for-large-up" role="tab" aria-controls="footer-elsevier"> 
                            <p class="heading">Elsevier<span class="open-icon"></span></p> 
                        </a> 
                        <p class="heading show-for-large-up">Elsevier</p> 
                        <div id="footer-elsevier" class="content" role="tabpanel" aria-labelledby="footer-elsevier-heading"> 
                            <ul> 
                                <li><a href="//www.elsevier.com/about/our-business" title="Our business">Our business</a></li>
                                <li><a href="//www.elsevier.com/about/careers" title="Careers">Careers</a></li>
                                <li><a href="//www.elsevier.com/about/newsroom" title="Newsroom">Newsroom</a></li> 
                                <li><a href="//www.elsevier.com/contact" title="Contact">Contact</a></li>     
                                <li><a href="//www.elsevier.com/events" title="Events">Events</a></li> 
                                <li><a href="//www.elsevier.com/advertisers" title="Advertising">Advertising</a></li> 
                                <li><a href="//www.elsevier.com/publisher-relations" title="Publisher relations">Publisher relations</a></li> 
                            </ul> 
                        </div> 
                    </li> 
                    <li class="accordion-navigation last"> 
                        <a href="#footer-website" id="footer-website-heading" class="hide-for-large-up" role="tab" aria-controls="footer-website"> 
                            <p class="heading">Website<span class="open-icon"></span></p> 
                        </a> 
                        <p class="heading show-for-large-up" >Website</p> 
                        <div id="footer-website" class="content" role="tabpanel" aria-labelledby="footer-website-heading"> 
                            <ul> 
                                <li><a href="//www.elsevier.com/sitemap" title="Sitemap">Sitemap</a></li> 
                                <li><a href="//www.elsevier.com/feedback" title="Website Feedback">Website feedback</a></li> 
                            </ul> 
                        </div> 
                    </li> 
                </ul> 
                <div class="footer-social"> 
                    <span class="heading">Follow Elsevier</span> 
                    <div class="social-share"> 
                        <a href="https://www.facebook.com/ElsevierConnect" class="svg-icon-social" target="_blank" title="Icon social media facebook"> 
                            <img alt="Icon social media facebook" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-facebook.svg"> 
                        </a> 
                        <a href="https://www.linkedin.com/company/elsevier" class="svg-icon-social" target="_blank" title="Icon social media linkedin"> 
                            <img alt="Icon social media linkedin" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-linkedin.svg"> 
                        </a> 
                        <a href="https://twitter.com/ElsevierConnect" class="svg-icon-social" target="_blank" title="Icon social media twitter"> 
                            <img alt="Icon social media twitter" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-twitter.svg"> 
                        </a> 
                         <a href="https://www.youtube.com/c/elsevier/" class="svg-icon-social" target="_blank"> 
                            <img alt="Icon social media youtube" src="https://cdn.elsevier.io/verona/includes/svg/icon-social-youtube.svg"> 
                        </a>  
                    </div> 
                </div> 
            </div> 
        </div> 
    </section> 
    <section class="bottom"> 
    <div class="row">
        <div class="large-2 columns show-for-large-up">
            <a href="https://www.elsevier.com" class="els_link-image"> 
                <img src="https://www.elsevier.com/__data/assets/file/0003/278661/ELS_NS_Logo_2C_RGB.svg" width="85" height="94" class="nonsolus-logo" style="background: white" alt="Elsevier logo">
            </a>    
        </div>    
        <div class="large-7 columns">
            <p>Copyright &copy; 2017 Elsevier, except certain content provided by third party</p>
            <p>Cookies are used by this site. To decline or learn more, visit our <a href="//www.elsevier.com/legal/use-of-cookies" title="Cookies" target="_blank">Cookies</a> page.</p>
            <p><a href="//www.elsevier.com/legal/elsevier-website-terms-and-conditions" title="Terms and Conditions" target="_blank">Terms and Conditions</a>
                    <a href="//www.elsevier.com/legal/privacy-policy" class="els-document-link" title="Privacy Policy" target="_blank">Privacy Policy</a></p>
        </div>
        <div class="large-5 columns hide-for-large-up">
            <a href="https://www.elsevier.com" class="els_link-image"> 
                <img src="https://www.elsevier.com/__data/assets/file/0003/278661/ELS_NS_Logo_2C_RGB.svg" width="85" height="94" class="nonsolus-logo" style="background: white" alt="Elsevier logo">
            </a>  
            <a title="Go to RELX Group Homepage" href="http://www.reedelsevier.com/" class="els_link-image"> 
                <img width="150" alt="RELX Group Wordmark" src="https://cdn.elsevier.io/verona/includes/svg/logo-relxgroup.svg"> 
            </a> 
        </div>
        <div class="large-3 columns show-for-large-up"> 
            <a title="Go to RELX Group Homepage" href="http://www.reedelsevier.com/" class="els_link-image"> 
                <img width="150" alt="RELX Group Wordmark" src="https://cdn.elsevier.io/verona/includes/svg/logo-relxgroup.svg"> 
            </a> 
        </div> 
    </div>
    </section> 
</footer>        </div>
    </div>

<script  src="https://cdn.elsevier.io/matrix/ui/1.6.29/vendor.min.js"></script>
<script  src="https://cdn.elsevier.io/matrix/ui/1.6.29/scripts-bottom.min.js"></script>
<div id="surveyPopup" class="survey-trigger" style="display:none;">
<script>
   surveyOptions = {
      startDate: 1380622914,
      endDate: 1609373814,
      frequency: '',
      url: 'https://survey.confirmit.com/wix2/p2683244022.aspx',
      inactive: 'No',
      target: 0.1,
      cookieName: 'survey'
  }
  
  $(function(){
      surveyInit(surveyOptions);
  })
</script> 

<p>Elsevier.com visitor survey</p>
<p>We are always looking for ways to improve customer experience on Elsevier.com. <br />
We would like to ask you for a <b>moment of your time</b> to fill in a short questionnaire, <b>at the end of your visit</b>. <br /> 
<br/> 
If you decide to participate, a new browser window will open and remain open until you have<br /> completed your visit to this website. <br /><br /> Thanks in advance for your time.</p>
<a class="survey-accept cta-primary lightbox" href="http://survey.confirmit.com/wix2/p2683244022.aspx" rel="nofollow">Accept</a>&nbsp;<a class="survey-decline cta-primary">Decline</a></div>


</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/isyou.info/robots.txt version [8b3a296331].









>
>
>
>
1
2
3
4
Sitemap: http://isyou.info/sitemap.xml

User-agent: *
Disallow: 

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/iww.inria.fr/robots.txt.html version [45b56d8099].

cannot compute difference between binary files

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/jigsaw.w3.org/robots.txt version [6d6bb7b222].



































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# sample robots.txt file for Jigsaw

User-agent: *
Disallow: /guest-demos/
Disallow: /status/
Disallow: /demos/
Disallow: /HyperNews/
Disallow: /cgi-bin/
Disallow: /css-validator/docs/
Disallow: /Friends/
Disallow: /api/
Disallow: /Benoit/Public/DVDDB/
Disallow: /css-validator/validator
Disallow: /css-validator/check

# stupid bots! a 404 is a 404!... I have to disallow non
# existent directories :(

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/lii.rwth-aachen.de/robots.txt version [9efe309b6c].





























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# If the Joomla site is installed within a folder such as at
# e.g. www.example.com/joomla/ the robots.txt file MUST be
# moved to the site root at e.g. www.example.com/robots.txt
# AND the joomla folder name MUST be prefixed to the disallowed
# path, e.g. the Disallow rule for the /administrator/ folder
# MUST be changed to read Disallow: /joomla/administrator/
#
# For more information about the robots.txt standard, see:
# http://www.robotstxt.org/orig.html
#
# For syntax checking, see:
# http://www.sxw.org.uk/computing/robots/check.html

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /cli/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /logs/
Disallow: /media/
Disallow: /modules/
Disallow: /plugins/
Disallow: /templates/
Disallow: /tmp/

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/liinwww.ira.uka.de/robots.txt version [1576960d38].













































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# robots.txt for http://liinwww.ira.uka.de/
#
# config file to control the access of web robots to our server
#
# see http://info.webcrawler.com/mak/projects/robots/norobots.html
# for an explanation of this file.
User-agent: hyperbot WIRE ExtractorPro emailsiphon DIIbot
Disallow: /

User-agent: teleport MSIECrawler htdig wget www.pl Microsoft_Site_Analyst DIIbot Baiduspider
Disallow: /cgi-bin
Disallow: /icons
Disallow: /searchbib
Disallow: /waisbib
Disallow: /mpsbib
Disallow: /csbib
Disallow: /bibliography
Disallow: /bibliography/searchbib

User-agent: Baiduspider
Disallow: /cgi-bin
Disallow: /icons
Disallow: /searchbib
Disallow: /waisbib
Disallow: /mpsbib
Disallow: /csbib
Disallow: /bibliography/searchbib

# Scripts and icons are off-limits 
User-agent: *
Disallow: /cgi-bin
Disallow: /icons
Disallow: /searchbib
Disallow: /waisbib
Disallow: /mpsbib
Disallow: /csbib
Disallow: /bibliography/rss
Disallow: /bibliography/tools
Disallow: /bibliography/searchbib

# rahn's program and data files 
# -> work in progress, browsable yes but robots tend to query old pages 
Disallow: ~rahn/src
Disallow: ~rahn/diplom/src/prog
Disallow: ~rahn/leader/src/prog
Disallow: ~rahn/loop/src/prog
Disallow: ~rahn/loop/src/data/proof.3.3
Disallow: ~rahn/loop/src/data/proof.3.4
Disallow: ~rahn/loop/src/data/proof.3.5
Disallow: ~rahn/loop/src/data/proof.4.3
Disallow: ~rahn/loop/src/data/proof.4.4
Disallow: ~rahn/rule110.dat


Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/link.springer.com/chapter/10.1007/978-3-642-33704-8_6.html version [498aa2a77d].





























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
<!DOCTYPE HTML>
<html lang="en-gb" class="no-js">
    <head>
        <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=Edge,chrome=1"/>
<meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=2.5,user-scalable=yes">
    <meta name="citation_publisher" content="Springer, Berlin, Heidelberg"/>
    <meta name="citation_title" content="A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols"/>
    <meta name="citation_doi" content="10.1007/978-3-642-33704-8_6"/>
    <meta name="citation_language" content="en"/>
    <meta name="citation_abstract_html_url" content="https://link.springer.com/chapter/10.1007/978-3-642-33704-8_6"/>
    <meta name="citation_fulltext_html_url" content="https://link.springer.com/chapter/10.1007/978-3-642-33704-8_6"/>
    <meta name="citation_pdf_url" content="https://link.springer.com/content/pdf/10.1007%2F978-3-642-33704-8_6.pdf"/>
    <meta name="citation_springer_api_url" content="http://api.springer.com/metadata/pam?q&#x3D;doi:10.1007/978-3-642-33704-8_6&amp;api_key&#x3D;"/>
    <meta name="citation_firstpage" content="65"/>
    <meta name="citation_lastpage" content="76"/>
    <meta name="citation_author" content="Joe-Kai Tsay"/>
    <meta name="citation_author_institution" content="Norwegian University of Sciences and Technology, NTNU"/>
    <meta name="citation_author" content="Stig F. Mjølsnes"/>
    <meta name="citation_author_institution" content="Norwegian University of Sciences and Technology, NTNU"/>
    <meta name="dc.identifier" content="10.1007/978-3-642-33704-8_6"/>
    <meta name="format-detection" content="telephone&#x3D;no"/>
    <meta name="meta:description" content="We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well a"/>
    <meta name="twitter:card" content="summary"/>
    <meta name="twitter:title" content="A Vulnerability in the UMTS and LTE Authentication and Key Agreement P"/>
    <meta name="twitter:description" content="We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well a"/>
    <meta name="twitter:image" content="https://static-content.springer.com/cover/book/978-3-642-33704-8.jpg"/>
    <meta name="twitter:image:alt" content="Content cover image"/>
    <meta name="twitter:site" content="SpringerLink"/>
    <meta name="citation_inbook_title" content="Computer Network Security"/>
    <meta name="citation_publication_date" content="2012/10/17"/>
    <meta name="citation_conference_series_id" content="springer/mmmacns"/>
    <meta name="citation_conference_title" content="International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security"/>
    <meta name="citation_conference_sequence_num" content="6"/>
    <meta name="citation_conference_abbrev" content="MMM-ACNS"/>
    <meta property="og:title" content="A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols"/>
    <meta property="og:description" content="We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well a"/>
    <meta property="og:type" content="Paper"/>
    <meta property="og:url" content="https://link.springer.com/chapter/10.1007/978-3-642-33704-8_6"/>
    <meta property="og:image" content="https://link.springer.com/springerlink-static/1943367513/images/png/SL-Square.png"/>
    <meta property="og:site_name" content="SpringerLink"/>

        <title>A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols | SpringerLink</title>
        <link rel="canonical" href="https://link.springer.com/chapter/10.1007/978-3-642-33704-8_6"/>
        <link rel="shortcut icon" href="/springerlink-static/1943367513/images/favicon/favicon.ico" />
<link rel="icon" sizes="16x16 32x32 48x48" href="/springerlink-static/1943367513/images/favicon/favicon.ico">
<link rel="icon" sizes="16x16" type="image/png" href="/springerlink-static/1943367513/images/favicon/favicon-16x16.png">
<link rel="icon" sizes="32x32" type="image/png" href="/springerlink-static/1943367513/images/favicon/favicon-32x32.png">
<link rel="icon" sizes="48x48" type="image/png" href="/springerlink-static/1943367513/images/favicon/favicon-48x48.png">
<link rel="apple-touch-icon-precomposed" href="/springerlink-static/1943367513/images/favicon/app-icon-iphone@3x.png">
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="/springerlink-static/1943367513/images/favicon/ic_launcher_hdpi.png" />
<link rel="apple-touch-icon-precomposed" sizes="76x76" href="/springerlink-static/1943367513/images/favicon/app-icon-ipad.png" />
<link rel="apple-touch-icon-precomposed" sizes="114x114" href="/springerlink-static/1943367513/images/favicon/app-icon-114x114.png" />
<link rel="apple-touch-icon-precomposed" sizes="120x120" href="/springerlink-static/1943367513/images/favicon/app-icon-iphone@2x.png" />
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/springerlink-static/1943367513/images/favicon/ic_launcher_xxhdpi.png" />
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="/springerlink-static/1943367513/images/favicon/app-icon-ipad@2x.png" />
<link rel="apple-touch-icon-precomposed" sizes="180x180" href="/springerlink-static/1943367513/images/favicon/app-icon-iphone@3x.png" />
<meta name="msapplication-TileColor" content="#ffffff">
<meta name="msapplication-TileImage" content="/springerlink-static/1943367513/images/favicon/ic_launcher_xxhdpi.png">
        <link rel="dns-prefetch" href="//fonts.gstatic.com" />
<link rel="dns-prefetch" href="//fonts.googleapis.com" />
<link rel="dns-prefetch" href="//google-analytics.com" />
<link rel="dns-prefetch" href="//www.google-analytics.com" />
<link rel="dns-prefetch" href="//www.googletagservices.com" />
<link rel="dns-prefetch" href="//www.googletagmanager.com" />
<link rel="dns-prefetch" href="//static-content.springer.com" />
        <link rel="stylesheet" href="/springerlink-static/1943367513/css/basic.css" media="screen">
<link rel="stylesheet" href="/springerlink-static/1943367513/css/styles.css" class="js-ctm" media="only screen and (-webkit-min-device-pixel-ratio:0) and (min-color-index:0), (-ms-high-contrast: none), only all and (min--moz-device-pixel-ratio:0) and (min-resolution: 3e1dpcm)">
<link rel="stylesheet" href="/springerlink-static/1943367513/css/print.css" media="print">


            <script id="webtrekk-properties">
    var webtrekkProperties = {
          trackDomain : "springergmbh01.webtrekk.net",
          trackId : "935649882378213",
      };
    </script>
    <script type="text/javascript" async src="/springerlink-static/1943367513/js/webtrekk_v4.min.js"></script>

            <script>
        var dataLayer = [{
                'GA Key':'UA-26408784-1',
                'Event Category':'Conference Paper',
                'Open Access':'N',
                'Labs':'Y',
                'DOI':'10.1007\/978-3-642-33704-8_6',
                'VG Wort Identifier':'pw-vgzm.415900-10.1007-978-3-642-33704-8_6',
                'HasAccess':'N',
                'Full HTML':'N',
                'Has Body':'N',
                'Static Hash':'1943367513',
                'Has Preview':'Y',
                'user':{'license': {'businessPartnerID': [], 'businessPartnerIDString': ''}},
                'content':{'type': 'chapter', 'book': {'seriesTitle': 'Lecture Notes in Computer Science', 'bookProductType': 'Proceedings', 'eIsbn': '978-3-642-33704-8', 'seriesId': '558', 'title': 'Computer Network Security', 'doi': '10.1007/978-3-642-33704-8'}, 'chapter': {'doi': '10.1007/978-3-642-33704-8_6'}, 'category': {'pmc': {'primarySubject': 'Computer Science', 'primarySubjectCode': 'I', 'secondarySubjects': {'4': 'Data Encryption', '5': 'Operating Systems', '6': 'Computer System Implementation', '1': 'Systems and Data Security', '2': 'Computer Communication Networks', '3': 'Computers and Society'}, 'secondarySubjectCodes': {'4': 'I15033', '5': 'I14045', '6': 'I13057', '1': 'I14050', '2': 'I13022', '3': 'I24040'}}}},
                'Access Type':'noaccess',
                'Page':'chapter',
                'Bpids':'',
                'Bpnames':'',
                'SubjectCodes':'I, I14050, I13022, I24040, I15033, I14045, I13057',
                'Keywords':'Applied Cryptography, Vulnerability Assessment, Security Protocols, Authentication, Mobile Network Security, LTE, UMTS',
                'Country':'EE',
                'ConferenceSeriesId':'mmmacns',
        }];
    </script>

    <!-- Google Tag Manager -->
    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
            new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
            j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
            'https://www.googletagmanager.com/gtm.js?cache-busting=' + new Date().getTime() + '&id='+i+dl;f.parentNode.insertBefore(j,f);
    })(window,document,'script','dataLayer','GTM-WCF9Z9');</script>
    <!-- End Google Tag Manager -->

    </head>
    <body>
        <noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-WCF9Z9"
                      height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>

    <nav class="skip-to">
    <a class="skip-to__link skip-to__link--article" href="#main-content" title="Skip directly to the main content">Skip to main content</a>
</nav>
        <div class="page-wrapper">
            <noscript>
    <div class="nojs-banner u-interface">
        <p>This service is more advanced with JavaScript available, learn more at <a
                href="http://activatejavascript.org" target="_blank" rel="noopener noreferrer">http://activatejavascript.org</a>
        </p>
    </div>
</noscript>
                    <div id="leaderboard" class="leaderboard u-hide" data-component="SpringerLink.GoogleAdsLeaderboard"></div>

                <header id="header" class="header u-interface" role="banner">
        <div class="header__content">
            <div class="header__menu-container">
                    <a id="logo" class="site-logo" href="/" title="Go to homepage">
            <span class="u-screenreader-only">SpringerLink</span>
            <svg class="site-logo__springer" width="148" height="30" role="img" aria-label="SpringerLink Logo">
                <image width="148" height="30" alt="SpringerLink Logo" src="/springerlink-static/1943367513/images/png/springerlink.png" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="/springerlink-static/1943367513/images/svg/springerlink.svg"></image>
            </svg>
    </a>

                    <div class="nav-container u-interface">
    <div class="global-nav__wrapper">
        <div class="search-button">
            <a class="search-button__label" href="#search-container">
                <span class="search-button__title">Search</span><svg width="12" height="12" viewBox="222 151 12 12" version="1.1" xmlns="http://www.w3.org/2000/svg">
                    <path d="M227 159C228.7 159 230 157.7 230 156 230 154.3 228.7 153 227 153 225.3 153 224 154.3 224 156 224 157.7 225.3 159 227 159L227 159 227 159 227 159ZM230 160.1L231.1 159 233.9 161.7C234.2 162.1 234.2 162.6 233.9 162.9 233.6 163.2 233.1 163.2 232.7 162.9L230 160.1 230 160.1 230 160.1 230 160.1ZM227 161L227 161C224.2 161 222 158.8 222 156 222 153.2 224.2 151 227 151 229.8 151 232 153.2 232 156 232 158.8 229.8 161 227 161L227 161 227 161 227 161 227 161Z" stroke="none" fill-rule="evenodd"></path>
                </svg>
            </a>
        </div>

        <ul class="global-nav" data-component="SpringerLink.Menu" data-title="Navigation menu" data-text="Menu" role="navigation">
            <li>
                <a href="/">
                    <span class="u-overflow-ellipsis">Home</span>
                </a>
            </li>
            <li>
                <a href="/contactus">
                    <span class="u-overflow-ellipsis">Contact Us</span>
                </a>
            </li>

                <li class="global-nav__logged-out">
                    <a class="test-login-link" href="//link.springer.com/signup-login?previousUrl=https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-33704-8_6">
                        <span class="u-overflow-ellipsis">Log in</span>
                    </a>
                </li>

        </ul>
    </div> 
</div> 
            </div>

        </div>

            <div id="search-container">
                <div class="search">
                    <div class="search__content">
                        <form class="u-form-single-input" action="/search" method="get" role="search">
    <input aria-label="Search" name="query" type="text" autocomplete="off" value="" placeholder="Search">
    <input class="u-hide-text" type="submit" value="Submit" title="Submit">
    <svg class="u-vertical-align-absolute" width="13" height="13" viewBox="222 151 13 13" version="1.1" xmlns="http://www.w3.org/2000/svg">
        <path d="M227 159C228.7 159 230 157.7 230 156 230 154.3 228.7 153 227 153 225.3 153 224 154.3 224 156 224 157.7 225.3 159 227 159L227 159 227 159 227 159ZM230 160.1L231.1 159 233.9 161.7C234.2 162.1 234.2 162.6 233.9 162.9 233.6 163.2 233.1 163.2 232.7 162.9L230 160.1 230 160.1 230 160.1 230 160.1ZM227 161L227 161C224.2 161 222 158.8 222 156 222 153.2 224.2 151 227 151 229.8 151 232 153.2 232 156 232 158.8 229.8 161 227 161L227 161 227 161 227 161 227 161Z" stroke="none" fill-rule="evenodd"/>
    </svg>
</form>
                    </div>
                </div>
            </div>
    </header>

            
            

            <main role="main" id="main-content">
                <article class="main-wrapper">
                    <div class="main-container uptodate-recommendations-off">
                        <aside class="main-sidebar-left">
                            <div class="main-sidebar-left__content">
                                <div class="test-cover cover-image">
        <a class="test-cover-link" href="/book/10.1007/978-3-642-33704-8" title="Computer Network Security">
            <img class="test-cover-image" src="https://static-content.springer.com/cover/book/978-3-642-33704-8.jpg" alt="Computer Network Security" itemprop="image"/>
        </a>

</div>
                            </div>
                        </aside>

                        <div class="main-body " data-role="NavigationContainer">
                            <div class="main-body__content">

                                    


    <div class="sticky-banner sticky-banner--narrow u-interface u-js-screenreader-only" aria-hidden="true" data-component="SpringerLink.StickyBanner" data-namespace="hasLink">
        <div class="sticky-banner__container">
                <a href="#buy" class="sticky-banner__buybox-link sticky-banner__buybox-link--sticky gtm-buybox-anchor">
        Buy options
    </a>

        </div>
    </div>


                                    




                                <!DOCTYPE html
  SYSTEM "about:legacy-compat">
<div xmlns="http://www.w3.org/1999/xhtml" class="FulltextWrapper"><div class="ArticleHeader main-context"><div id="enumeration" class="enumeration">    <div>
        <a class="gtm-confseries-link" data-test="ConfSeriesLink" href="/conference/mmmacns" >
            <span data-test="ConfSeriesName"> International Conference on Mathematical Methods, Models, and Architectures for Computer Network Security</span>
        </a>
    </div>
<p class="test-LocationInConferenceProceeding icon--meta-keyline-before"><span data-test="ConferenceAcronym">MMM-ACNS 2012</span>: <span class="BookTitle"><a href="/book/10.1007/978-3-642-33704-8" class="gtm-book-link">Computer Network Security</a></span><span class="page-numbers-info">
              pp 65-76</span></p></div><div xmlns="" class="MainTitleSection"><h1 xmlns="http://www.w3.org/1999/xhtml" class="ChapterTitle" lang="en">A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols</h1></div><div class="authors u-clearfix" data-component="SpringerLink.Authors"><ul class="u-interface u-inline-list authors__title" data-role="AuthorsNavigation"><li><span>Authors</span></li><li><a href="#authorsandaffiliations" class="gtm-tab-authorsandaffiliations">Authors and affiliations</a></li></ul><div class="authors__list" data-role="AuthorsList"><ul class="test-contributor-names"><li><span itemprop="name" class="authors__name">Joe-Kai Tsay</span></li><li><span itemprop="name" class="authors__name">Stig F. Mjølsnes</span></li></ul></div></div><div class="main-context__container main-context__container--duel" data-component="SpringerLink.ChapterMetrics"><div class="main-context__column"><span><span class="test-render-category">Conference paper</span></span><div class="article-dates" data-component="SpringerLink.ArticleDates"><dl></dl><dl class="article-dates__history"></dl></div><p class="article-doi"><abbr title="Digital Object Identifier">DOI</abbr>:
            10.1007/978-3-642-33704-8_6</p></div>    <div class="main-context__column">
        <ul id="book-metrics" class="article-metrics">
                <li class="article-metrics__item">
                        <a class="article-metrics__link gtm-chaptercitations-count" href="http://www.bookmetrix.com/detail/chapter/eb972598-d606-48ca-96a7-74bd3ae2af6c#citations" target="_blank" rel="noopener noreferrer"
                           title="Visit Bookmetrix for full citation details" id="chaptercitations-link">
                           <span id="chaptercitations-count-number" class="test-metric-count c-button-circle gtm-chaptercitations-count">2</span>
                           <span class="test-metric-name article-metrics__label gtm-chaptercitations-count">Citations</span>
                        </a>
                </li>
                <li class="article-metrics__item">
                        <a class="article-metrics__link gtm-chapterdownloads-count" href="http://www.bookmetrix.com/detail/chapter/eb972598-d606-48ca-96a7-74bd3ae2af6c#downloads" target="_blank" rel="noopener noreferrer"
                           title="Visit Bookmetrix for full download details" id="chapterdownloads-link">
                           <span id="chapterdownloads-count-number" class="test-metric-count c-button-circle gtm-chapterdownloads-count">1.2k</span>
                           <span class="test-metric-name article-metrics__label gtm-chapterdownloads-count">Downloads</span>
                        </a>
                </li>
        </ul>
    </div>
</div><span class="vol-info">
                Part of the
                <a class="gtm-book-series-link" href="/bookseries/558">Lecture Notes in Computer Science</a>
                book series (LNCS, volume 7531)</span><div class="main-context__column"><dl class="article-cite"><dt class="test-cite-heading">Cite this paper as: </dt><dd id="citethis-text">Tsay JK., Mjølsnes S.F. (2012) A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols. In: Kotenko I., Skormin V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg</dd></dl></div></div><section class="Abstract" id="Abs1" tabindex="-1" lang="en"><h2 class="Heading">Abstract</h2><p class="Para">We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well as the specification of the GSM Subscriber Identity Authentication protocol, which are all maintained by the 3rd Generation Partnership Program (3GPP), an international consortium of telecommunications standards bodies. The flaw, although found using the computational prover CryptoVerif, is of symbolic nature and could be exploited by both an outside and an inside attacker in order to violate entity authentication properties. An inside attacker may impersonate an honest user during a run of the protocol and apply the session key to use subsequent wireless services on behalf of the honest user.</p></section><div class="KeywordGroup" lang="en"><h3 class="Heading">Keywords</h3><span class="Keyword">Applied Cryptography </span><span class="Keyword">Vulnerability Assessment </span><span class="Keyword">Security Protocols </span><span class="Keyword">Authentication </span><span class="Keyword">Mobile Network Security </span><span class="Keyword">LTE </span><span class="Keyword">UMTS </span></div><div class="article-actions--inline" id="article-actions--inline" data-component="article-actions--inline"></div><section id="Sample" class="pdf-preview"><h2 class="Heading">Preview</h2><object id="test-pdf-preview" class="pdf-preview__embed pdf-preview__embed--height" data="//page-one.live.cf.public.springer.com/pdf/preview/10.1007/978-3-642-33704-8_6" type="application/pdf" width="100%" data-component="SpringerLink.PdfPreview"><p class="u-interface" data-fallback-text="true">Unable to display preview.&nbsp;<a href="//page-one.live.cf.public.springer.com/pdf/preview/10.1007/978-3-642-33704-8_6" target="_blank" rel="noopener noreferrer">Download preview PDF.</a></p></object><p class="pdf-preview__info u-interface">Unable to display preview.&nbsp;<a href="//page-one.live.cf.public.springer.com/pdf/preview/10.1007/978-3-642-33704-8_6" target="_blank" rel="noopener noreferrer">Download preview PDF.</a></p></section><aside class="Bibliography" id="Bib1" tabindex="-1"><h3 class="Heading">References</h3><div class="content"><ol class="BibliographyWrapper"><li class="Citation"><div class="CitationNumber">1.</div><div class="CitationContent" id="CR1">3GPP TS 33.102. 3G Security; Formal Analysis of the 3G Authentication Protocol, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/33902.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/33902.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">2.</div><div class="CitationContent" id="CR2">3GPP TS 29.002. Digital cellular telecommunications system (Phase 2+); Universal Mobile Telecommunications System (UMTS); Mobile Application Part (MAP) specification, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/29002.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/29002.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">3.</div><div class="CitationContent" id="CR3">3GPP TS 33.102. LTE; 3G Security; Security Architecture, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/33102.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/33102.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">4.</div><div class="CitationContent" id="CR4">3GPP TS 33.200. 3G Security; Network Domain Security (NDS); Mobile Application Part (MAP) application layer security, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/33200.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/33200.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">5.</div><div class="CitationContent" id="CR5">3GPP TS 33.210. LTE; 3G Security; Network Domain Security (NDS); IP network layer security, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/33210.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/33210.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">6.</div><div class="CitationContent" id="CR6">3GPP TS 33.310. LTE; Network Domain Security (NDS); Authentication Framework (AF), <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/33310.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/33310.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">7.</div><div class="CitationContent" id="CR7">3GPP TS 33.401. LTE; 3GPP System Architecture Evolution (SAE); Security Architecture, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/33401.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/33401.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">8.</div><div class="CitationContent" id="CR8">3GPP TS 42.009. Digital cellular telecommunications system (Phase 2+); Security Aspects, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/42009.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/42009.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">9.</div><div class="CitationContent" id="CR9">3GPP TS 43.020. Digital cellular telecommunications system (Phase 2+); Security related network functions, <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.3gpp.org/ftp/Specs/html-info/43020.html"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.3gpp.org/ftp/Specs/html-info/43020.html</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">10.</div><div class="CitationContent" id="CR10">Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M.: Formal Analysis of UMTS Privacy. CoRR, abs/1109.2066 (2011), <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://arxiv.org/abs/1109.2066"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://arxiv.org/abs/1109.2066</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">11.</div><div class="CitationContent" id="CR11">Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (June 2001)<span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">12.</div><div class="CitationContent" id="CR12">Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (June 2001)<span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">13.</div><div class="CitationContent" id="CR13">Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 140–154 (May 2006)<span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">14.</div><div class="CitationContent" id="CR14">Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. IEEE Transactions on Dependable and Secure Computing 5(4), 193–207 (2006); Special issue IEEE Symposium on Security and Privacy 2006<span class="Occurrences"><span class="Occurrence OccurrenceAMSID"><a class="gtm-reference" data-reference-type="MathSciNet" target="_blank" rel="noopener noreferrer" href="http://www.ams.org/mathscinet-getitem?mr=2265249"><span><span>MathSciNet</span></span></a></span><span class="Occurrence OccurrenceDOI"><a class="gtm-reference" data-reference-type="CrossRef" target="_blank" rel="noopener noreferrer" href="http://dx.doi.org/10.1109/TDSC.2007.1005"><span><span>CrossRef</span></span></a></span><span class="Occurrence OccurrenceGS"><a target="_blank" rel="noopener noreferrer" class="google-scholar-link gtm-reference" data-reference-type="Google Scholar" href="http://scholar.google.com/scholar_lookup?title=A%20Computationally%20Sound%20Mechanized%20Prover%20for%20Security%20Protocols&amp;author=B..%20Blanchet&amp;journal=IEEE%20Transactions%20on%20Dependable%20and%20Secure%20Computing&amp;volume=5&amp;issue=4&amp;pages=193-207&amp;publication_year=2006"><span><span>Google Scholar</span></span></a></span></span></div></li><li class="Citation"><div class="CitationNumber">15.</div><div class="CitationContent" id="CR15">Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29), 198–208 (1983)<span class="Occurrences"><span class="Occurrence OccurrenceAMSID"><a class="gtm-reference" data-reference-type="MathSciNet" target="_blank" rel="noopener noreferrer" href="http://www.ams.org/mathscinet-getitem?mr=712376"><span><span>MathSciNet</span></span></a></span><span class="Occurrence OccurrenceDOI"><a class="gtm-reference" data-reference-type="CrossRef" target="_blank" rel="noopener noreferrer" href="http://dx.doi.org/10.1109/TIT.1983.1056650"><span><span>CrossRef</span></span></a></span><span class="Occurrence OccurrenceGS"><a target="_blank" rel="noopener noreferrer" class="google-scholar-link gtm-reference" data-reference-type="Google Scholar" href="http://scholar.google.com/scholar_lookup?title=On%20the%20security%20of%20public-key%20protocols&amp;author=D..%20Dolev&amp;author=A..%20Yao&amp;journal=IEEE%20Transactions%20on%20Information%20Theory&amp;volume=2&amp;issue=29&amp;pages=198-208&amp;publication_year=1983"><span><span>Google Scholar</span></span></a></span></span></div></li><li class="Citation"><div class="CitationNumber">16.</div><div class="CitationContent" id="CR16">IETF. Diameter Base Protocol RFC 3588 (September 2003), <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.ietf.org/rfc/rfc3588.txt"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.ietf.org/rfc/rfc3588.txt</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">17.</div><div class="CitationContent" id="CR17">International Telecom Union. ICT Indication Database (2011), <span class="ExternalRef"><a target="_blank" rel="noopener noreferrer" href="http://www.itu.int/ITU-D/ict/statistics/"><span class="RefSource"><span class="EmphasisFontCategoryNonProportional ">http://www.itu.int/ITU-D/ict/statistics/</span></span></a></span>
                <span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">18.</div><div class="CitationContent" id="CR18">Meyer, U., Wetzel, S.: A man-in-the-middle attack on UMTS. In: Proceedings of the 3rd ACM Workshop on Wireless Security (WiSe 2004), Philadelphia, PA, USA, pp. 90–97 (2004)<span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">19.</div><div class="CitationContent" id="CR19">Mjølsnes, S.F., Tsay, J.-K.: Compuational Security Analysis of the UMTS and LTE Authentication and Key Agreement Protocols. CoRR, abs/1203.3866 (2012)<span class="Occurrences"></span></div></li><li class="Citation"><div class="CitationNumber">20.</div><div class="CitationContent" id="CR20">Zhang, M., Fang, Y.: Security analysis and enhancements of 3GPP authentication and key agreement protocol. IEEE Transactions on Wireless Communications 4(2), 734–742 (2005)<span class="Occurrences"><span class="Occurrence OccurrenceDOI"><a class="gtm-reference" data-reference-type="CrossRef" target="_blank" rel="noopener noreferrer" href="http://dx.doi.org/10.1109/TWC.2004.842941"><span><span>CrossRef</span></span></a></span><span class="Occurrence OccurrenceGS"><a target="_blank" rel="noopener noreferrer" class="google-scholar-link gtm-reference" data-reference-type="Google Scholar" href="http://scholar.google.com/scholar_lookup?title=Security%20analysis%20and%20enhancements%20of%203GPP%20authentication%20and%20key%20agreement%20protocol&amp;author=M..%20Zhang&amp;author=Y..%20Fang&amp;journal=IEEE%20Transactions%20on%20Wireless%20Communications&amp;volume=4&amp;issue=2&amp;pages=734-742&amp;publication_year=2005"><span><span>Google Scholar</span></span></a></span></span></div></li></ol></div></aside><section class="Section1 RenderAsSection1"><h2 class="Heading" id="copyrightInformation">Copyright information</h2><div class="ArticleCopyright content"><div class="ChapterCopyright">© Springer-Verlag Berlin Heidelberg 2012</div></div></section><section id="authorsandaffiliations" class="Section1 RenderAsSection1"><h2 class="Heading">Authors and Affiliations</h2><div class="content authors-affiliations u-interface"><ul class="test-contributor-names"><li><span itemprop="name" class="authors-affiliations__name">Joe-Kai Tsay</span><ul class="authors-affiliations__indexes u-inline-list" data-role="AuthorsIndexes"><li data-affiliation="affiliation-1">1</li></ul></li><li><span itemprop="name" class="authors-affiliations__name">Stig F. Mjølsnes</span><ul class="authors-affiliations__indexes u-inline-list" data-role="AuthorsIndexes"><li data-affiliation="affiliation-1">1</li></ul></li></ul><ol class="test-affiliations"><li class="affiliation" data-test="affiliation-1" data-affiliation-highlight="affiliation-1" itemprop="affiliation" itemscope="" itemtype="http://schema.org/Organization"><span class="affiliation__count">1.</span><span class="affiliation__item"><span itemprop="department" class="affiliation__department">Department of Telematics</span><span itemprop="name" class="affiliation__name">Norwegian University of Sciences and Technology, NTNU</span><span itemprop="country" class="affiliation__country">Norway</span></span></li></ol></div></section></div>

                                <aside class="content-type-about" id="AboutThisContent">
    <h2 class="Heading" id="aboutcontent">About this paper</h2>
    <div class="content bibliographic-information">
        
            <div class="crossmark__adjacent">
                    <ul class="bibliographic-information__list bibliographic-information__list--inline">
            <li class="bibliographic-information__item">
                <span class="bibliographic-information__title">Publisher Name</span>
                <span class="bibliographic-information__value" id="publisher-name">Springer, Berlin, Heidelberg</span>
            </li>
            <li class="bibliographic-information__item">
                <span class="bibliographic-information__title">Print ISBN</span>
                <span class="bibliographic-information__value" id="print-isbn">978-3-642-33703-1</span>
            </li>
            <li class="bibliographic-information__item ">
                <span class="bibliographic-information__title">Online ISBN</span>
                <span class="bibliographic-information__value" id="electronic-isbn">978-3-642-33704-8</span>
            </li>

                <li class="bibliographic-information__item">
            <span class="bibliographic-information__title">eBook Packages</span>
                <span class="bibliographic-information__value"><a id="ebook-package" href="/search?facet-content-type&#x3D;%22Book%22&amp;package&#x3D;11645&amp;facet-start-year&#x3D;2012&amp;facet-end-year&#x3D;2012">Computer Science</a></span>
        </li>

    </ul>

                <ul class="bibliographic-information__list">
    <li class="bibliographic-information__item">
        <a id="about-book" href="//www.springer.com/978-3-642-33703-1?wt_mc&#x3D;ThirdParty.SpringerLink.3.EPR653.About_eBook" class="gtm-about-this " >About this book</a>
    </li>

    <li class="bibliographic-information__item">
        <a id="reprintsandpermissions-link" class="u-external" target="_blank" rel="noopener noreferrer" href="https://s100.copyright.com/AppDispatchServlet?publisherName&#x3D;Springer&amp;orderBeanReset&#x3D;true&amp;orderSource&#x3D;SpringerLink&amp;author&#x3D;Joe-Kai+Tsay&amp;contentID&#x3D;10.1007%2F978-3-642-33704-8_6&amp;openAccess&#x3D;false&amp;endPage&#x3D;76&amp;publicationDate&#x3D;2012&amp;startPage&#x3D;65&amp;title&#x3D;A+Vulnerability+in+the+UMTS+and+LTE+Authentication+and+Key+Agreement+Protocols&amp;imprint&#x3D;Springer-Verlag+Berlin+Heidelberg&amp;publication&#x3D;eBook&amp;authorAddress&#x3D;Norway" title="Visit RightsLink for information about reusing this paper">Reprints and Permissions</a>
    </li>
</ul>
            </div>
        
            
    </div>
</aside>

                                <div class="collapsible-section uptodate-recommendations gtm-recommendations">
    <h2 class="uptodate-recommendations__title collapsible-section__heading gtm-recommendations__title" id="uptodaterecommendations">Personalised recommendations</h2>
    <div class="collapsible-section__content">
        <div class="uptodate-recommendations__container">
             <link rel="uptodate-inline" href="/springerlink-static/1943367513/css/recommendations.css"/>
        </div>
    </div>
</div>
                            </div>
                        </div>

                        <aside class="main-sidebar-right u-interface">
                            <div data-role="sticky-wrapper">
                                <div class="main-sidebar-right__content u-composite-layer" data-component="SpringerLink.StickySidebar">
                                    <div class="article-actions" id="article-actions">
                                        <h2 class="u-screenreader-only">Actions</h2>

                                            <div id="buy">
                                                


<style type="text/css">
    .buybox {
        margin: 16px 0 0;
        position: relative;
    }
    .buybox {
        font-family: Source Sans Pro, Helvetica, Arial, sans-serif;
        font-size: 14px;
        font-size: 1.4rem;
    }
    .buybox {
        zoom: 1;
    }
    .buybox:after,
    .buybox:before {
        content: '';
        display: table;
    }
    .buybox:after {
        clear: both;
    }
    /*---------------------------------*/
    .buybox .buybox__header {
        border: 1px solid #b3b3b3;
        border-bottom: 0;
        padding: 8px;
        position: relative;
        background-color: #f2f2f2;
    }
    .buybox__header .buybox__login {
        font-family: Source Sans Pro, Helvetica, Arial, sans-serif;
        font-size: 14px;
        font-size: 1.4rem;
        letter-spacing: .017em;
        display: inline-block;
        line-height: 1.2;
        padding: 0;
    }
    .buybox__header .buybox__login:before {
        position: absolute;
        top: 50%;
        -webkit-transform: perspective(1px) translateY(-50%);
        transform: perspective(1px) translateY(-50%);
        content: '\A';
        width: 34px;
        height: 34px;
        left: 10px;
    }
    /*---------------------------------*/
    .buybox .buybox__body {
        padding: 0;
        padding-bottom: 16px;
        position: relative;
        text-align: center;
        background-color: #fcfcfc;
        border: 1px solid #b3b3b3;
    }
    /******/
    .buybox__body .buybox__section {
        padding: 16px 12px 0 12px;
        text-align: left;
    }
    .buybox__section .buybox__buttons {
        text-align: center;
        width: 100%;
    }
    /********** mycopy buybox specific **********/
    .buybox.mycopy__buybox .buybox__body {
        background-color: transparent;
    }
    .buybox.mycopy__buybox .buybox__section .buybox__buttons {
        border-top: 0;
        padding-top: 0;
    }
    /******/
    .buybox__section:nth-child(2) .buybox__buttons {
        border-top: 1px solid #b3b3b3;
        padding-top: 20px;
    }
    .buybox__buttons .buybox__buy-button {
        display: inline-block;
        text-align: center;
        margin-bottom: 5px;
        padding: 6px 12px;
        max-width: 180px
    }
    .buybox__buttons .buybox__price {
        white-space: nowrap;
        text-align: center;
        font-size: larger;
        padding-top: 6px;
    }
    .buybox__section .buybox__meta {
        letter-spacing: 0;
        padding-top: 12px;
    }
    .buybox__section .buybox__meta:only-of-type {
        padding-top: 0;
        position: relative;
        bottom: 6px;
    }
    /********** mycopy buybox specific **********/
    .buybox.mycopy__buybox .buybox__section .buybox__meta {
        margin-top: 0;
        margin-bottom: 0;
    }
    /******/
    .buybox__meta .buybox__product-title {
        display: inline;
        font-weight: bold;
    }
    .buybox__meta .buybox__list {
        line-height: 1.3;
    }
    .buybox__meta .buybox__list li {
        position: relative;
        padding-left: 1em;
        list-style: none;
        margin-bottom: 5px;
    }
    .buybox__meta .buybox__list li:before {
        font-size: 1em;
        content: '\2022';
        float: left;
        position: relative;
        top: .1em;
        font-family: serif;
        font-weight: 600;
        text-align: center;
        line-height: inherit;
        color: #666;
        width: auto;
        margin-left: -1em;
    }
    .buybox__meta .buybox__list li:last-child {
        margin-bottom: 0;
    }
    /********** chapter buybox specific **********/
    .buybox.chapter__buybox .buybox__section .buybox__meta {
        border-top: 1px solid #d3d3d3;
        padding-top: 12px;
    }
    .buybox.chapter__buybox .buybox__section .buybox__buy-ebook {
        margin-bottom: 12px;
    }
    /******/
    /*---------------------------------*/
    .buybox .buybox__footer {
        border: 1px solid #b3b3b3;
        border-top: 0;
        padding: 8px;
        position: relative;
        border-style: dashed;
        line-height: 1.3;
    }
    /*-----------------------------------------------------------------*/
    @media screen and (min-width: 460px) and (max-width: 1074px) {
        .buybox__body .buybox__section {
            display: inline-block;
            vertical-align: top;
            padding: 12px 12px;
            padding-bottom: 0;
            text-align: left;
            width: 48%;
        }
        .buybox__body .buybox__section {
            padding-top: 16px;
            padding-left: 0;
        }
        .buybox__section:nth-of-type(2) .buybox__meta {
            border-left: 1px solid #d3d3d3;
            padding-left: 28px;
        }
        .buybox__section:nth-of-type(2) .buybox__buttons {
            border-top: 0;
            padding-top: 0;
            padding-left: 16px ;
        }
        .buybox__buttons .buybox__buy-button {
        }
        /********** article buybox specific **********/
        .buybox.article__buybox .buybox__section:nth-of-type(2) {
            margin-top: 16px;
            padding-top: 0;
        }
        .buybox.article__buybox .buybox__section:nth-of-type(2) .buybox__meta {
            margin-top: 40px;
            padding-top: 0;
            padding-bottom: 45px;
        }
        .buybox.article__buybox .buybox__section:nth-of-type(2) .buybox__meta:only-of-type {
            margin-top: 8px;
            padding-top: 12px;
            padding-bottom: 12px;
        }
        /********** mycopy buybox specific **********/
        .buybox.mycopy__buybox .buybox__section:first-child {
            width: 69%;
            padding-left: 12px ;
        }
        .buybox.mycopy__buybox .buybox__section:last-child {
            width: 29%;
        }
        /********** chapter buybox specific **********/
        .buybox.chapter__buybox .buybox__body {
            display: flex;
            align-items: stretch;
            padding-left: 12px;
            padding-top: 12px;
        }
        .buybox.chapter__buybox .buybox__section .buybox__meta {
            display: flex;
            align-items: center;
            height: 100%;
            border-top: 0;
            padding-top: 0;
        }
        /******/
    }
    /*-----------------------------------------------------------------*/
    @media screen and (max-width: 459px) {
        /********** mycopy buybox specific **********/
        .buybox.mycopy__buybox .buybox__body {
            padding-bottom: 5px;
        }
        .buybox.mycopy__buybox .buybox__section:last-child {
            text-align: center;
            width: 100%;
        }
        .buybox.mycopy__buybox .buybox__buttons {
            display: inline-block;
            width: 150px ;
        }
        /******/
    }
    /*-----------------------------------------------------------------*/
</style>

<div class="buybox chapter__buybox" data-webtrekkTrackId="196033507532344" data-webtrekkContentId="SL-chapter">
    <div class="buybox__header">
        <span class="buybox__login">Log in to check access</span>
    </div>
    <div class="buybox__body">
        <div class="buybox__section">
            <div class="buybox__buttons">
            
                <div class="buybox__buy-ebook">
                    <a
                        data-product-id="978-3-642-33704-8_Computer Network Security"
                        data-tracking-category="ebook"
                        data-eCommerceParam_11="chapter-page"
                        href="https://checkout.springer.com/checkout/add?wt_mc=ThirdParty.SpringerLink.3.EPR653.AbstractPage_EBook-new&isbn=978-3-642-33704-8"
                        class="buybox__buy-button c-button c-button--blue"
                        data-gtm="buybox__buy-button-ebook">
                        <span class="buybox__buy" data-gtm="buybox__buy-button">Buy eBook</span>
                    </a>
                    <div class="buybox__price" data-gtm="buybox__buy-button">
                        EUR&nbsp;44.02
                    </div>
                </div>
            
            
                <form class="buybox__form" action="https://checkout.springer.com/checkout/add?wt_mc=ThirdParty.SpringerLink.3.EPR653.AbstractPage_Chapter-new" method="POST">
                    
                        <input type="hidden" name="type" value="chapter"/>
                    
                        <input type="hidden" name="doi" value="10.1007/978-3-642-33704-8_6"/>
                    
                        <input type="hidden" name="isxn" value="978-3-642-33704-8"/>
                    
                        <input type="hidden" name="contenttitle" value="A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols"/>
                    
                        <input type="hidden" name="copyrightyear" value="2012"/>
                    
                        <input type="hidden" name="year" value=""/>
                    
                        <input type="hidden" name="authors" value="Joe-Kai Tsay, Stig F. Mjølsnes"/>
                    
                        <input type="hidden" name="title" value="Computer Network Security"/>
                    
                        <input type="hidden" name="mac" value="3e04fa376cafc52493f69126ba5d806a"/>
                    
                        <input type="hidden" name="returnurl" value="https://link.springer.com/chapter/10.1007/978-3-642-33704-8_6"/>
                    
                    <button
                    data-product-id="10.1007/978-3-642-33704-8_6_A Vulnerability in the UMTS and LT"
                    data-tracking-category="ppv"
                    data-eCommerceParam_11="chapter-page"
                    type="submit"
                    class="buybox__buy-button c-button c-button--blue"
                    data-gtm="buybox__buy-button">
                        <span class="buybox__buy" data-gtm="buybox__buy-button">Buy paper (PDF)</span>
                    </button>
                    <div class="buybox__price" data-gtm="buybox__buy-button">
                        EUR&nbsp;29.94
                    </div>
                </form>
            </div>
        </div>
        
        
        <div class="buybox__section">
            <div class="buybox__meta">
                <ul class="buybox__list">
                    <li>Instant download</li>
                    <li>Readable on all devices</li>
                    <li>Own it forever</li>
                    <li>Local sales tax included if applicable</li>
                </ul>
            </div>
        </div>
        
    </div>
    <div class="buybox__footer">
        <a class="js-buybox__inst-sub-link" data-gtm="buybox__inst-sub-link" href="http://www.springer.com/gp/shop/subscriptions?wt_mc=ThirdParty.SpringerLink.3.EPR653.ChapterPage_Institutional-customers">
            Learn about institutional subscriptions</a>
    </div>

    


    <div class="buybox__footer">
        <a class="js-buybox__inst-sub-link"
           href="http://www.springer.com/gp/shop/springer-book-archives-sale?wt_mc=Banner.SLBanner.3.EPR868.textlink_buybox_sl_sba17e&utm_medium=display_internal&utm_source=springerlink&utm_campaign=3_dres03_sl_sba17e&utm_content=textlink_buybox_en&countryChanged=true"
           onmousedown="wt.sendinfo({linkId: 'SL-buybox-campaign'});">Limited offer: All Springer Archive eBooks 9.99 each!</a>
    </div>


</div>

<script>
(function () {
    var forEach = function (array, callback, scope) {
        for (var i = 0; i < array.length; i++) {
            callback.call(scope, i, array[i]);
        }
    };

    var trackDomain = 'springergmbh01.webtrekk.net';
    var domain = 'link.springer.com';
    var loadEventSent = false;

    var buyboxRoot = document.getElementsByClassName('buybox')[0];
    var webtrekkTrackId = buyboxRoot.getAttribute('data-webtrekkTrackId');
    var webtrekkContentId = buyboxRoot.getAttribute('data-webtrekkContentId');

    function SubscriptionTrack(webtrekkTrackId) {
        if (!webtrekkTrackId) return;

        var data = {
            trackDomain: trackDomain,
            trackId: webtrekkTrackId,
            domain: domain,
            contentId: 'springer_com.buybox',
            customSessionParameter: {
                2: getBusinessPartnerIds()
            }
        };

        if (!window.webtrekkV3 && console) {
            console.log('No webtrekk found.', data);
            return;
        }

        return new webtrekkV3(data);
    }

    function Track(product, webtrekkTrackId, eCommerceParam_11, action) {
        if (!product) return;

        var data = {
            trackDomain: trackDomain,
            trackId: webtrekkTrackId,
            domain: domain,
            contentId: webtrekkContentId,
            product: product.id,
            productStatus: action,
            productCategory: {
                1: product.trackingCategory
            },
            customEcommerceParameter: {
                9: domain,
                11: eCommerceParam_11
            },
            customSessionParameter: {
                2: getBusinessPartnerIds()
            }
        };

        if (!window.webtrekkV3 && console) {
            console.log('No webtrekk found.', data);
            return;
        }

        return new webtrekkV3(data);
    }

    function trackAddToCart(trackingConfig) {
        if (!trackingConfig) return;
        trackingConfig.sendinfo();
    }

    function trackOnLoad(trackingConfig) {
        if (loadEventSent) return;
        loadEventSent = true;
        if (!trackingConfig) return;
        trackingConfig.sendinfo();
    }

    function trackSubscription(trackingConfig) {
        if (!trackingConfig) return;
        trackingConfig.sendinfo({linkId: 'inst. subscription info'});
    }

    function getBusinessPartnerIds() {
        var businessPartnerIDs = [];
        try {
            var ids = window.dataLayer[0]["user"]["license"]["businessPartnerID"];
            if(ids && ids.length) businessPartnerIDs = ids;
        } catch(e) {}
        return businessPartnerIDs.join(";");
    }

    var bindClickLinkHandle = function (link) {
        if (!link) return;

        link.addEventListener('click', function (event) {
            trackSubscription(SubscriptionTrack(webtrekkTrackId));
        });
    };

    var bindLoadButtonHandle = function (button) {
        if (!button) return;

        var productId = button.getAttribute('data-product-id');
        var trackingCategory = button.getAttribute('data-tracking-category');
        var eCommerceParam_11 = button.getAttribute('data-eCommerceParam_11');

        window.addEventListener('load', function (event) {
            trackOnLoad(Track({
                id: productId,
                trackingCategory: trackingCategory
            }, webtrekkTrackId, eCommerceParam_11, 'view'));
        });
    };

    var bindClickButtonHandle = function (button) {
        if (!button) return;

        var productId = button.getAttribute('data-product-id');
        var trackingCategory = button.getAttribute('data-tracking-category');
        var eCommerceParam_11 = button.getAttribute('data-eCommerceParam_11');

        button.addEventListener('click', function (event) {
            trackAddToCart(Track({
                id: productId,
                trackingCategory: trackingCategory
            }, webtrekkTrackId, eCommerceParam_11, 'add'));
        });
    };

    var buyButtons = document.getElementsByClassName('buybox__buy-button');
    forEach(buyButtons, function (index, button) {
        bindLoadButtonHandle(button);
        bindClickButtonHandle(button);
    });

    var sublinks = document.getElementsByClassName('js-buybox__inst-sub-link');
    forEach(sublinks, function (index, link) {
        bindClickLinkHandle(link);
    });
})();
</script>

                                            </div>

                                        <div class="u-js-hide u-js-show-two-col">
                                            
        




                                            
<div class="citations" data-component="SV.Dropdown" data-namespace="citations">
    <h3 class="u-h4" data-role="button-dropdown__title">
        Export citation
    </h3>
    <ul class="citations__content" data-role="button-dropdown__content">
            <li>
                <a href="//citation-needed.springer.com/v2/references/10.1007/978-3-642-33704-8_6?format&#x3D;refman&amp;flavour&#x3D;citation"
                   title="Download this paper&#39;s citation as a .RIS file" class="gtm-export-citation" data-gtmlabel="RIS">
                    <span class="citations__extension" data-gtmlabel="RIS">
                        <svg class="u-vertical-align-absolute" width="12" height="14" viewBox="0 0 12 14" xmlns="http://www.w3.org/2000/svg"><path d="M7 7.269v-6.271c0-.551-.448-.998-1-.998-.556 0-1 .447-1 .998v6.271l-1.5-1.547c-.375-.387-1.01-.397-1.401-.006l.016-.016c-.397.397-.391 1.025-.001 1.416l3.178 3.178c.392.392 1.024.391 1.415 0l3.178-3.178c.392-.392.391-1.025-.001-1.416l.016.016c-.397-.397-1.018-.388-1.401.006l-1.5 1.547zm-7 5.731c0-.552.456-1 1.002-1h9.995c.554 0 1.002.444 1.002 1 0 .552-.456 1-1.002 1h-9.995c-.554 0-1.002-.444-1.002-1z" fill="#0176C3"/></svg>
                        .RIS
                    </span>
                    <span class="citations__types">
                            <span>
                                Papers
                            </span>
                            <span>
                                Reference Manager
                            </span>
                            <span>
                                RefWorks
                            </span>
                            <span>
                                Zotero
                            </span>
                    </span>
                </a>
            </li>
            <li>
                <a href="//citation-needed.springer.com/v2/references/10.1007/978-3-642-33704-8_6?format&#x3D;endnote&amp;flavour&#x3D;citation"
                   title="Download this paper&#39;s citation as a .ENW file" class="gtm-export-citation" data-gtmlabel="ENW">
                    <span class="citations__extension" data-gtmlabel="ENW">
                        <svg class="u-vertical-align-absolute" width="12" height="14" viewBox="0 0 12 14" xmlns="http://www.w3.org/2000/svg"><path d="M7 7.269v-6.271c0-.551-.448-.998-1-.998-.556 0-1 .447-1 .998v6.271l-1.5-1.547c-.375-.387-1.01-.397-1.401-.006l.016-.016c-.397.397-.391 1.025-.001 1.416l3.178 3.178c.392.392 1.024.391 1.415 0l3.178-3.178c.392-.392.391-1.025-.001-1.416l.016.016c-.397-.397-1.018-.388-1.401.006l-1.5 1.547zm-7 5.731c0-.552.456-1 1.002-1h9.995c.554 0 1.002.444 1.002 1 0 .552-.456 1-1.002 1h-9.995c-.554 0-1.002-.444-1.002-1z" fill="#0176C3"/></svg>
                        .ENW
                    </span>
                    <span class="citations__types">
                            <span>
                                EndNote
                            </span>
                    </span>
                </a>
            </li>
            <li>
                <a href="//citation-needed.springer.com/v2/references/10.1007/978-3-642-33704-8_6?format&#x3D;bibtex&amp;flavour&#x3D;citation"
                   title="Download this paper&#39;s citation as a .BIB file" class="gtm-export-citation" data-gtmlabel="BIB">
                    <span class="citations__extension" data-gtmlabel="BIB">
                        <svg class="u-vertical-align-absolute" width="12" height="14" viewBox="0 0 12 14" xmlns="http://www.w3.org/2000/svg"><path d="M7 7.269v-6.271c0-.551-.448-.998-1-.998-.556 0-1 .447-1 .998v6.271l-1.5-1.547c-.375-.387-1.01-.397-1.401-.006l.016-.016c-.397.397-.391 1.025-.001 1.416l3.178 3.178c.392.392 1.024.391 1.415 0l3.178-3.178c.392-.392.391-1.025-.001-1.416l.016.016c-.397-.397-1.018-.388-1.401.006l-1.5 1.547zm-7 5.731c0-.552.456-1 1.002-1h9.995c.554 0 1.002.444 1.002 1 0 .552-.456 1-1.002 1h-9.995c-.554 0-1.002-.444-1.002-1z" fill="#0176C3"/></svg>
                        .BIB
                    </span>
                    <span class="citations__types">
                            <span>
                                BibTeX
                            </span>
                            <span>
                                JabRef
                            </span>
                            <span>
                                Mendeley
                            </span>
                    </span>
                </a>
            </li>
    </ul>
</div>
                                            <div class="share-this" data-component="SV.Dropdown" data-namespace="shareThis">
    <h3 class="u-h4" data-role="button-dropdown__title">
        Share paper
    </h3>
    <ul class="share-this__content" data-role="button-dropdown__content">
        <li>
            <a class="test-shareby-email-link gtm-shareby-email-link" href="mailto:?to&#x3D;&amp;subject&#x3D;Read%20this%20paper%20on%20SpringerLink&amp;body&#x3D;A%20Vulnerability%20in%20the%20UMTS%20and%20LTE%20Authentication%20and%20Key%20Agreement%20Protocols%0A%0Ahttps%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-33704-8_6" title="Share this paper via email">
                <span class="share-this__types">
                    <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path fill-opacity="0" fill="#fff" d="M0 0h24v24h-24z"/><g transform="translate(3 5)"><rect fill="#F9F9F9" width="18" height="14" rx="2"/><path d="M1 2.006v9.988c0 .557.446 1.006.995 1.006h14.01c.549 0 .995-.449.995-1.006v-9.988c0-.557-.446-1.006-.995-1.006h-14.01c-.549 0-.995.449-.995 1.006zm-1 0c0-1.108.893-2.006 1.995-2.006h14.01c1.102 0 1.995.897 1.995 2.006v9.988c0 1.108-.893 2.006-1.995 2.006h-14.01c-1.102 0-1.995-.897-1.995-2.006v-9.988zM9 9l7-4v-1.443l-7 4-7-4v1.443z" fill="#666"/></g></g></svg>
                    <span>Email</span>
                </span>
            </a>
        </li>
        <li>
            <a class="test-shareby-facebook-link gtm-shareby-facebook-link" href="https://www.facebook.com/sharer/sharer.php?u&#x3D;https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-33704-8_6" target="_blank" rel="noopener noreferrer" title="Share this paper via Facebook">
                <span class="share-this__types">
                    <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path fill-opacity="0" fill="#fff" d="M0 0h24v24h-24z"/><path d="M12.717 19.091h-2.66v-6.274h-1.329v-2.162h1.329v-1.298c0-1.763.75-2.813 2.883-2.813h1.775v2.162h-1.11c-.83 0-.885.302-.885.866l-.004 1.082h2.011l-.235 2.162h-1.775v6.274z" fill="#666"/></g></svg>
                    <span>Facebook</span>
                </span>
            </a>
        </li>
        <li>
            <a class="test-shareby-twitter-link gtm-shareby-twitter-link" href="https://twitter.com/intent/tweet?text&#x3D;I%27m%20reading%20this%20on%20%23springerlink&amp;url&#x3D;https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-33704-8_6" target="_blank" rel="noopener noreferrer" title="Share this paper via Twitter">
                <span class="share-this__types">
                    <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path fill-opacity="0" fill="#fff" d="M0 0h24v24h-24z"/><path d="M16.651 9.189c.485-.306.858-.792 1.033-1.371-.454.284-.957.49-1.493.601-.428-.482-1.039-.783-1.715-.783-1.298 0-2.349 1.11-2.349 2.478 0 .194.019.384.06.564-1.952-.104-3.684-1.089-4.843-2.59-.202.367-.318.793-.318 1.247 0 .859.415 1.618 1.045 2.063-.385-.013-.748-.126-1.065-.31v.03c0 1.201.809 2.203 1.886 2.43-.198.058-.405.087-.62.087-.151 0-.299-.015-.442-.044.299.984 1.166 1.702 2.195 1.721-.805.665-1.818 1.061-2.919 1.061-.19 0-.377-.011-.561-.034 1.04.703 2.275 1.113 3.602 1.113 4.323 0 6.686-3.777 6.686-7.052l-.006-.321c.459-.35.859-.786 1.173-1.283-.422.197-.875.33-1.349.39z" fill="#666"/></g></svg>
                    <span>Twitter</span>
                </span>
            </a>
        </li>
        <li>
            <a class="test-shareby-linkedin-link gtm-shareby-linkedin-link" href="https://www.linkedin.com/shareArticle?mini&#x3D;true&amp;url&#x3D;https%3A%2F%2Flink.springer.com%2Fchapter%2F10.1007%2F978-3-642-33704-8_6&amp;title&#x3D;A Vulnerability in the UMTS and LTE Authentication and Key Agreement Protocols&amp;summary&#x3D;We report on a deficiency in the specifications of the Authentication and Key Agreement (AKA) protocols of the Universal Mobile Telecommunications System (UMTS) and Long-Term Evolution (LTE) as well as the specification of the GSM Subscriber Identit…" target="_blank" rel="noopener noreferrer" title="Share this paper via LinkedIn">
                <span class="share-this__types">
                    <svg width="24" height="24" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path fill-opacity="0" fill="#fff" d="M0 0h24v24h-24z"/><path d="M6.821 10.044h2.126v7.41h-2.126v-7.41zm1.009-.927h-.015c-.77 0-1.269-.566-1.269-1.284 0-.732.514-1.287 1.299-1.287.784 0 1.267.554 1.282 1.285 0 .717-.498 1.286-1.297 1.286zm9.625 8.338h-2.411v-3.835c0-1.004-.377-1.688-1.206-1.688-.634 0-.987.462-1.151.908-.062.159-.052.382-.052.606v4.01h-2.389s.031-6.794 0-7.411h2.389v1.163c.141-.509.904-1.234 2.122-1.234 1.511 0 2.698 1.067 2.698 3.361v4.121z" fill="#666"/></g></svg>
                    <span>LinkedIn</span>
                </span>
            </a>
        </li>
    </ul>
</div>

                                        </div>
                                    </div>
                                    

                                </div>
                                        <div class="skyscraper-ad u-hide" data-component="SpringerLink.GoogleAds"></div>

                            </div>
                        </aside>
                    </div>
                </article>
            </main>

            <section class="banner banner--cookies-policy u-js-hide" data-component="SpringerLink.CookiePolicy">
    <div class="banner__content u-interface">
        <h2 class="u-screenreader-only">Cookies</h2>
        <span class="banner__cookie-text">We use cookies to improve your experience with our site.</span>
        <a class="banner__link banner__link--cookie" href="/termsandconditions#cookies">More information</a>

        <form class="banner__form" action="/acceptcookies" method="POST">
            <button class="u-link-like banner__right-ui">Accept</button>
        </form>
    </div>
</section>

                <footer class="footer u-interface">
        <div class="footer__aside-wrapper">
            <div class="footer__content">
                <div class="footer__aside">
    <p class="footer__strapline">Over 10 million scientific documents at your fingertips</p>
                <div class="footer__edition" data-component="SpringerLink.EditionSwitcher">
                    <h3 class="u-hide" data-role="button-dropdown__title" data-btn-text="Switch between Academic &#38; Corporate Edition">Switch Edition</h3>
                    <ul data-role="button-dropdown__content">
                        <li class="selected"><a href="/siteEdition/link" id="siteedition-academic-link">Academic Edition</a></li>
                        <li><a href="/siteEdition/rd" id="siteedition-corporate-link">Corporate Edition</a></li>
                    </ul>
                </div>
</div>
            </div>
        </div>
        <div class="footer__content">
            <ul class="footer__nav">
    <li>
        <a href="/">Home</a>
    </li>
    <li>
        <a href="/impressum">Impressum</a>
    </li>
    <li>
        <a href="/termsandconditions">Legal Information</a>
    </li>
    <li>
        <a href="/accessibility" class="gtm-footer-accessibility">Accessibility</a>
    </li>
    <li>
        <a id="contactus-footer-link" href="/contactus">Contact Us</a>
    </li>
</ul>
            <a class="parent-logo"
   target="_blank" rel="noreferrer noopener"
   href="//www.springernature.com"
   title="Go to Springer Nature">
    <span class="u-screenreader-only">Springer Nature</span>
    <svg width="125" height="12">
        <image width="125" height="12" alt="Springer Nature logo"
               src="/springerlink-static/1943367513/images/png/springernature.png"
               xmlns:xlink="http://www.w3.org/1999/xlink"
               xlink:href="/springerlink-static/1943367513/images/svg/springernature.svg">
        </image>
    </svg>
</a>

<p class="footer__copyright">&copy; 2017 Springer International Publishing AG. Part of <a target="_blank" rel="noreferrer noopener" href="//www.springernature.com">Springer Nature</a>.</p>

    <p class="footer__user-access-info">
        <span>Not logged in</span>
        <span>Not affiliated</span>
        <span>89.235.251.245</span>
    </p>

        </div>
    </footer>

        </div>
        
<script type="text/javascript">
    (function() {
        var linkEl = document.querySelector('.js-ctm');
        if (window.matchMedia && window.matchMedia(linkEl.media)) {
            (function(h){h.className = h.className.replace('no-js', 'js')})(document.documentElement);
            window.SpringerLink = window.SpringerLink || {};
            window.SpringerLink.staticLocation = '/springerlink-static/1943367513';
            var scriptJquery = document.createElement('script');
            var scriptMain = document.createElement('script');
            scriptJquery.async = false;
            scriptJquery.src = window.SpringerLink.staticLocation + '/js/jquery-3.2.1.min.js';
            scriptMain.async = false;
            scriptMain.src =  window.SpringerLink.staticLocation + '/js/main.js';
            document.body.appendChild(scriptJquery);
            document.body.appendChild(scriptMain);
        }
    })();
</script>

<script type="text/javascript">
    window.onload = function() {
    var linkEl = document.querySelector('.js-ctm');


        function reportForMouseEvent(linkCssSelector, nolardUrl, experiment, abgroup) {
            $('body').delegate(linkCssSelector, 'click', function() {
                reportConversion(nolardUrl, experiment, abgroup);
            });
        }

        function reportParticipation(nolardUrl, experiment, abgroup) {
            $.ajax({ url: nolardUrl + '/participate/' + experiment + '/' + abgroup });
        }

        function reportConversion(nolardUrl, experiment, abgroup) {
            $.ajax({ url: nolardUrl + '/convert/' + experiment + '/' + abgroup });
        }
    };
</script>
<script class="kxct" data-id="KDqyaFZ_" data-timing="async" data-version="3.0" type="text/javascript">
 window.Krux||((Krux=function(){Krux.q.push(arguments)}).q=[]);
 (function(){
   var k=document.createElement('script');k.type='text/javascript';k.async=true;
   k.src=(location.protocol==='https:'?'https:':'http:')+'//cdn.krxd.net/controltag/KDqyaFZ_.js';
   var s=document.getElementsByTagName('script')[0];s.parentNode.insertBefore(k,s);
 }());
</script>

<script>
    window.Krux||((Krux=function(){Krux.q.push(arguments);}).q=[]);
    (function(){
        function retrieve(n){
            var m, k='kx'+n;
            if (window.localStorage) {
                return window.localStorage[k] || "";
            } else if (navigator.cookieEnabled) {
                m = document.cookie.match(k+'=([^;]*)');
                return (m && unescape(m[1])) || "";
            } else {
                return '';
            }
        }
        Krux.user = retrieve('user');
        Krux.segments = retrieve('segs') && retrieve('segs').split(',') || [];
    })();
</script>

    <script type="text/javascript">
        var googletag = googletag || {};
        googletag.cmd = googletag.cmd || [];
        (function() {
            var gads = document.createElement('script');
            gads.async = true;
            gads.type = 'text/javascript';
            var useSSL = 'https:' == document.location.protocol;
            gads.src = (useSSL ? 'https:' : 'http:') +
                    '//www.googletagservices.com/tag/js/gpt.js';
            var node = document.getElementsByTagName('script')[0];
            node.parentNode.insertBefore(gads, node);
        })();
    </script>
    <script type="text/javascript" id="googletag-push">
    
    var adSlot = '6313/casper/journal/article'
    
        googletag.cmd.push(function() {
                googletag.defineSlot(adSlot, [728, 90], 'doubleclick-leaderboard-ad').addService(googletag.pubads());
                googletag.defineSlot(adSlot, [160, 600], 'doubleclick-ad').addService(googletag.pubads());
                googletag.pubads().setTargeting("doi","10.1007-978-3-642-33704-8_6");
                googletag.pubads().setTargeting("kwrd",["Applied_Cryptography","Vulnerability_Assessment","Security_Protocols","Authentication","Mobile_Network_Security","LTE","UMTS"]);
                googletag.pubads().setTargeting("pmc",["I","I14050","I13022","I24040","I15033","I14045","I13057"]);
                googletag.pubads().setTargeting("BPID",["1"]);
                googletag.pubads().setTargeting("ksg",Krux.segments);
                googletag.pubads().setTargeting("kuid",Krux.uid);
                googletag.pubads().setTargeting("eisbn","978-3-642-33704-8");
                googletag.pubads().setTargeting("eissn","1611-3349");
                googletag.pubads().setTargeting("pisbn","978-3-642-33703-1");
                googletag.pubads().setTargeting("pissn","0302-9743");
                googletag.pubads().setTargeting("sucode","SUCO11645");
            googletag.pubads().enableSingleRequest();
            googletag.pubads().enableAsyncRendering();
            googletag.enableServices();
        });
    </script>

        
        <span id="chat-widget" class="u-hide"></span>
        
    </body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/link.springer.com/robots.txt version [9075eadb00].



























































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
User-agent: *
Allow: /$
Allow: /?$
Allow: /journal/
Allow: /article/
Allow: /book/
Allow: /bookseries/
Allow: /chapter/
Allow: /referencework/
Allow: /referenceworkentry/
Allow: /protocol/
Allow: /content/
Allow: /conference/
Allow: /search?facet-content-type=%22*%22$
Allow: /search/page/*?facet-content-type=%22*%22$
Allow: /static/
Allow: /springerlink-static/
Allow: /sitemap*
Allow: /openurl*
Allow: /10*
Allow: /978*
Disallow: /
Disallow: /article/*view=classic
Disallow: /article/*/fulltext.html
Disallow: /book/*view=classic
Disallow: /*/*view=modern

Host: link.springer.com
Sitemap: http://link.springer.com/sitemap-index.xml

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/medihal.archives-ouvertes.fr/robots.txt version [d1deb94cab].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# HAL robots.txt
# If you want to download lots of metadata, please use our API at https://api.archives-ouvertes.fr/
# The API is far more efficient for metadata harvesting.
# To learn more, please contact hal.support@ccsd.cnrs.fr
User-Agent: *
Disallow: /RePEc/
Disallow: /search/
Disallow: /*/search/
Disallow: /*/browse/last
Disallow: /browse/last
Disallow: /*/browse/latest-publications
Disallow: /browse/latest-publications
Disallow: */tei
Disallow: */rdf
Disallow: */bibtex
Disallow: */dc
Disallow: */endnote
Disallow: */json
Disallow: /ping
Disallow: /login
Disallow: /submit
Disallow: /user
Disallow: /error
# Sitemap
Sitemap: https://medihal.archives-ouvertes.fr/robots/sitemap

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/oldwww.acm.org/robots.txt version [73eb65a78c].







>
>
>
1
2
3
# ACM Robots file
User-agent: *
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/page-one.live.cf.public.springer.com/robots.txt version [3da1bbd263].









>
>
>
>
1
2
3
4
User-agent: *
Disallow: /

Host: page-one.live.cf.public.springer.com

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/pages.lip6.fr/robots.txt version [c3cabf25e6].





>
>
1
2
User-agent: *

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/pagesperso-orange.fr/robots.txt.html version [365b03c107].











































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
	<head>
		<title>Orange</title>
		<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<!-- / Inclusions Styles Orange -->

	<link rel="stylesheet" href="C/autosearch.css" type="text/css">
	<link rel="stylesheet" href="C/completion.css" type="text/css">
<!-- patch IE completion -->
<style type="text/css" media="all">

    .keWebNoResultAutoCompleteCompletionBox {
        _left: 0px;
    }

</style>
<!--                     -->
<script language="JavaScript" src="http://img.ke.woopic.com/J/common/cartouche.js"></script>
<script language="JavaScript" src="http://img.ke.woopic.com/J/common/completion.js"></script>
<script type="text/javascript">
    var o_confCommon = {
                        centeredPage : true,
                        headerDisplay : true,
                        searchZone : false,
                        genericHeaderZone : false,
                        noBtnSearch : true,
                        label: "",
                        queryUrl : "http://lemoteur.orange.fr",
                        queryParamName : "kw",
                        queryAdditionalParams : "module=orange&bhv=web_fr",
                        persoZone : false
                       };
</script>

<script>
	
	// Declare the auto completer var
	autoCompleterNoResult = null;
	
	// Define the completion build function
	function makeCompletionNoResult(hostCompletion)
	{
		if (typeof hostCompletion == "undefined")
			return;
		
		var completionConfig = {
            enable: true,
            gstat: "O_LR_Completion_Web"
        };

		completionConfig.url = hostCompletion + "/proxy/cmplsearchbox";
		completionConfig.useHistory = false;
		completionConfig.blocks = [{
			"baseId": -1
		}];
		
		if (typeof autoCompleterNoResult == "undefined" || autoCompleterNoResult == null)
			autoCompleterNoResult = new orangesearch.completion.Component();
		
		if (!autoCompleterNoResult.isStarted())
		{
			completionConfig.field = document.getElementById("kw");
			completionConfig.queryParamName = "kw";
			completionConfig.additionalParams = "dtd=2.0";
			completionConfig.cssPrefix = "keWebNoResult";
			completionConfig.maxNbSuggestions = 10;
			completionConfig.maxNbChar = 39;
			completionConfig.clearAccents = true;
			completionConfig.isFormSubmit = true;
			completionConfig.closeLink = false;
			completionConfig.plugins = ["CookieHistory"];
			completionConfig.nameOfInstanceForJsonP = "autoCompleterNoResult";
			
			autoCompleterNoResult.setProperties(completionConfig);
			autoCompleterNoResult.start();
		}
		else
		{
			autoCompleterNoResult.restart(completionConfig);
		}
		
		if (typeof debugCompletionPetale != "undefined" && debugCompletionPetale === true)
			autoCompleterNoResult.setDebugMode(true);
	}
	
</script>
<script type="text/javascript" src="//c.woopic.com/libs/common/o_load.js"></script>
<script language="JavaScript" src="http://c.orange.fr/Js/common.js"></script>
<script type="text/javascript">
    head.ready( function() {
                            o_setSearchValue("");
                           });
</script>
<SCRIPT LANGUAGE="JavaScript" type="text/javascript" >
   var cartoucheStat = 1; // 1 : 1 champs web,image,actu. 2 : 1 champs shopping. 3 : 3 champs enville
</SCRIPT>
<script type="text/javascript">
function initialisations()
{
    document.forms['web_fr'].kw.focus();
}
</script>
	</head>
	<body onload="initialisations()">

		<br/>
		<!-- Bloc de texte + moteur de recherche //// MAJ: pas de bloc de recherche -->
		<div class="boite4">
      <div class="bbody">

      <div class="boite1Header"><img src="http://img.ke.orange.fr/I/orange/logo_info.jpg" alt="!"><h3>Page introuvable</h3></div>
		<p> Vous venez d'&ecirc;tre redirig&eacute; vers une page d'erreur.<br>
		  <b>L'adresse URL</b> que vous avez saisie ou <b>le lien</b> que vous avez cliqu&eacute; <b>sont erron&eacute;s</b>. </p>
		<p>Vous pouvez poursuivre votre navigation en lan&ccedil;ant une nouvelle recherche: </p>
		<form action="http://lemoteur.orange.fr" autocomplete="off" method="get" target="_top" name="web_fr" id="web_fr" onSubmit="return submitFormCartoucheWeb();">
            <input name="module" id="module" value="orange" type="hidden">
            <input name="bhv" id="bhv" value="web_fr" type="hidden">
            <input tabindex="1" maxlength="100" class="searchFormTxtAutoS" id="kw" name="kw" value="" accesskey="0" type="text">&nbsp;
            <input tabindex="2" name="submit" class="bt_sub" src="http://img.ke.orange.fr/I/orange/btn_rechercher.gif" align="absmiddle" type="image">
        </form>
      </div>
      <div class="bb">
        <div class="bb1"><div></div></div>
        <div class="bb2"><div>&nbsp;</div></div>
      </div>
      <div class="bc1"><div>&nbsp;</div></div>
      <div class="bc2"><div>&nbsp;</div></div>
      <div class="bc3"><div>&nbsp;</div></div>
    </div>
		<!--bloc de texte + moteur de recherche -->

						<!-- les liens HOT-spots-->
						<div class="err_colSponsbox">
							<div class="err_desc">
								Vous pouvez &eacute;galement cliquer sur l'un des th&egrave;mes ci-dessous pour acc&eacute;der au moteur de recherche&nbsp;:
							</div>

							<table class="table_mots" width="780" cellpadding="0" cellspacing="0">
								<tr>
									<td width="20%">
										<div id="colSpons">
											<div class="heado">
												<div class="titleo">
													Voyages/Vacances
												</div>
											</div>
											<div class="content">
												<ul>
													<li>&gt;&nbsp;<a title="Rechercher Vol D&eacute;griff&eacute;" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=vol+degriffe&suggest=on&associated=on">Vol D&eacute;griff&eacute;</a></li>
													<li>&gt;&nbsp;<a title="Rechercher H&ocirc;tel" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=hotel&suggest=on&associated=on">H&ocirc;tel</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Vacances Famille" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=vacances+famille&suggest=on&associated=on">Vacances Famille</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Voiture de location" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=voiture+de+location&suggest=on&associated=on">Voiture de location</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Agences de voyages" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=agences+de+voyages&suggest=on&associated=on">Agences de voyages</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Week-end" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=week-end&suggest=on&associated=on">Week-end</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Location Vacances" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=location+vacances&suggest=on&associated=on">Location Vacances</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Croisi&egrave;re" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=croisiere&suggest=on&associated=on">Croisi&egrave;re</a></li>
												</ul>
											</div>

										</div>
									</td>
									<td width="20%">
										<div id="colSpons">
											<div class="heado">
												<div class="titleo">
													Finances
												</div>
											</div>
											<div class="content">
												<ul>
													<li>&gt;&nbsp;<a title="Rechercher Bourse" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=bourse&suggest=on&associated=on">Bourse</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Loi Robien" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=loi+robien&suggest=on&associated=on">Loi Robien</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Mutuelle" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=mutuelle&suggest=on&associated=on">Mutuelle</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Assurance Vie Multisupport" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=assurance+vie+multisupport&suggest=on&associated=on">Assurance Vie Multisupport</a></li>
													<li>&gt;&nbsp;<a title="Rechercher &Eacute;pargne" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=epargne&suggest=on&associated=on">&Eacute;pargne</a></li>
													<li>&gt;&nbsp;<a title="Rechercher D&eacute;fiscalisation" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=defiscalisation&suggest=on&associated=on">D&eacute;fiscalisation</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Placement" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=placement&suggest=on&associated=on">Placement</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Rachat Cr&eacute;dit" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=rachat+credit&suggest=on&associated=on">Rachat Cr&eacute;dit</a></li>
												</ul>
											</div>
										</div>
									</td>
									<td width="20%">
										<div id="colSpons">
											<div class="heado">
												<div class="titleo">
													Sant&eacute;
												</div>
											</div>
											<div class="content">
												<ul>
													<li>&gt;&nbsp;<a title="Rechercher Cheveux" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=cheveux&suggest=on&associated=on">Cheveux</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Produit Minceur" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=produit+minceur&suggest=on&associated=on">Produit Minceur</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Spa" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=spa&suggest=on&associated=on">Spa</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Mincir" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=mincir&suggest=on&associated=on">Mincir</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Thalasso" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=thalasso&suggest=on&associated=on">Thalasso</a></li>
													<li>&gt;&nbsp;<a title="Rechercher &Eacute;pilation" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=epilation&suggest=on&associated=on">&Eacute;pilation</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Parfum" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=parfum&suggest=on&associated=on">Parfum</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Produit Bio" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=produit+bio&suggest=on&associated=on">Produit Bio</a></li>
												</ul>
											</div>
										</div>
									</td>
									<td width="20%">
										<div id="colSpons">
											<div class="heado">
												<div class="titleo">
													Shopping
												</div>
											</div>
											<div class="content">
												<ul>
													<li>&gt;&nbsp;<a title="Rechercher Pc Portable" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=pc+portable&suggest=on&associated=on">Pc Portable</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Id&eacute;e Cadeau" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=idee+cadeau&suggest=on&associated=on">Id&eacute;e Cadeau</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Acheter Livre" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=acheter+livre&suggest=on&associated=on">Acheter Livre</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Dvd Vierge" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=dvd+vierge&suggest=on&associated=on">Dvd Vierge</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Cartouche encre imprimante" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=cartouche+encre+imprimante&suggest=on&associated=on">Cartouche encre imprimante</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Course domicile" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=course+domicile&suggest=on&associated=on">Course domicile</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Bijoux Fantaisie" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=bijoux+fantaisie&suggest=on&associated=on">Bijoux Fantaisie</a></li>
													<li>&gt;&nbsp;<a title="Rechercher V&ecirc;tement Femme" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=vetement+femme&suggest=on&associated=on">V&ecirc;tement Femme</a></li>
												</ul>
											</div>
										</div>
									</td>
									<td width="20%">
										<div id="colSpons">
											<div class="heado">
												<div class="titleo">
													Pratique
												</div>
											</div>
											<div class="content">
												<ul>
													<li>&gt;&nbsp;<a title="Rechercher Immobilier" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=immobilier&suggest=on&associated=on">Immobilier</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Rencontre" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=rencontre&suggest=on&associated=on">Rencontre</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Apprendre Anglais" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=apprendre+anglais&suggest=on&associated=on">Apprendre Anglais</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Voyance" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=voyance&suggest=on&associated=on">Voyance</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Deacute;pannage Informatique" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=depannage+informatique&suggest=on&associated=on">D&eacute;pannage Informatique</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Voix sur IP" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=voix+sur+ip&suggest=on&associated=on">Voix sur IP</a></li>
													<li>&gt;&nbsp;<a title="Rechercher D&eacute;m&eacute;nagement" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=demenagement&suggest=on&associated=on">D&eacute;m&eacute;nagement</a></li>
													<li>&gt;&nbsp;<a title="Rechercher Plombier" target="_top" href="http://lemoteur.orange.fr/?module=orange&bhv=web_fr&kw=plombier&suggest=on&associated=on">Plombier</a></li>
												</ul>
											</div>
										</div>
									</td>
								</tr>
							</table>
							<br/>
							<br/>
						</div>
						<!-- fin des liens hot-spots -->


		<br/>

<script type="text/javascript">
//<![CDATA[
//<!--
	o_audience();
//-->
	//]]>
</script>
<div class="footerGeneralContainer" id="div_footer"></div>
<script type="text/javascript">
    head.ready( function() {
                            o_footer('','div_footer');
                            makeCompletionNoResult('http://completion.ke.orange.fr');
                           });
</script>

	</body>
</html>



Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/piwik-hal.ccsd.cnrs.fr/robots.txt version [63657cbb7d].





>
>
1
2
User-agent: *
Disallow: /

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/plus.google.com/robots.txt version [bffd2fd049].



















































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
User-agent: *

Allow: /_/PlusAppUi/
Allow: /_/apps-static/
Allow: /_/blank
Allow: /_/data
Allow: /_/explore
Allow: /_/im/_widget/render/
Allow: /_/initialdata
Allow: /_/scs/
Allow: /_/setbrowserprefs
Allow: /_/socialgraph/lookup/hovercards
Allow: /_/stream
Allow: /_/widget/render/

Disallow: /_/
Disallow: /s/
Disallow: /app/basic/s/
Disallow: /up/accesssuspended
Disallow: /wm/

Sitemap: http://www.gstatic.com/s2/sitemaps/profiles-sitemap.xml
Sitemap: http://www.gstatic.com/communities/sitemap/communities-sitemap.xml
Sitemap: http://www.gstatic.com/collections/sitemap/collections-sitemap.xml
Sitemap: http://www.gstatic.com/s2/oz/content/topics-sitemap.txt

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/portal.mytum.de/robots.txt version [96ed98137c].















































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
User-agent: *
Disallow: /site_methods/
Disallow: /pruefungstermine/
Disallow: /workplace/
Disallow: /calendar/
Disallow: /foren/
Disallow: /mail/
Disallow: /webmail_beta
Disallow: /login_form
Disallow: /noten/
Disallow: /anmeldung/
Disallow: /lehre/
Disallow: /intern/
Disallow: /search_document_results
Disallow: /campus/roomfinder
Disallow: /displayRoomMap
Disallow: /termine/calendar_day_view
Disallow: /international/tumi/termine
Disallow: /international/interkulturelles/kalender
Disallow: /ccc/objekte/kalender_test
Disallow: /mytum/events_eit
Disallow: /iuk/cm/kalender
Disallow: /pruefungstermine
Disallow: /service/career_service/kalender
Disallow: /studium/kalender
Disallow: /gs/kalender
Disallow: /alumni/veranstaltungen/kalender
Disallow: /testfolder/
Disallow: /search_document_form
Disallow: /search_document_results
Disallow: /jobs/search_document_form
Disallow: /jobs/search_document_results
Disallow: /site_antispam/renderABCode
Disallow: */search_document_form
Disallow: */search_document_results
Disallow: http://www.mytum.de
Disallow: http://test.mytum.de
Disallow: http://sol.ze.tum.de/TUM_Portal/
Crawl-delay: 10

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/index.html version [c43f795f86].













































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<title>Prosecco</title>	
	
	<meta name="description" content="Prosecco is a research team at INRIA Paris-Rocquencourt that focuses on building and verifying programs that use cryptography."/>
	<meta name="keywords" content="INRIA, Prosecco, research, formal verification, security, formal methods, ProVerif, cryptographic protocol implementations, security APIs, type systems, symbolic verification, computational security, automated reasoning, general-purpose theorem provers, formal testing frameworks, run-time analysis, tools."/>	
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
	<meta http-equiv="Content-language" content="en"/>
	<meta name="author" content="Prosecco"/>

	<link href="http://prosecco.inria.fr/bibtexbrowser.css" rel="stylesheet" type="text/css" media="screen"/>
	<link href="http://prosecco.inria.fr/styles.css" rel="stylesheet" type="text/css" media="screen"/>
	<link href="http://prosecco.inria.fr/print.css" rel="stylesheet" type="text/css" media="print"/>
	<link href="http://prosecco.inria.fr/teqStyle.css" rel="stylesheet" type="text/css" media="screen"/>
	<link href="http://prosecco.inria.fr/talentlink.css" rel="stylesheet" type="text/css" media="screen"/>
	<link href="http://prosecco.inria.fr/slideshow.css" rel="stylesheet" type="text/css" media="screen"/>

</head>

<body>
	
<div id="top" style="font-size:0.5em;"><div class="overflow"><ul><li></li></ul></div></div>	

<div id="page">
	<div id="header">
		<div class="identite">
			<p class="logo">
				<a href="http://prosecco.inria.fr/"><img src="http://prosecco.inria.fr/images/prosecco-logo.png" alt="Equipe Prosecco"/></a>
			</p>
			
			<ul class="profils">							 
				<li><a href="http://www.inria.fr/"><img src="http://prosecco.inria.fr/images/logo_INRIA.png" alt="Inria"/></a></li>
			</ul>
		</div>
		
		<div id="menu" class="menu">						
			<div class="bar_nav">
				<ul id="navigation" class="nav">
					<li><a id="main_menu1" class="open_menu" href="/index.php">Home</a></li>
					<li><a id="main_menu2" class="open_menu" href="/people.php">People</a></li>
					<li><a id="main_menu3" class="open_menu" href="/publications.php">Publications</a></li>
					<li style="border-right:none;"><a id="main_menu4" class="open_menu" href="/events.php">Events</a></li>
				</ul>
			</div>
			<div class="bloc_menu"></div>
		</div>

		<div class="titre no_background ">
			<img src="http://prosecco.inria.fr/images/banner.jpg" alt=""/>
			<div style="color:#fff; font-size:1.3em; padding:2em 15px 0 15px; text-align:center; width:335px;">
			<p style="font-weight:bold;    text-transform:uppercase;">Prosecco</p>
			<p>INRIA, Paris, France</p>
			</div>
		</div>
		
		<p class="fil"></p>
	</div>
<div id="content" >
  <div id="center" class="right"> 
    <div class="bando">
      <div class="bloc">
        <h2>Prosecco</h2>
        <div class="vue libre">
          <div style="font-size: 15px;">
          Prosecco is a research team at <a href="https://www.inria.fr/en/centre/paris">INRIA Paris</a> that does formal and practical security research on cryptographic protocols, software security, web security, and hardware protection mechanisms. To this end, we design and implement programming languages, formal verification tools, dynamic monitors, testing frameworks, verified compilers, etc.

            <h3>Software Tools</h3>
            <div class="vue libre">
              <ul>
                <li style="margin-bottom: 0.5ex;"><a href="https://www.fstar-lang.org/">F*</a>: Verification system for ML programs</li>
                <li style="margin-bottom: 0.5ex;"><a href="http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/">CryptoVerif</a>: Cryptographic protocol verifier in the computational model</li>
                <li style="margin-bottom: 0.5ex;"><a href="http://prosecco.gforge.inria.fr/personal/bblanche/proverif/">ProVerif</a>: Cryptographic protocol verifier in the symbolic model</li>
                <li style="margin-bottom: 0.5ex;"><a href="http://www.mitls.org/">miTLS</a>: Verified reference implementation of TLS</li>
                <li style="margin-bottom: 0.5ex;"><a href="https://github.com/mitls/mitls-flex">FlexTLS</a>: Testing TLS Implementations</li>
                <li style="margin-bottom: 0.5ex;"><a href="http://www.defensivejs.com/">Defensive JavaScript</a>: Protect your scripts</li>
                <li style="margin-bottom: 0.5ex;"><a href="https://github.com/QuickChick">QuickChick</a>: Property-based testing for Coq</li>
                <li style="margin-bottom: 0.5ex;"><a href="http://prosecco.gforge.inria.fr/webspi">WebSpi</a>: Web security verifier</li>
                <li style="margin-bottom: 0.5ex;"><a href="http://tookan.gforge.inria.fr">Tookan</a>: Security API analyzer
                                                        (now <a href="https://cryptosense.com/">Cryptosense</a> startup)</li>
              </ul>
            </div>

            <h3>Recruitment</h3>

            <p>We are always on the lookout for excellent, highly motivated students and young researchers for research internships and PhD, PostDoc, Research Engineer, or Researcher positions. We have external funding for a couple of PhD and PostDoc positions we can fill over several years with significant flexibility and can also support strong candidates for Researcher positions funded and awarded competitively by Inria. The projects to which students and young researchers could currently contribute include:
               <ul>
                 <li style="margin-bottom: 1ex;"><a href="http://prosecco.gforge.inria.fr/personal/karthik/teaching/mpri-mitls.pdf">miTLS*: Attacking and Proving TLS 1.3 Implementations</a>
               (<a href="http://mitls.org/">website</a>;
                <a href="https://github.com/mitls">code</a>;
                <a href="http://www.mitls.org/wsgi/publications">papers</a>)</li>
                 <li style="margin-bottom: 1ex;"><a href="https://secure-compilation.github.io">SECOMP: Efficient Formally Secure Compilers to a Tagged Architecture</a>
               (<a href="http://prosecco.gforge.inria.fr/personal/hritcu/students/topics/2016/secomp-mpri.pdf">topics</a><!-- ; -->
                <!-- <a href="https://secure-compilation.github.io/#relevant-publications">papers</a> -->)
                 </li>
                 <li style="margin-bottom: 1ex;"><a href="https://www.fstar-lang.org/">F*: From Program Verification System to Proof Assistant</a>
               (<a href="http://prosecco.gforge.inria.fr/personal/hritcu/students/topics/2016/fstar.pdf">topics</a>;
                <a href="https://github.com/FStarLang/FStar">code</a>;
                <a href="https://www.fstar-lang.org/#papers">papers</a>)
                 </li>
               <li style="margin-bottom: 1ex;"><a href="http://prosecco.gforge.inria.fr/personal/karthik/teaching/mpri-browser-core.pdf">A Verified Browser Security Engine</a>
                 (<a href="http://prosecco.gforge.inria.fr/webspi/">web security models</a>; <a href="http://www.defensivejs.com/">defensive JavaScript</a>)</li>
                 <li style="margin-bottom: 1ex;"><a href="http://prosecco.gforge.inria.fr/personal/hritcu/students/topics/2016/quick-chick.pdf">Dependable Property-Based Testing</a></a>
                 (<a href="http://prosecco.gforge.inria.fr/personal/hritcu/students/topics/2016/quick-chick.pdf">topics</a>;
                  <a href="http://arxiv.org/abs/1409.0393">paper #1</a>,
                  <a href="https://hal.inria.fr/hal-01162898/document">paper #2</a>,
                  <a href="https://arxiv.org/abs/1607.05443">paper #3</a>,
                  <a href="https://github.com/QuickChick">code</a>)
                 </li>
               </ul>

            PostDocs (usually on 2 year positions) can also propose and follow their own research agenda and be fairly independent. Researchers (on <a href="https://www.inria.fr/en/institute/recruitment/offers/starting-research-positions/presentation">3 year</a> or <a href="https://www.inria.fr/en/institute/recruitment/offers/young-graduate-scientist/competitive-selection">permanent positions</a> via competitive Inria national contest) are expected to be highly independent. The research internships are for students at any level (BSc, MSc, and PhD) and usually take between 3 and 6 months (<a href="http://prosecco.gforge.inria.fr/internships/">more details here</a>). The predominant language of communication in Prosecco is English.</p>

            <p>If you are interested in applying or have any questions please send us an email at <a href="mailto:karthikeyan.bhargavan@inria.fr">karthikeyan.bhargavan@inria.fr</a> and <a href="mailto:catalin.hritcu@inria.fr">catalin.hritcu@inria.fr</a>. For applying please include your CV, a short description of your research interests, and the emails of one or two people who can act as your references.</p>

            <h3>How to reach us</h3>
            <p>We are located at <i><a href="https://www.google.com/maps/place/Rue+Simone+IFF,+75012+Paris,+France/">2 rue Simone Iff, 75012 Paris, France</a></i>. This address is, however, so new that mapping applications might not know it; if that's the case please use this old equivalent address: <i><a href="https://www.google.com/maps/place/43+Rue+du+Charolais,+75012+Paris,+France/">43 Rue du Charolais, 75012 Paris, France</a></i>. <a href="https://www.inria.fr/en/centre/paris/overview/how-to-reach-us">Here are more details</a>.</p>

            <h3>Postal address</h3>
            <p>
            Inria Prosecco team,
            Centre de Recherche Inria de Paris,
            2 rue Simone Iff,
            CS 42112,
            75589 Paris Cedex 12
            </p>

          </div>
        </div>
      </div>
    </div>
  </div>

  <div id="right">

    <div class="bloc secondaire">
      <h2>News</h2>
      <div cla1ss="vue libre">
        <h3>May 2017</h3>
        <p>Best paper award at Oakland S&amp;P 2017 for <a href="https://hal.inria.fr/hal-01528752">Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate</a> (<a href="https://www.youtube.com/watch?v=onZJ6RGiJRg">video</a>)</p>
        <p>We have <a href="http://prosecco.gforge.inria.fr/publications.php">3 papers</a> at <a href="http://www.ieee-security.org/TC/SP2017/">Oakland S&amp;P 2017</a></p>
        <h3>April 2017</h3>
        <p><a href="http://www.ieee-security.org/TC/EuroSP2017/">2nd IEEE European Symposium on Security and Privacy (EuroS&amp;P)</a> that we organized in Paris was an astounding success.</p>
        <h3>January 2017</h3>
        <p>New release of <a href="https://www.fstar-lang.org/">F*</a>, <a href="https://github.com/FStarLang/FStar/releases/tag/V0.9.4.0">version 0.9.4.0</a></p>

	<h3>December 2016</h3>
        <p>New release of <a href="http://proverif.inria.fr/">ProVerif</a>, version 1.96</p>
	<h3>November 2016</h3>
        <p>Karthik Bhargavan is awarded the <a href="https://www.inria.fr/actualite/actualites-inria/palmares-des-prix-inria-2016">Prix Jeune Chercheur Inria – Acad&eacute;mie des sciences 2016.</a></p>
        <p>New release of <a href="http://cryptoverif.inria.fr/">CryptoVerif</a>, version 1.24</p>
        <h3>October 2016</h3>
        <p>We have <a href="http://prosecco.gforge.inria.fr/publications.php">2 papers</a> at <a href="http://csf2016.tecnico.ulisboa.pt/">POPL 2017</a></p>
        <p><a href="https://sweet32.info">Sweet32</a>: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN</p>
	<p><a href="http://www.nowpublishers.com/article/Details/SEC-004">Book</a> on ProVerif</p>
	<h3>August 2016</h3>
        <p>C&#259;t&#259;lin Hri&#355;cu awarded <a href="https://erc.europa.eu/funding-and-grants/funding-schemes/starting-grants">ERC Starting Grant</a> on<br/><i><a href="https://secure-compilation.github.io/">SECOMP: Efficient Formally Secure Compilers to a Tagged Architecture</a></i></p>
        <p>Teaching the <a href="https://wikimpri.dptinfo.ens-cachan.fr/doku.php?id=cours:c-2-30">Cryptographic Protocols</a> course at <a href="https://wikimpri.dptinfo.ens-cachan.fr/doku.php?id=start">MPRI</a>, starting on 16th September 2016.</p>
	<h3>July 2016</h3>
        <p>Karthik Bhargavan is awarded a <a href="https://www.microsoft.com/en-us/research/academic-program/outstanding-collaborator-award/">Microsoft Research Outstanding Collaborator Award</a></p>
        <p>C&#259;t&#259;lin Hri&#355;cu awarded <a href="http://www.agence-nationale-recherche.fr/informations/actualites/detail/appel-a-projets-generique-2016-publication-des-premiers-resultats/">ANR JCJC grant</a> on <i>QuickChick</i> project</p>
        <h3>June 2016</h3>
        <p>We have <a href="http://prosecco.gforge.inria.fr/publications.php">3 papers</a> at <a href="http://csf2016.tecnico.ulisboa.pt/">IEEE CSF 2016</a></p>
        <h3>February 2016</h3>
        <p><a href="http://sloth-attack.org">Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH</a> wins a best paper award at <a href="http://www.internetsociety.org/events/ndss-symposium-2016">NDSS 2016</a></p>

        <h3>January 2016</h3>
        <p><a href="https://www.inria.fr/en/centre/paris/news/karthik-bhargavan-erc-consolidator-grants-2015">Karthik Bhargavan awarded ERC Consolidator Grant</a></p>
        <p><a href="http://mitls.org">miTLS</a> wins the <i><a href="http://www.realworldcrypto.com/levchinprize">Levchin prize</a> for contributions to real world cryptography</i></p>
        <p><a href="http://sloth-attack.org">Sloth Attack</a>: Colliding weak hash constructions in TLS, IKE, and SSH.</p>

        <h3>December 2015</h3>
        <p>We have moved to <i><a href="https://www.google.com/maps/place/Rue+Simone+IFF,+75012+Paris,+France/">2 rue Simone Iff, 75012 Paris</a></i> (also known as <a href="https://www.google.com/maps/place/43+Rue+du+Charolais,+75012+Paris,+France/">43 Rue du Charolais, 75012 Paris, France</a>)</p>

        <h3>November 2015</h3>
        <p><a href="https://blogs.microsoft.com/next/2015/11/18/how-triple-handshake-freak-and-logjam-discoveries-contributed-to-a-broader-effort-to-safeguard-the-internet/">miTLS and miTLS* released</a> on <a href="https://github.com/mitls">GitHub</a></p>

        <h3>October 2015</h3>
        <p><a href="https://weakdh.org">Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice</a> wins a best paper award at <a href="http://www.sigsac.org/ccs/CCS2015/">ACM CCS 2015</a></p>
        <p><a href="https://www.fstar-lang.org/papers/mumon/">Paper on F*</a> accepted at <a href="http://conf.researchr.org/home/POPL-2016">POPL 2016</a></p>

        <h3>September 2015</h3>
        <p><a href="https://tools.ietf.org/html/rfc7627">RFC 7627: TLS Session Hash and Extended Master Secret</a> is released</p>
        <!-- <p>We are <a href="http://prosecco.gforge.inria.fr/internships/">seeking interns</a></p> -->
                                <!-- <h3>September 2015</h3> -->

        <h3>August 2015</h3>
        <p><a href="https://smacktest.com/">FlexTLS: a tool for testing TLS implementations</a> wins the best paper award at <a href="https://www.usenix.org/conference/woot15">Usenix WOOT 2015</a></p>
        <p><a href="https://www.youtube.com/watch?v=t37sXxA2pmw">500 Bits - Implementor's Lament</a>; a song about <a href="https://freakattack.com/">FREAK</a> and <a href="https://weakdh.org/">Logjam</a> from <a href="http://crypto.2015.rump.cr.yp.to/58519dbcd0d4b21fed4ca38de4c400ea.pdf">CRYPTO 2015</a></p>
        <p><a href="https://weakdh.org/">Logjam</a> wins a <a href="http://pwnies.com/">Pwnie award for Most Innovative Research</a> at <a href="https://www.blackhat.com/us-15/">BlackHat 2015</a></p>

        <h3>May 2015</h3>
        <p><a href="https://weakdh.org/">Logjam Attack</a>: How Diffie-Hellman Fails in Practice</p>
        <p><a href="https://www.smacktls.com/">Messy State of the Union</a> wins a Distinguished Paper award at IEEE S&amp;P (Oakland) 2015</p>

        <h3>March 2015</h3>
        <p><a href="https://www.smacktls.com/">State Machine AttaCKs</a> on TLS, including <a href="https://freakattack.com/">FREAK</a></p>

        <!-- <h3>January 2015</h3> -->
        <!-- <p><a href="http://prosecco.gforge.inria.fr/publications.php">Two papers</a> accepted at <a href="http://www.ieee-security.org/TC/SP2015/">IEEE S&amp;P (Oakland)</a> 2015</p> -->
        <!-- <h3>October 2014</h3> -->
        <!-- <p>We are hosting the <a href="https://wiki.inria.fr/prosecco/IETF_TLS_Interim_October_2014">IETF TLS Interim October meeting</a> in Paris on 21-22 October 2014.</p> -->
<!--
        <p>The <a href="https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014">Joint EasyCrypt-F*-CryptoVerif School 2014</a> starts on November 24th.</p>
-->
        <!-- <h3>July 2014</h4> -->
        <!-- <p>We are organizing <a href="https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014">The Joint EasyCrypt-F*-CryptoVerif School 2014</a> in Paris on 24-28 November 2014. Registration is now closed.</p> -->
        <!-- <h3>June 2014</h4> -->
        <!-- <p>Microsoft issued <a href="https://technet.microsoft.com/library/security/ms14-035">CVE-2014-1771</a> fixing SChannel and Internet Explorer in response to our <a href="http://secure-resumption.com">Triple Handshake attacks</a>.</p> -->

<!--
        <h3>May 2014</h4>
        <p>We had <a href="http://prosecco.gforge.inria.fr/publications.php">two papers at IEEE S&amp;P (Oakland) 2014</p>
        <p><a href="http://www.bensmyth.com/">Ben Smyth</a> and <a href="http://alfredo.pironti.eu/research/">Alfredo Pironti</a> have been <a href="http://technet.microsoft.com/en-us/security/cc308575">acknowledged by Microsoft</a> for their work on <a href="http://www.bensmyth.com/publications/2013-truncation-attacks-to-violate-beliefs/">TLS truncation attacks</a>. </p>          

        <h3>April 2014</h3>
        <p> Apple issued <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1295">CVE-2014-1295</a> fixing iOS, OS X, and Apple TV in response to our <a href="http://secure-resumption.com">Triple Handshake</a> and HTTPS truncation vulnerability reports.</p>

        <h3>March 2014</h3>
        <p>We presented our <a href="http://secure-resumption.com">Triple Handshake attacks</a> to the TLS Working Group at IETF'89 and proposed a new countermeasure</p>

        <h3>February 2014</h3>
        <p>We had <a href="http://prosecco.gforge.inria.fr/publications.php">one paper</a> at NDSS 2013</p>
        <p>Our team has an <a href="https://www.inria.fr/en/institute/recruitment/offers/phd/campaign-2014">Inria PhD fellowship</a> topic on <a href="https://www.inria.fr/en/institute/recruitment/offers/phd/campaign-2014/(view)/details.html?id=PNGFK026203F3VBQB6G68LOE1&LOV5=4509&LG=EN&Resultsperpage=20&nPostingID=8363&nPostingTargetID=14104&option=52&sort=DESC&nDepartmentID=28">Speeding up Theorem Proving with Property-Based Testing</a>. The deadline for applications is May 2.</p>

        <p>Mozilla issued <a href="http://www.securityfocus.com/bid/65332">CVE-2014-1491</a> in response to our vulnerability report.</p>

        <h3>January 2014</h3>
        <p>We had <a href="http://prosecco.gforge.inria.fr/publications.php">two papers</a> at <a href="http://popl.mpi-sws.org/2014/">POPL 2014</a></p>

        <h3>November 2013</h3>
        <p>We had <a href="http://prosecco.gforge.inria.fr/publications.php">two papers</a> at <a href="http://www.sigsac.org/ccs/CCS2013/">CCS 2013</a></p>
        <p>Chromium issued <a href="http://www.securityfocus.com/bid/63678">CVE-2013-6628</a> in response to our vulnerability report</p>
        <h3>17 July 2013</h3>
        <p><a href="http://www.bensmyth.com/">Ben Smyth</a> and <a href="http://alfredo.pironti.eu/research/">Alfredo Pironti</a> have been acknowledged in Google's <a href="http://www.google.com/about/appsecurity/hall-of-fame/distinction/">Hall of Fame</a> for their work on <a href="http://www.bensmyth.com/publications/2013-truncation-attacks-to-violate-beliefs/">TLS truncation attacks</a>. </p>

        <h3>11 June 2013</h3>
        <p>We have papers accepted at <a href="http://www.defensivejs.com/">USENIX Security</a>, <a href="http://www.bensmyth.com/publications/2013-ballot-independence-for-election-schemes/">ESORICS</a>, <a href="http://www.bensmyth.com/publications/2013-truncation-attacks-to-violate-beliefs/">WOOT/Black Hat USA</a>. In addition, we have journal articles accepted by <a href="http://prosecco.gforge.inria.fr/personal/bblanche/publications/CadeBlanchetJoWUA13.html">ISYOU</a> and <a href="http://www.bensmyth.com/publications/2012-attacking-ballot-secrecy-in-Helios/">JCS</a>.</p>

        <h3>25 March 2013</h3>
        <p>We have a <a href="http://prosecco.gforge.inria.fr/jobs/2013-APIs.html">post-doctoral researcher position focusing on Formal Analysis for Security APIs</a> available.</p>

        <h3>5 March 2013</h3>
        <p>We have <a href="http://prosecco.gforge.inria.fr/publications.php">one paper</a>
        on <a href="http://mitls.rocq.inria.fr/">miTLS</a> accepted at Oakland'13.</p>
-->
<!-- Old news
        <h3>21 December 2012</h3>
        <p>Chetan Bansal and Karthikeyan Bhargavan report <a href="https://www.facebook.com/BugBounty/posts/132102556947900">three bugs in Facebook's OAuth implementation</a>.
                                      </p>
        <h3>17 December 2012</h3>
        <p>We have <a href="http://prosecco.gforge.inria.fr/publications.php">three papers</a> accepted at POST'13.</p>

        <h3>26 October 2012</h3>
        <p>Antoine Delignat-Lavaud exploits <a href="http://www.mozilla.org/security/announce/2012/mfsa2012-90.html">Firefox security</a> to allow the cross-origin reading of <tt>Location</tt> objects.</p>

        <h3>26 June 2012</h3> 
        <p>A paper by Prosecco members and collaborators "Efficient Padding Oracle Attacks on Cryptographic Hardware", to appear at CRYPTO'12, has <a href="http://bits.blogs.nytimes.com/2012/06/25/computer-scientists-break-security-token-key-in-record-time/?ref=technology">received</a> <a href="http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/">some</a> <a href="http://www.scmagazineuk.com/research-finds-that-rsa-tokens-can-be-broken-in-under-15-minutes/article/247390/">press</a> and <a href="http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html">blog</a> <a href="http://www.newscientist.com/blogs/onepercent/2012/06/security-tokens-busted-in-a-ma.html">coverage</a>. Please see the <a href="http://www.lsv.ens-cachan.fr/~steel/efficient-padding-oracle-attacks/faq.html">FAQ</a> for more details on the work.</p>
-->
      </div>
    </div>

    <div class="bloc secondaire">
      <h2>Funding</h2>

      <!-- <p>Our group currently receives funding from the following projects:</p> -->

      <ul>
        <li style="margin-bottom: 0.5ex;"><a href="https://secure-compilation.github.io/">ERC Starting Grant <i>SECOMP</i></a></li>
        <li style="margin-bottom: 0.5ex;"><a href="https://www.inria.fr/en/centre/paris/news/karthik-bhargavan-erc-consolidator-grants-2015">ERC Consolidator Grant <i>CIRCUS</i></a></li>
        <li style="margin-bottom: 0.5ex;"><a href="https://nextleap.eu/">EU Horizon 2020 Research and Innovation project <i>NEXTLEAP</i></a></li>
        <!-- <li style="margin-bottom: 0.5ex;"><a href="">ANR JCJC grant <i>QuickChick</i></a></li> -->
        <li style="margin-bottom: 0.5ex;"><a href="http://www.di.ens.fr/~feret/anastasec/">ANR project <i>AnaStaSec</i></a></li>
        <li style="margin-bottom: 0.5ex;"><a href="http://ajacs.inria.fr/">ANR project <i>AJACS</i></a></li>
        <li style="margin-bottom: 0.5ex;"><a href="http://www.msr-inria.fr/">Microsoft Research - Inria Joint Centre</a></li>
        <li style="margin-bottom: 0.5ex;"><a href="https://www.microsoft.com/en-us/research/academic-program/phd-scholarship-europe-middle-east-africa/">MSR PhD Scholarship Programme</a></li>
        <li style="margin-bottom: 0.5ex;"><a href="http://www.ixarm.com/Theses-cofinancees-DGA-INRIA?lang=en">DGA-INRIA PhD grants</a></li>
        <!-- <li>DGA project <i>Analyse de sécurité des interfaces de programmation</i></li> -->
      </ul>

  </div>
</div>
</div>
<div class="footer" style="font-size:0.5em;">
	<div class="overflow" style="font-size:0.5em;">
		<div class="shortcuts"></div>
	</div>
</div>
<div class="footer satellites" style="font-size:0.5em;">
	<div class="overflow" style="font-size:0.5em;"><!--p>Page maintained by <a href="http://www.bensmyth.com">Ben Smyth</a></p--></div>
</div>

</body>
</html>

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/personal/bblanche/america.gif version [3c9cf55536].

cannot compute difference between binary files

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/personal/bblanche/arinc823/arinc823.tar.gz version [710a2ae1ef].

cannot compute difference between binary files

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/personal/bblanche/arinc823/arinc823prim.cvl.html version [c983a190b8].



























































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
(* Joint assumption:
   - Gap Diffie-Hellman
   - SUF-CMA signatures, with collision-resistance
*)

define joint_GDH_SUFCMA_collresistance(G, Z, g, exp, mult, pGDH,
  signature, seed, sign, ver, Psign, Psigncoll)
{
const g: G.
fun exp(G, Z): G.

(* ECDSA Signatures, modified to avoid malleability *)

fun sign(Z, bitstring, seed): signature.
fun ver(G, signature, bitstring): bool.
fun sign'(Z, bitstring, seed): signature.

(* I need a joint security assumption on DH (GDH) and signatures,
   because they use the same secret keys

First, let us define GDH, with allowed signature oracles *)

fun mult(Z,Z): Z. 
equation commut(mult).

(* exponents multiply *)

forall a:G, x:Z, y:Z;
  exp(exp(a,x), y) = exp(a, mult(x,y)).

(* injectivity *)

forall x:Z, y:Z; (exp(g,x) = exp(g,y)) = (x = y).

(* when the order of the group is a prime *)

forall x:G, x':G, y:Z; (exp(x,y) = exp(x',y)) = (x = x').
forall x:G, x':Z, y:Z; (exp(x,y) = exp(g, mult(x',y))) = (x = exp(g,x')).

(* collision between products *)

collision new x1:Z; new x2:Z; new x3:Z; new x4:Z; 
  mult(x1,x2) = mult(x3,x4) <=(1/|Z|)=> false. 

collision new x1:Z; new x2:Z; 
  mult(x1,x1) = mult(x2,x2) <=(1/|Z|)=> false. 

forall x:Z, y:Z, y':Z; 
  (mult(x,y) = mult(x,y')) = (y = y').

(* replace a random group element with an exponentiation, and conversely *)

param N, N'.

equiv group_to_exp_strict(exp)
      !N new X:G; (OX() := X, !N' OXm(m:Z) [useful_change] := exp(X,m))
<=(0)=> [computational]
      !N new x:Z; (OX() := exp(g,x), !N' OXm(m:Z) := exp(g,mult(x,m))).

(* This equivalence is very general, apply it only manually, because
   otherwise it might be applied too often.  The equivalence above is
   particular case applied only when X is inside exp, and good for
   automatic proofs. *)

equiv group_to_exp(exp)
      !N new X:G; OX() := X 
<=(0)=> [manual, computational]    
      !N new x:Z; OX() := exp(g,x).


equiv exp_to_group(exp)
      !N new x:Z; OX() := exp(g,x)
<=(0)=> [computational]
      !N new X:G; OX() := X.

(* the GDH assumption
    This equivalence says that, when exp(g,a[i]) and exp(g,b[j]) are known to the
    adversary, the adversary can compute exp(g, mult(a[i], b[j])) only with
    negligible probability, even in the presence of a DDH oracle
    DDH(G,A,B,C) tells whether A = G^a, B = G^b, and C = G^{ab} for some a,b,
    that is DDH(G,A,B,C) is (log_G(A) * log_G(B) = log_G(C)). *) 

const mark: bitstring.

param na, naDDH, naDDH1, naDDH2, naDDH3, naDDH4, naDDH5, naDDH6, naDDH7, naDDH8, naSign, naSign2,
      nb, nbDDH, nbDDH1, nbDDH2, nbDDH3, nbDDH4, nbDDH5, nbDDH6, nbDDH7, nbDDH8, nbSign, nbSign2.

equiv gdh(exp)
    !na new a:Z; (
      OA() := exp(g,a), 
      !naDDH1 ODDHa1(m:G, m':G) := m = exp(m', a),
      !naDDH2 ODDHa2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',a),
      !naDDH3 ODDHa3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',a),
      !naDDH4 ODDHa4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],a)),
      !naDDH5 ODDHa5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],a)),
      !naDDH6 ODDHa6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],a)),
      !naDDH7 ODDHa7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],a)),
      !naDDH ODDHa(m:G, j<=nb) [useful_change] := m = exp(g, mult(b[j], a)),
      !naDDH8 ODDHa8(m:G,j<=na) [3] := m = exp(g,mult(a[j], a)),
      !naSign new r:seed; OSigna(m:bitstring) := sign(a, m, r),
      !naSign2 new r:seed; OSigna2(m:bitstring) := sign'(a, m, r)
    ),
    !nb new b:Z; (
      OB() := exp(g,b),
      !nbDDH1 ODDHb1(m:G, m':G) := m = exp(m', b),
      !nbDDH2 ODDHb2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',b),
      !nbDDH3 ODDHb3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',b),
      !nbDDH4 ODDHb4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],b)),
      !nbDDH5 ODDHb5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],b)),
      !nbDDH6 ODDHb6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],b)),
      !nbDDH7 ODDHb7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],b)),
      !nbDDH ODDHb(m:G, j<=na) := m = exp(g, mult(a[j], b)),
      !nbDDH8 ODDHb8(m:G,j<=nb) [3] := m = exp(g,mult(b[j], b)),
      !nbSign new r:seed; OSignb(m:bitstring) := sign(b, m, r),
      !nbSign2 new r:seed; OSignb2(m:bitstring) := sign'(b, m, r)
    )
<=((#ODDHa + #ODDHa1 + #ODDHb + #ODDHb1) * 
	   pGDH(time + (na + nb + #ODDHa + #ODDHa1 + #ODDHb + #ODDHb1) * time(exp),
	   #ODDHa1 + #ODDHa2 + #ODDHa3 + #ODDHa4 + #ODDHa5 + #ODDHa6 + #ODDHa7 + #ODDHa8 +
	   #ODDHb1 + #ODDHb2 + #ODDHb3 + #ODDHb4 + #ODDHb5 + #ODDHb6 + #ODDHb7 + #ODDHb8))=> [computational]
    !na new a:Z [unchanged]; (
      OA() := exp(g,a), 
      !naDDH1 ODDHa1(m:G, m':G) := m = exp(m', a)
			       (* GDH allows to compute m = exp(m',a) for any m and m', without leaking a, 
			          as it is DDH(g, exp(g,a), m', m) *),
      !naDDH2 ODDHa2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',a),
      	   (* GDH allows to compute exp(m, b[j]) = exp(m',a) for any m and m', 
	      without leaking a, as it is DDH(exp(g,a), exp(g,b[j]), m, m')
	      Indeed, 
 	      D(exp(g,a),exp(g,b[j]),m,m') 
      	        = (log_{g^a}(g^b[j]) * log_{g^a}(m) = log_{g^a}(m'))
      		= (b[j]/a * log_g(m)/a = log_g(m')/a)
      		= (b[j] * log_g(m) = a log_g(m'))
      		= (m^b[j] = m'^a). *)
      !naDDH3 ODDHa3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',a),
      	    (* Similar to ODDHa2 *)
      !naDDH4 ODDHa4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],a)),
      !naDDH5 ODDHa5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],a)),
      !naDDH6 ODDHa6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],a)),
      !naDDH7 ODDHa7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],a)),
            (* ODDHa4..7 are particular cases of ODDHa2 or ODDHa3, with m' = exp(g, b[j'])
	       or m' = exp(g, a[j']).
	       We need to consider all these forms because CryptoVerif rewrites
	       exp(exp(g,b[j']),a) into exp(g,mult(b[j'],a)), and it would not
	       detect exp(g,mult(b[j'],a)) as an instance of exp(m',a). *)
      !naDDH ODDHa(m:G, j<=nb) := false,
	    (* ODDHa is a particular case of ODDHa1 in which can apply the CDH assumption. *)
      !naDDH8 ODDHa8(m:G,j<=na) := m = exp(g,mult(a[j], a)),
            (* ODDHa8 is a particular case of ODDHa1 in which we do not apply
	       the CDH assumption, since we apply it between a's and b's *)
      !naSign OSigna(m:bitstring) := new r:seed; sign(a, m, r),
      !naSign2 OSigna2(m:bitstring) := new r:seed; sign'(a, m, r)
      ),
    !nb new b:Z [unchanged]; (
      OB() := exp(g,b), 
      !nbDDH1 ODDHb1(m:G, m':G) := m = exp(m', b)
			       (* GDH allows to compute m = exp(m',a) for any m and m', without leaking a *),
      !nbDDH2 ODDHb2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',b),
      !nbDDH3 ODDHb3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',b),
      !nbDDH4 ODDHb4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],b)),
      !nbDDH5 ODDHb5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],b)),
      !nbDDH6 ODDHb6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],b)),
      !nbDDH7 ODDHb7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],b)),
      !nbDDH ODDHb(m:G, j<=na) := false,
      !nbDDH8 ODDHb8(m:G,j<=nb) := m = exp(g,mult(b[j], b)),
      !nbSign OSignb(m:bitstring) := new r:seed; sign(b, m, r),
      !nbSign2 OSignb2(m:bitstring) := new r:seed; sign'(b, m, r)
    ).

    (* We need to consider both forms m = exp(m', a) and m = exp(g,
    mult(b[j], a)) in the equivalence, because, when m' is known to be
    exp(g, b[j]), CryptoVerif is going to simplify m = exp(m', a) into
    m = exp(g, mult(b[j], a)), and the procedure that tests whether a
    term in the game matches a term in the equivalence would not
    recognize that m = exp(g, mult(b[j], a)) in the game matches m =
    exp(m', a) in the equivalence. *)

(* Now, SUF-CMA signatures *)

forall m:bitstring, r:Z, r2:seed; 
	ver(exp(g,r), sign(r, m, r2), m) = true.

param N2, N3, N4, NDDH1, NDDH2, NDDH3.

equiv suf_cma(sign)
       !N3 new r: Z; (Opk() [2] := exp(g,r),
			    !N2 new r2: seed; Osign(x: bitstring) := sign(r, x, r2),
			    !N Ocheck(m1: bitstring, si1:signature) := ver(exp(g,r), si1, m1),
			    !NDDH1 ODDH1(m2: G, m3: G) := m2 = exp(m3, r),
			    !NDDH2 ODDH2(m2: G, m3: Z) := m2 = exp(g, mult(m3, r)),
			    !NDDH3 ODDH3(m2: G) := m2 = exp(g, mult(r,r))
			    ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) [3] := ver(y, si, m) [all]
     <=(N3 * Psign(time + (N4+N-1) * time(ver, max(maxlength(m1), maxlength(m))) + (N3-1)*(time(exp) + N2 * time(sign, maxlength(x)) + N * time(ver, maxlength(m1))), N2, maxlength(x)))=> [manual,computational]
       !N3 new r: Z [unchanged]; 
       	       	  	   (Opk() := exp(g,r),
			    !N2 new r2: seed [unchanged]; Osign(x: bitstring) := let s: signature = sign'(r, x, r2) in s,
			    !N Ocheck(m1: bitstring, si1:signature) :=
                              find j <= N2 suchthat defined(x[j],s[j]) && m1 = x[j] && si1 = s[j] then true else false,
			    !NDDH1 ODDH1(m2: G, m3: G) := m2 = exp(m3, r),
			    !NDDH2 ODDH2(m2: G, m3: Z) := m2 = exp(g, mult(m3, r)),
			    !NDDH3 ODDH3(m2: G) := m2 = exp(g, mult(r,r))
			      ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) :=
		find j <= N2, k <= N3 suchthat defined(x[j,k],s[j,k],r[k]) && y = exp(g,r[k]) && m = x[j,k] && si = s[j,k] then true else
		find k <= N3 suchthat defined(r[k]) && y = exp(g,r[k]) then false else
		ver(y,si,m).

(* Collision resistance property
   This property holds for ECDSA signatures
   sign(k, m1, r1) = sign(k, m2, r2) implies that r1.G and r2.G have 
   the same first coordinate modulo n (the prime order of G), which has a negligible
   probability of happening for independent random r1 and r2. *)

collision new k:Z; new r1: seed; new r2: seed; forall m1: bitstring, m2: bitstring;
	   (sign'(k, m1, r1) = sign'(k, m2, r2)) <=(Psigncoll)=> false.

}

(* Joint assumption:
   - Gap Diffie-Hellman
   - UF-CMA signatures, with collision-resistance
*)

define joint_GDH_UFCMA_collresistance(G, Z, g, exp, mult, pGDH,
  signature, seed, sign, ver, Psign, Psigncoll)
{
const g: G.
fun exp(G, Z): G.

(* ECDSA Signatures *)

fun sign(Z, bitstring, seed): signature.
fun ver(G, signature, bitstring): bool.
fun sign'(Z, bitstring, seed): signature.
fun ver'(G, signature, signature, bitstring): bool.

(* I need a joint security assumption on DH (GDH) and signatures,
   because they use the same secret keys

First, let us define GDH, with allowed signature oracles *)

fun mult(Z,Z): Z. 
equation commut(mult).

(* exponents multiply *)

forall a:G, x:Z, y:Z;
  exp(exp(a,x), y) = exp(a, mult(x,y)).

(* injectivity *)

forall x:Z, y:Z; (exp(g,x) = exp(g,y)) = (x = y).

(* when the order of the group is a prime *)

forall x:G, x':G, y:Z; (exp(x,y) = exp(x',y)) = (x = x').
forall x:G, x':Z, y:Z; (exp(x,y) = exp(g, mult(x',y))) = (x = exp(g,x')).

(* collision between products *)

collision new x1:Z; new x2:Z; new x3:Z; new x4:Z; 
  mult(x1,x2) = mult(x3,x4) <=(1/|Z|)=> false. 

collision new x1:Z; new x2:Z; 
  mult(x1,x1) = mult(x2,x2) <=(1/|Z|)=> false. 

forall x:Z, y:Z, y':Z; 
  (mult(x,y) = mult(x,y')) = (y = y').

(* replace a random group element with an exponentiation, and conversely *)

param N, N'.

equiv group_to_exp_strict(exp)
      !N new X:G; (OX() := X, !N' OXm(m:Z) [useful_change] := exp(X,m))
<=(0)=> [computational]
      !N new x:Z; (OX() := exp(g,x), !N' OXm(m:Z) := exp(g,mult(x,m))).

(* This equivalence is very general, apply it only manually, because
   otherwise it might be applied too often.  The equivalence above is
   particular case applied only when X is inside exp, and good for
   automatic proofs. *)

equiv group_to_exp(exp)
      !N new X:G; OX() := X 
<=(0)=> [manual, computational]    
      !N new x:Z; OX() := exp(g,x).


equiv exp_to_group(exp)
      !N new x:Z; OX() := exp(g,x)
<=(0)=> [computational]
      !N new X:G; OX() := X.

(* the GDH assumption
    This equivalence says that, when exp(g,a[i]) and exp(g,b[j]) are known to the
    adversary, the adversary can compute exp(g, mult(a[i], b[j])) only with
    negligible probability, even in the presence of a DDH oracle
    DDH(G,A,B,C) tells whether A = G^a, B = G^b, and C = G^{ab} for some a,b,
    that is DDH(G,A,B,C) is (log_G(A) * log_G(B) = log_G(C)). *) 

const mark: bitstring.

param na, naDDH, naDDH1, naDDH2, naDDH3, naDDH4, naDDH5, naDDH6, naDDH7, naDDH8, naSign, naSign2,
      nb, nbDDH, nbDDH1, nbDDH2, nbDDH3, nbDDH4, nbDDH5, nbDDH6, nbDDH7, nbDDH8, nbSign, nbSign2.

equiv gdh(exp)
    !na new a:Z; (
      OA() := exp(g,a), 
      !naDDH1 ODDHa1(m:G, m':G) := m = exp(m', a),
      !naDDH2 ODDHa2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',a),
      !naDDH3 ODDHa3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',a),
      !naDDH4 ODDHa4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],a)),
      !naDDH5 ODDHa5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],a)),
      !naDDH6 ODDHa6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],a)),
      !naDDH7 ODDHa7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],a)),
      !naDDH ODDHa(m:G, j<=nb) [useful_change] := m = exp(g, mult(b[j], a)),
      !naDDH8 ODDHa8(m:G,j<=na) [3] := m = exp(g,mult(a[j], a)),
      !naSign new r:seed; OSigna(m:bitstring) := sign(a, m, r),
      !naSign2 new r:seed; OSigna2(m:bitstring) := sign'(a, m, r)
    ),
    !nb new b:Z; (
      OB() := exp(g,b),
      !nbDDH1 ODDHb1(m:G, m':G) := m = exp(m', b),
      !nbDDH2 ODDHb2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',b),
      !nbDDH3 ODDHb3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',b),
      !nbDDH4 ODDHb4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],b)),
      !nbDDH5 ODDHb5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],b)),
      !nbDDH6 ODDHb6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],b)),
      !nbDDH7 ODDHb7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],b)),
      !nbDDH ODDHb(m:G, j<=na) := m = exp(g, mult(a[j], b)),
      !nbDDH8 ODDHb8(m:G,j<=nb) [3] := m = exp(g,mult(b[j], b)),
      !nbSign new r:seed; OSignb(m:bitstring) := sign(b, m, r),
      !nbSign2 new r:seed; OSignb2(m:bitstring) := sign'(b, m, r)
    )
<=((#ODDHa + #ODDHa1 + #ODDHb + #ODDHb1) * 
	   pGDH(time + (na + nb + #ODDHa + #ODDHa1 + #ODDHb + #ODDHb1) * time(exp),
	   #ODDHa1 + #ODDHa2 + #ODDHa3 + #ODDHa4 + #ODDHa5 + #ODDHa6 + #ODDHa7 + #ODDHa8 +
	   #ODDHb1 + #ODDHb2 + #ODDHb3 + #ODDHb4 + #ODDHb5 + #ODDHb6 + #ODDHb7 + #ODDHb8))=> [computational]
    !na new a:Z [unchanged]; (
      OA() := exp(g,a), 
      !naDDH1 ODDHa1(m:G, m':G) := m = exp(m', a)
			       (* GDH allows to compute m = exp(m',a) for any m and m', without leaking a, 
			          as it is DDH(g, exp(g,a), m', m) *),
      !naDDH2 ODDHa2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',a),
      	   (* GDH allows to compute exp(m, b[j]) = exp(m',a) for any m and m', 
	      without leaking a, as it is DDH(exp(g,a), exp(g,b[j]), m, m')
	      Indeed, 
 	      D(exp(g,a),exp(g,b[j]),m,m') 
      	        = (log_{g^a}(g^b[j]) * log_{g^a}(m) = log_{g^a}(m'))
      		= (b[j]/a * log_g(m)/a = log_g(m')/a)
      		= (b[j] * log_g(m) = a log_g(m'))
      		= (m^b[j] = m'^a). *)
      !naDDH3 ODDHa3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',a),
      	    (* Similar to ODDHa2 *)
      !naDDH4 ODDHa4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],a)),
      !naDDH5 ODDHa5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],a)),
      !naDDH6 ODDHa6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],a)),
      !naDDH7 ODDHa7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],a)),
            (* ODDHa4..7 are particular cases of ODDHa2 or ODDHa3, with m' = exp(g, b[j'])
	       or m' = exp(g, a[j']).
	       We need to consider all these forms because CryptoVerif rewrites
	       exp(exp(g,b[j']),a) into exp(g,mult(b[j'],a)), and it would not
	       detect exp(g,mult(b[j'],a)) as an instance of exp(m',a). *)
      !naDDH ODDHa(m:G, j<=nb) := false,
	    (* ODDHa is a particular case of ODDHa1 in which can apply the CDH assumption. *)
      !naDDH8 ODDHa8(m:G,j<=na) := m = exp(g,mult(a[j], a)),
            (* ODDHa8 is a particular case of ODDHa1 in which we do not apply
	       the CDH assumption, since we apply it between a's and b's *)
      !naSign OSigna(m:bitstring) := new r:seed; sign(a, m, r),
      !naSign2 OSigna2(m:bitstring) := new r:seed; sign'(a, m, r)
      ),
    !nb new b:Z [unchanged]; (
      OB() := exp(g,b), 
      !nbDDH1 ODDHb1(m:G, m':G) := m = exp(m', b)
			       (* GDH allows to compute m = exp(m',a) for any m and m', without leaking a *),
      !nbDDH2 ODDHb2(m:G,m':G,j<=nb) := exp(m, b[j]) = exp(m',b),
      !nbDDH3 ODDHb3(m:G,m':G,j<=na) := exp(m, a[j]) = exp(m',b),
      !nbDDH4 ODDHb4(m:G,j'<=nb,j<=nb) := exp(m, b[j]) = exp(g,mult(b[j'],b)),
      !nbDDH5 ODDHb5(m:G,j'<=nb,j<=na) := exp(m, a[j]) = exp(g,mult(b[j'],b)),
      !nbDDH6 ODDHb6(m:G,j'<=na,j<=nb) := exp(m, b[j]) = exp(g,mult(a[j'],b)),
      !nbDDH7 ODDHb7(m:G,j'<=na,j<=na) := exp(m, a[j]) = exp(g,mult(a[j'],b)),
      !nbDDH ODDHb(m:G, j<=na) := false,
      !nbDDH8 ODDHb8(m:G,j<=nb) := m = exp(g,mult(b[j], b)),
      !nbSign OSignb(m:bitstring) := new r:seed; sign(b, m, r),
      !nbSign2 OSignb2(m:bitstring) := new r:seed; sign'(b, m, r)
    ).

    (* We need to consider both forms m = exp(m', a) and m = exp(g,
    mult(b[j], a)) in the equivalence, because, when m' is known to be
    exp(g, b[j]), CryptoVerif is going to simplify m = exp(m', a) into
    m = exp(g, mult(b[j], a)), and the procedure that tests whether a
    term in the game matches a term in the equivalence would not
    recognize that m = exp(g, mult(b[j], a)) in the game matches m =
    exp(m', a) in the equivalence. *)

(* Now, UF-CMA signatures *)

forall m:bitstring, r:Z, r2:seed; 
	ver(exp(g,r), sign(r, m, r2), m) = true.
forall m:bitstring, r:Z, r2:seed; 
	ver'(exp(g,r), sign'(r, m, r2), sign'(r, m, r2), m) = true.
    (* The first signature is the initial one -
       the second signature is the received one,
       possibly altered since signatures are malleable *)

param N2, N3, N4, NDDH1, NDDH2, NDDH3.

equiv uf_cma(sign)
       !N3 new r: Z; (Opk() [2] := exp(g,r),
			    !N2 new r2: seed; Osign(x: bitstring) := sign(r, x, r2),
			    !N Ocheck(m1: bitstring, si1:signature) := ver(exp(g,r), si1, m1),
			    !NDDH1 ODDH1(m2: G, m3: G) := m2 = exp(m3, r),
			    !NDDH2 ODDH2(m2: G, m3: Z) := m2 = exp(g, mult(m3, r)),
			    !NDDH3 ODDH3(m2: G) := m2 = exp(g, mult(r,r))
			    ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) [3] := ver(y, si, m) [all]
     <=(N3 * Psign(time + (N4+N-1) * time(ver, max(maxlength(m1), maxlength(m))) + (N3-1)*(time(exp) + N2 * time(sign, maxlength(x)) + N * time(ver, maxlength(m1))), N2, maxlength(x)))=> [manual,computational]
       !N3 new r: Z [unchanged]; 
       	       	  	   (Opk() := exp(g,r),
			    !N2 new r2: seed [unchanged]; Osign(x: bitstring) := let s: signature = sign'(r, x, r2) in s,
			    !N Ocheck(m1: bitstring, si1:signature) :=
                              find j <= N2 suchthat defined(x[j],s[j]) && m1 = x[j] && ver'(exp(g,r), s[j], si1, m1) then true else false,
			    !NDDH1 ODDH1(m2: G, m3: G) := m2 = exp(m3, r),
			    !NDDH2 ODDH2(m2: G, m3: Z) := m2 = exp(g, mult(m3, r)),
			    !NDDH3 ODDH3(m2: G) := m2 = exp(g, mult(r,r))
			      ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) :=
		find j <= N2, k <= N3 suchthat defined(x[j,k],s[j,k],r[k]) && y = exp(g,r[k]) && m = x[j,k] && ver'(y, s[j,k], si, m) then true else
		find k <= N3 suchthat defined(r[k]) && y = exp(g,r[k]) then false else
		ver(y,si,m).

(* Collision resistance property
   This property holds for ECDSA signatures
   sign(k, m1, r1) = sign(k, m2, r2) implies that r1.G and r2.G have 
   the same first coordinate modulo n (the prime order of G), which has a negligible
   probability of happening for independent random r1 and r2. *)

collision new k:Z; new r1: seed; new r2: seed; forall m1: bitstring, m2: bitstring;
	   (sign'(k, m1, r1) = sign'(k, m2, r2)) <=(Psigncoll)=> false.

collision new k:Z; new r1: seed; new r2: seed; forall m1: bitstring, m2: bitstring, m: bitstring;
           ver'(exp(g,k), sign'(k, m1, r1), sign'(k, m2, r2), m) <=(Psigncoll)=> false.

}

(* SUF-CMA assumption, with keys generated by exponentiation *)

define SUFCMA_EC(G, Z, g, exp, 
  signature, seed, sign, ver, Psign, Psigncoll) {

const g: G.
fun exp(G, Z): G.

fun sign(Z, bitstring, seed): signature.
fun ver(G, signature, bitstring): bool.
fun sign'(Z, bitstring, seed): signature.
fun ver'(G, signature, bitstring): bool.

forall m:bitstring, r:Z, r2:seed; 
	ver(exp(g,r), sign(r, m, r2), m) = true.
forall m:bitstring, r:Z, r2:seed; 
	ver'(exp(g,r), sign'(r, m, r2), m) = true.

param N, N2, N3, N4.

equiv suf_cma(sign)
       !N3 new r: Z; (Opk() [2] := exp(g,r),
			    !N2 new r2: seed; Osign(x: bitstring) := sign(r, x, r2),
			    !N Ocheck(m1: bitstring, si1:signature) := ver(exp(g,r), si1, m1)
			    ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) [3] := ver(y, si, m) [all]
     <=(N3 * Psign(time + (N4+N-1) * time(ver, max(maxlength(m1), maxlength(m))) + (N3-1)*(time(exp) + N2 * time(sign, maxlength(x)) + N * time(ver, maxlength(m1))), N2, maxlength(x)))=> [manual,computational]
       !N3 new r: Z [unchanged]; 
       	       	  	   (Opk() := exp(g,r),
			    !N2 new r2: seed [unchanged]; Osign(x: bitstring) := let s: signature = sign'(r, x, r2) in s,
			    !N Ocheck(m1: bitstring, si1:signature) :=
                              find j <= N2 suchthat defined(x[j],s[j]) && m1 = x[j] && si1 = s[j] then true else false
			      ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) :=
		find j <= N2, k <= N3 suchthat defined(x[j,k],s[j,k],r[k]) && y = exp(g,r[k]) && m = x[j,k] && si = s[j,k] then true else
		find k <= N3 suchthat defined(r[k]) && y = exp(g,r[k]) then false else
		ver(y,si,m).

const mark: bitstring.

equiv suf_cma_corrupt(sign)
       !N3 new r: Z; (Opk() [2] := exp(g,r),
                          !N2 new r2: seed; Osign(x: bitstring) := sign(r, x, r2),
                          !N Ocheck(m1: bitstring, si1:signature) := ver(exp(g,r), si1, m1),
                          Ocorrupt() [10] := r
                          ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) [3] := ver(y, si, m) [all]
     <=(N3 * Psign(time + (N4+N-1) * time(ver, max(maxlength(m1), maxlength(m))) + (N3-1)*(time(exp) + N2 * time(sign, maxlength(x)) + N * time(ver, maxlength(m1))), N2, maxlength(x)))=> [manual,computational]
       !N3 new r: Z [unchanged]; 
                                 (Opk() := exp(g,r),
                          !N2 new r2: seed [unchanged]; Osign(x: bitstring) := let s: signature = sign'(r, x, r2) in s,
                          !N Ocheck(m1: bitstring, si1:signature) :=
                            if defined(corrupt) then ver'(exp(g,r), si1, m1) else
                              find j <= N2 suchthat defined(x[j],s[j]) && m1 = x[j] && si1 = s[j] then true else false,
                            Ocorrupt() := let corrupt: bitstring = mark in r
                            ),
       !N4 Ocheck2(m: bitstring, y: G, si: signature) :=
              find k <= N3 suchthat defined(r[k],corrupt[k]) && y = exp(g,r[k]) then ver'(y,si,m) else
              find j <= N2, k <= N3 suchthat defined(x[j,k],s[j,k],r[k]) && y = exp(g,r[k]) && m = x[j,k] && si = s[j,k] then true else
              find k <= N3 suchthat defined(r[k]) && y = exp(g,r[k]) then false else
              ver(y,si,m).

}

(* PRF MAC truncated to 3 different lengths: 32, 64, 128 bits *)

define SUF_CMA_MAC_3lengths(t_MAClen, MAClen32, MAClen64, MAClen128,
       mac_key, sessionMAC, PPRF) {

fun sessionMAC(t_MAClen, mac_key, bitstring): bitstring.

(* sessionMAC is SUF-CMA for each of the 3 lengths *)

fun sessionMAC2(t_MAClen, mac_key, bitstring): bitstring.
param N, N2, N3.
type mac_32bits [fixed].
type mac_64bits [fixed].
type mac_128bits [fixed].

equiv suf_cma_truncated32_mac
      ! N3 new k: mac_key;(
	 !N Omac(x: bitstring) := sessionMAC(MAClen32, k, x),
	 !N2 Ocheck(m: bitstring, ma: bitstring) := ma = sessionMAC(MAClen32, k, m))
     <=(N3 * (4*N2/|mac_32bits| + 2*PPRF(time + (N3-1)*(N+N2)*time(sessionMAC,maxlength(x)), N + N2, max(maxlength(x), maxlength(m)), 0, 0)))=> [computational]
      ! N3 new k: mac_key [unchanged];(
	 !N Omac(x: bitstring) := sessionMAC2(MAClen32, k, x),
	 !N2 Ocheck(m: bitstring, ma: bitstring) := 
	    find j <= N suchthat defined(x[j]) && (m = x[j]) && ma = sessionMAC2(MAClen32, k, m) then true else false).

equiv suf_cma_truncated64_mac
      ! N3 new k: mac_key;(
	 !N Omac(x: bitstring) := sessionMAC(MAClen64, k, x),
	 !N2 Ocheck(m: bitstring, ma: bitstring) := ma = sessionMAC(MAClen64, k, m))
     <=(N3 * (4*N2/|mac_64bits| + 2*PPRF(time + (N3-1)*(N+N2)*time(sessionMAC,maxlength(x)), N + N2, max(maxlength(x), maxlength(m)), 0, 0)))=> [computational]
      ! N3 new k: mac_key [unchanged];(
	 !N Omac(x: bitstring) := sessionMAC2(MAClen64, k, x),
	 !N2 Ocheck(m: bitstring, ma: bitstring) := 
	    find j <= N suchthat defined(x[j]) && (m = x[j]) && ma = sessionMAC2(MAClen64, k, m) then true else false).

equiv suf_cma_truncated128_mac
      ! N3 new k: mac_key;(
	 !N Omac(x: bitstring) := sessionMAC(MAClen128, k, x),
	 !N2 Ocheck(m: bitstring, ma: bitstring) := ma = sessionMAC(MAClen128, k, m))
     <=(N3 * (4*N2/|mac_128bits| + 2*PPRF(time + (N3-1)*(N+N2)*time(sessionMAC,maxlength(x)), N + N2, max(maxlength(x), maxlength(m)), 0, 0)))=> [computational]
      ! N3 new k: mac_key [unchanged];(
	 !N Omac(x: bitstring) := sessionMAC2(MAClen128, k, x),
	 !N2 Ocheck(m: bitstring, ma: bitstring) := 
	    find j <= N suchthat defined(x[j]) && (m = x[j]) && ma = sessionMAC2(MAClen128, k, m) then true else false).

}

(* Encryption 
   First, version without security assumption, sufficient for authentication and key secrecy *)

define encryption_IV_no_hyp(enc_key, t_IVdata, E', D') {

fun E'(enc_key, t_IVdata, bitstring): bitstring.
fun D'(enc_key, t_IVdata, bitstring): bitstring.

forall k: enc_key, IVdata: t_IVdata, msg: bitstring;
      D'(k, IVdata, E'(k, IVdata, msg)) = msg.

}

(* Second, version with IND-CPA assumtion, provided IVdata is distinct
   for each encryption. For secrecy of messages. *)

define encryption_IV_IND_CPA(enc_key, t_IVdata, E', D', Zero, Penc) {

expand encryption_IV_no_hyp(enc_key, t_IVdata, E', D').

(* encryption is IND-CPA provided IVdata is distinct
   for each encryption *)

(* Zero(x) is a bitstring of the same length as x, containing only zeroes *)
fun Zero(bitstring): bitstring.

fun E''(enc_key, t_IVdata, bitstring): bitstring.

event repeated_IVdata.
param N, N2.

equiv 
      !N2 new k: enc_key; !N Oenc(IVdata: t_IVdata, msg: bitstring) := E'(k, IVdata, msg)
<=(N2 * Penc(time + (N2-1)*(N*time(E', maxlength(msg)) + N*time(Zero, maxlength(msg))), N, maxlength(msg)))=>
      !N2 new k: enc_key; !N Oenc(IVdata: t_IVdata, msg: bitstring) := 
      	      	 	         find i <= N suchthat defined(IVdata[i],r[i]) && IVdata = IVdata[i] then
				     event_abort repeated_IVdata
				 else
				     let r: bitstring = E''(k, IVdata, Zero(msg)) in
				     r.

}

(* MAC is HMAC_SHA256, it is SUF-CMA and collision-resistant;
   KDF256, KDF128 are PRFs, even when they share the same key as the MAC *)

define MAC_KDF(mac_key, enc_key, t_SHA256_out, t_id, MAC, KDF256, KDF128, PPRF) {

fun MAC(mac_key, bitstring): t_SHA256_out.
fun KDF256(mac_key, t_SHA256_out, t_id, t_id): mac_key.
fun KDF128(mac_key, t_SHA256_out, t_id, t_id): enc_key.

(* MAC is HMAC_SHA256, it is SUF-CMA;
   KDF256, KDF128 are PRFs, even when they share the same key as the MAC *)

param N, qMAC, qVer, qKDF256, qKDF128, qColl.
fun MAC2(mac_key, bitstring): t_SHA256_out.

equiv
	! N new k: mac_key;
	(! qMAC O_mac(m: bitstring) := MAC(k, m),
	 ! qVer O_Ver(mv: bitstring, mac: t_SHA256_out) := mac = MAC(k, mv),
	 ! qKDF256 O_KDF256(X2: t_SHA256_out, U2: t_id, V2: t_id) := KDF256(k, X2, U2, V2),
	 ! qKDF128 O_KDF128(X3: t_SHA256_out, U3: t_id, V3: t_id) := KDF128(k, X3, U3, V3))
<=(N * (4 * qVer / |t_SHA256_out| + 
        2 * PPRF(time + (N-1)*((qMAC + qVer) * time(MAC, max(maxlength(m), maxlength(mv))) + qKDF256 * time(KDF256) + qKDF128 * time(KDF128)), qMAC + qVer, max(maxlength(m), maxlength(mv)), qKDF256, qKDF128)))=>
	! N new k: mac_key;
	(! qMAC O_mac(m: bitstring) := MAC2(k, m),
	 ! qVer O_Ver(mv: bitstring, mac: t_SHA256_out) := 
	    find j <= qMAC suchthat defined(m[j]) && mv = m[j] && mac = MAC2(k, mv) then
    	    	true
            else
		false,
         ! qKDF256 O_KDF256(X2: t_SHA256_out, U2: t_id, V2: t_id) := 
	    find[unique] j2 <= qKDF256 suchthat defined(X2[j2], U2[j2], V2[j2], r2[j2]) && X2 = X2[j2] && U2 = U2[j2] && V2 = V2[j2] then
                r2[j2]
            else
	        new r2: mac_key;
		r2,
	 ! qKDF128 O_KDF128(X3: t_SHA256_out, U3: t_id, V3: t_id) := 
            find[unique] j3 <= qKDF128 suchthat defined(X3[j3], U3[j3], V3[j3], r3[j3]) && X3 = X3[j3] && U3 = U3[j3] && V3 = V3[j3] then
                r3[j3]
            else
		new r3: enc_key;
		r3).

(* MAC is HMAC_SHA256, it is collision resistant *)

fun MAC2collision(mac_key, bitstring, bitstring): bool.

(* This equality allows simplification to automatically transform
   x = y into MAC2collision(k,m1,m2) when x = MAC2(k,m1) and y = MAC2(k,m2).
   Without this equality, the transformation of x = y into MAC2(k, m1)
   = MAC2(k, m2) is not automatically done by the cryptographic
   transformation because x = y can (apparently) be discharged without
   doing anything since it does not contain k. *)
forall k: mac_key, m1: bitstring, m2: bitstring;
       (MAC2(k, m1) = MAC2(k, m2)) = MAC2collision(k,m1,m2).

equiv
	! N new k: mac_key;
	(! qMAC O_mac(m: bitstring) := MAC2(k, m),
	 ! qColl O_coll(m1: bitstring, m2: bitstring) [useful_change] := (MAC2collision(k, m1, m2)))
<=(N * ((12 * qColl + 4 * qColl * qColl * N + 4 * qColl * N * qMAC + qMAC * qMAC * N) / |t_SHA256_out| + 
        2 * PPRF(time + (N-1) * (qMAC + 2 * qColl) * time(MAC, max(maxlength(m), maxlength(m2), maxlength(m1))),
	         qMAC + 2 * qColl, max(maxlength(m), maxlength(m2), maxlength(m1)), 0, 0)))=>
	! N new k: mac_key;
	(! qMAC O_mac(m: bitstring) := MAC2(k, m),
	 ! qColl O_coll(m1: bitstring, m2: bitstring) := (m1 = m2)).
	
}

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/personal/bblanche/arinc823/gen.html version [f5313f4436].



































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/bin/sh

##Please update to correspond to the location of ProVerif/CryptoVerif on your computer
TIMER=$HOME/xtime
PROVERIF=$HOME/proverif1.96/proverif
CRYPTOVERIF="$HOME/cryptoverif1.26/cryptoverif -lib ../../arinc823"

if [ -x $TIMER ]
then
    PROG=$TIMER
else
    PROG=
fi

## Build the library of primitives for CryptoVerif

cat $HOME/dev/cryptoverif/default.cvl arinc823prim.cvl > arinc823.cvl

## Analysis of the shared-key protocol, in ProVerif

cd sharedkey/symbolic

(
for prop in AUTHENTICATION SECRECY KEY_SECRECY UKS   
do

for enc in ENC_SUPPORTED ENC_NOTSUPPORTED
do

for speed in FAST #SLOW
do
echo PROTOCOL shared-key PV $prop.$enc.$speed

m4 -D$prop -D$enc -D$speed arinc823-secret-key.m4.pv > arinc823-secret-key.$prop.$enc.$speed.pv
$PROG $PROVERIF arinc823-secret-key.$prop.$enc.$speed.pv > arinc823-secret-key.$prop.$enc.$speed.result
egrep '(RESULT|goal reachable)' arinc823-secret-key.$prop.$enc.$speed.result
grep system arinc823-secret-key.$prop.$enc.$speed.result | grep user

done
done
done

) | tee results

## Analysis of the shared-key protocol, in CryptoVerif

cd ../computational

(
for prop in SECRECY AUTHENTICATION UKS KEY_SECRECY 
do

for prot in ORIGINAL SINGLE_TU REPLAY_PROT
do

echo PROTOCOL shared-key CV $prop.$prot

file=arinc823-secret-key.$prop.$prot
m4 -D$prop -D$prot arinc823-secret-key.$prop.m4.cv > $file.cv
$PROG $CRYPTOVERIF $file.cv > $file.result < /dev/null
egrep '(RESULT Could|All queries proved)' $file.result
grep system $file.result | grep user

done
done
) | tee results

## Analysis of the public-key protocol, in ProVerif

cd ../../publickey/symbolic

# The arguments of analyze are
# $1 = property
# $2 = compromise status
# $3 = encryption or not
# $4 = fast (without encode(encode_OFF, x) = x and compress(comp_OFF, x) = x) or slow (with it)

function analyze()
{
echo PROTOCOL public-key PV $1.$2.$3.$4

file=arinc823-public-key.$1.$2.$3.$4

m4 -D$1 -D$2 -D$3 -D$4 arinc823-public-key.m4.pv > $file.pv
$PROG $PROVERIF $file.pv > $file.result
egrep '(RESULT|goal reachable)' $file.result
grep system $file.result | grep user
}

(
for prop in SECRECY AUTHENTICATION KEY_SECRECY
do
for enc in ENC_SUPPORTED ENC_NOTSUPPORTED
do
for speed in FAST #SLOW
do
analyze $prop NO_COMPROMISE $enc $speed
done
done
done

analyze SECRECY PFS ENC_SUPPORTED FAST
analyze KEY_SECRECY PFS ENC_SUPPORTED FAST
analyze AUTHENTICATION COMPROMISE_U ENC_SUPPORTED FAST
analyze AUTHENTICATION COMPROMISE_V ENC_SUPPORTED FAST

) | tee results

## Analysis of the public-key protocol, in CryptoVerif

cd ../computational

function analyzecv()
{
echo PROTOCOL public-key CV $1

$PROG $CRYPTOVERIF arinc823-public-key.$1.cv > arinc823-public-key.$1.result < /dev/null
egrep '(RESULT Could|All queries proved)' arinc823-public-key.$1.result
grep system arinc823-public-key.$1.result | grep user
}

(
# Analyze the original protocol

for i in NOREPLAY_PROT REPLAY_PROT
do

    for j in SECRECY AUTHENTICATION KEY_SECRECY
    do
    
	m4 -D$i arinc823-public-key.$j.m4.cv > arinc823-public-key.$j.$i.cv
	analyzecv $j.$i

    done

done

# Analyze the fixed protocol

for j in REPLAY_PROT #NOREPLAY_PROT 
do

m4 -D$j arinc823-public-key.fixed.KEY_SECRECY.m4.cv > arinc823-public-key.fixed.KEY_SECRECY.$j.cv
analyzecv fixed.KEY_SECRECY.$j

m4 -D$j arinc823-public-key.fixed.SECRECY.m4.cv > arinc823-public-key.fixed.SECRECY.$j.cv
analyzecv fixed.SECRECY.$j

for k in COMPROMISE_U COMPROMISE_V NO_COMPROMISE
do 

m4 -D$j -D$k arinc823-public-key.fixed.AUTHENTICATION.m4.cv > arinc823-public-key.fixed.AUTHENTICATION.$k.$j.cv
analyzecv  fixed.AUTHENTICATION.$k.$j

done
done

) | tee results

## Build the full summary

cd ../..

(
echo SHARED KEY PROTOCOL
echo
egrep '(PROTOCOL|RESULT|system)' sharedkey/symbolic/results
echo
egrep '(PROTOCOL|RESULT Could|All queries proved|system)' sharedkey/computational/results
echo
echo PUBLIC KEY PROTOCOL
echo
egrep '(PROTOCOL|RESULT|system)' publickey/symbolic/results
echo
egrep '(PROTOCOL|RESULT Could|All queries proved|system)' publickey/computational/results
 
) | tee results

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/personal/bblanche/arinc823/publickey/computational/arinc823-public-key.AUTHENTICATION.m4.cv.html version [b7a3454b55].



















































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
(* ARINC 823 
AMS protocol using private/public keys
described in Attachment 7 of the ARINC specification 823 Part I. 
CryptoVerif model.

In case replay protection is added for the Init_REQ and Init_IND 
messages, try to prove injective correspondences. *)

(**** Proof indications ****)

set autoMove = false.
    (* Do not move "let received_count_table_960" under "event recv_MsgU".
       That would prevent proving the injective correspondence recv_msgU ==> send_msgV *)

proof {
      (* Apply UF-CMA assumption on signatures used for
      	 certificates *)
      crypto uf_cma(signcert) seedCA;
      (* Apply random oracle assumption on KDF256 and KDF128.
      	 After these transformations, the games compare
	 the arguments of key generation functions with arguments
	 in previous calls to these functions.
	 Hence there are comparisons between values of Z_UV1, Z_UV2,
	 and values coming from the adversary. *)
      crypto rom(KDF256_128);
      (* Replace occurrences of Z_UV1 and Z_UV2 with their values.
      	 This step makes comparisons m = exp(g, dU.dV) and other comparisons
	 with exponentials appear. *)
      remove_assign binder Z_UV1;
      remove_assign binder Z_UV2;
      (* Use the Gap Diffie-Hellman assumption. 
      	 This step eliminates cases in which the comparisons m = exp(g, dU.dV)
	 fail. *)
      crypto gdh(exp) dU dV;
      (* Apply (S)UF-CMA assumption on signatures under dU and dV.
      	 This step must be applied after the Gap Diffie-Hellman assumption
	 because of the way the joint security assumption on DH
	 and signatures is written. *)
ifdef(`REPLAY_PROT',`
      crypto suf_cma(sign) dV;
      crypto suf_cma(sign) dU;
',`
      crypto uf_cma(sign) dV;
      crypto uf_cma(sign) dU;
      out_game "g1.out";
      out_game "g1occ.out" occ;
      (* This "find" is inserted just before a similar "find" that
      	 verifies that the signature is correct, while this "find" 
	 verifies that the signature is the one sent by the aircraft.
	 This is useful because we assume only UF-CMA signatures
	 and not SUF-CMA signatures. There are three branches because
	 of the three possible MAC lengths. *)
      insert 14869 "find jx1 <= Naircraft suchthat defined(@29_s_1611[jx1], ams_id_647[jx1], encode_alg_637[jx1], sid_633[jx1], encoded_payload_646[jx1], MAClen_630[jx1], enc_algo_631[jx1], tU_632[jx1]) && (tU_727 = tU_632[jx1]) && (enc_algo_744 = enc_algo_631[jx1]) && (MAClen_745 = MAClen_630[jx1]) && (encoded_payload_729 = encoded_payload_646[jx1]) && (compression_732 = comp_OFF) && (sid_733 = sid_633[jx1]) && (encode_alg_734 = encode_alg_637[jx1]) && (R1_735 = false) && (ams_id_731 = ams_id_647[jx1]) && (@29_s_1611[jx1] = sU_725) then
                    orfind jx2 <= Naircraft suchthat defined(@29_s_1618[jx2], ams_id_647[jx2], encode_alg_637[jx2], sid_633[jx2], encoded_payload_646[jx2], MAClen_630[jx2], enc_algo_631[jx2], tU_632[jx2]) && (tU_727 = tU_632[jx2]) && (enc_algo_744 = enc_algo_631[jx2]) && (MAClen_745 = MAClen_630[jx2]) && (encoded_payload_729 = encoded_payload_646[jx2]) && (compression_732 = comp_OFF) && (sid_733 = sid_633[jx2]) && (encode_alg_734 = encode_alg_637[jx2]) && (R1_735 = false) && (ams_id_731 = ams_id_647[jx2]) && (@29_s_1618[jx2] = sU_725) then
                    orfind jx3 <= Naircraft suchthat defined(@29_s_1625[jx3], ams_id_647[jx3], encode_alg_637[jx3], sid_633[jx3], encoded_payload_646[jx3], MAClen_630[jx3], enc_algo_631[jx3], tU_632[jx3]) && (tU_727 = tU_632[jx3]) && (enc_algo_744 = enc_algo_631[jx3]) && (MAClen_745 = MAClen_630[jx3]) && (encoded_payload_729 = encoded_payload_646[jx3]) && (compression_732 = comp_OFF) && (sid_733 = sid_633[jx3]) && (encode_alg_734 = encode_alg_637[jx3]) && (R1_735 = false) && (ams_id_731 = ams_id_647[jx3]) && (@29_s_1625[jx3] = sU_725) then";
      (* @35_r_1115 is the mac_enc_key chosen after this find *)
      SArename "@35_r_1115";
')
      (* Use the automatic proof strategy.
      	 This step applies the security assumptions on
	 the MAC and encryption *)
      auto
}

(**** Declarations of types, constants, and function symbols ****)

(* Type for session ids, used internally in the model to distinguish
   each session of the protocol. *)

type session_ids [large, fixed].

(* Type of 32 bits numbers *)

type t_Rand32 [large, fixed]. 

(* Ids 
U = aircraft
V = ground entity *)

type t_id [fixed]. (* 8 bytes = 64 bits entity type, AMS_EntityType *)
const U, V: t_id.

(* AMS Message elements *)

type t_AMS_elem.
type t_software_part_number.
type t_policy_id.
type t_algo_bits [fixed].

fun buildAMS10_s_init_info(t_software_part_number, t_policy_id, t_id, t_id): t_AMS_elem [compos].
fun buildAMS40_entity_id(t_id, t_id): t_AMS_elem [compos].
fun buildAMS41_comp_algo_id(t_algo_bits): t_AMS_elem [compos].
fun buildAMS42_comp_algo_sel(t_algo_bits): t_AMS_elem [compos].
    (* The first bit is 1 when DMC level 0 is supported.
       The second bit is 1 when DMC level 1 is supported.
       The third bit is 1 when DEFLATE is supported.
       We ignore algorithms reserved for future use. *)

fun payload_with_1_element(t_AMS_elem): bitstring [compos].
fun concat_AMS_element(t_AMS_elem, bitstring): bitstring [compos].

(* Encoding algorithms *)

type t_encode_algo [fixed]. (* 2 bits *)

const encode_OFF, encode_B64, encode_B64PAD, encode_B128: t_encode_algo.

fun encode(t_encode_algo, bitstring): bitstring.
fun decode(t_encode_algo, bitstring): bitstring.

forall encode_algo: t_encode_algo, payload:bitstring; 
      decode(encode_algo, encode(encode_algo, payload)) = payload.

(* encode is injective *)
forall encode_algo: t_encode_algo, payload1:bitstring, payload2:bitstring; 
      (encode(encode_algo, payload1) = encode(encode_algo, payload2)) = (payload1 = payload2).

(* Compression *)

type t_comp_algo [fixed]. (* 4 bits, Value of the CompMode field *)

const comp_OFF, comp_DMC0, comp_DMC1, comp_DEFLATE: t_comp_algo.

fun compress(t_comp_algo, bitstring): bitstring.
fun decompress(t_comp_algo, bitstring): bitstring.

forall comp_algo: t_comp_algo, payload:bitstring; 
      decompress(comp_algo, compress(comp_algo, payload)) = payload.

fun bool_and(t_algo_bits, t_algo_bits): t_algo_bits.
fun select_common_compression(t_AMS_elem, t_comp_algo): t_comp_algo.

(* Algorithms *)

type t_AMS_AlgID [bounded]. (* 16 bits *)
type t_MAClen [bounded]. (* 4 bits *)
type t_AuthAlgo [bounded]. (* 4 bits *)
type t_EncAlgo [bounded]. (* 8 bits *)

fun algo(t_MAClen, t_AuthAlgo, t_EncAlgo): t_AMS_AlgID [compos].

const MAClen32, MAClen64, MAClen128: t_MAClen.
const HMAC_SHA256: t_AuthAlgo.
const NULL_enc, AES128_CFB128: t_EncAlgo.

fun get_common_enc_algo(t_EncAlgo): t_EncAlgo.
(* The protocol satisfies authentication independently of the definition of this function.
   letfun get_common_enc_algo(enc_algo: t_EncAlgo) = 
      if enc_algo = AES128_CFB128 then AES128_CFB128 else NULL_enc. *)

(* Policy types *)

type t_AMS_Policy [fixed]. (* 2 bits *)

const NONE, SIGN, AUTH, BOTH: t_AMS_Policy.

fun get_policy(t_policy_id, bitstring): t_AMS_Policy.
     (* The definition of the policy is left implicit in this model.
     	get_policy(policy_id, msg) is supposed to 
	determine the expected policy to apply to the message msg 
	from the message msg itself and the policy identifier policy_id. *)

fun get_protect_mode(t_AMS_Policy, t_EncAlgo): t_AMS_Policy.
(* The protocol satisfies authentication independently of the definition of this function.
   letfun get_protect_mode(policy: t_AMS_Policy, enc_algo: t_EncAlgo) =
       if enc_algo = NULL_enc && policy = BOTH then AUTH else policy.

   If the security policy specifies the BOTH protection mode
   and the selected encryption is NULL, then ProtectMode is set to AUTH.
   In all other cases, ProtectMode is the protection mode
   specified in the security policy. *)

(* Protocol ids *)

type t_AMS_PID [bounded]. (* 1 byte, "1" or "2" *)

const ams_pid1 (* public-key protocol *), ams_pid2 (* shared-key protocol *): t_AMS_PID.

(* Commands *)

type t_Cmd [fixed]. (* 4 bits *)

const Data_IND, Info_IND, DataCnf_IND, Release_REQ, Release_RSP_Minus, 
      Release_RSP_Plus, Init_IND, Init_REQ, Init_RSP_Minus, Init_RSP_Plus,
      Abort_IND: t_Cmd.

fun ok_tunnel(t_Cmd): bool.
forall; ok_tunnel(Init_IND) = false.
forall; ok_tunnel(Init_REQ) = false.
forall; ok_tunnel(Init_RSP_Minus) = false.
forall; ok_tunnel(Init_RSP_Plus) = false.

(* Counter *)

type t_Count [fixed].

const Count1: t_Count.
const Count_unspecified: t_Count. 
      (* Used as a dummy value to fill the count argument
      	 of event recv_msg when the message is sent unprotected. *)

(* MAC *)

type mac_key [large, fixed].

proba PPRF. 
      (* PPRF(t, qMAC, l, qKDF256, qKDF128) is the probability of 
         distinguishing MAC, KDF256, and KDF128 from independent pseudo-random
	 functions in time t, with qMAC, qKDF256, qKDF128 queries to
	 MAC, KDF256, and KDF128 respectively, with MAC queries of length
	 at most l. *)

(* sessionMAC is SUF-CMA for each of the 3 lengths *)

expand SUF_CMA_MAC_3lengths(t_MAClen, MAClen32, MAClen64, MAClen128,
       mac_key, sessionMAC, PPRF).

(* Encryption *)

type enc_key [large, fixed]. (* 128 bits *)
type t_IVdata [fixed].

type byte [fixed]. (* 1 byte = 8 bits *)
const CstDN: byte. (* 0x00 *)
const CstUP: byte. (* 0x01 *)
fun buildIVdata(byte, t_Count): t_IVdata [compos].

expand encryption_IV_no_hyp(enc_key, t_IVdata, E', D').

(* encryption is IND-CPA provided IVdata is distinct
   for each encryption --- This property is needed only for
   secrecy. *)

(* Elliptic curve Diffie-Hellman and UF-CMA or SUF-CMA signatures,
   with collision resistance property. *)

type Z [bounded, large].
type G [bounded, large].
proba pGDH.
type seed [fixed, large].
type signature [bounded].
proba Psign.
proba Psigncoll.

ifdef(`REPLAY_PROT', `
expand joint_GDH_SUFCMA_collresistance(G, Z, g, exp, mult, pGDH,
  signature, seed, sign, ver, Psign, Psigncoll).', `
expand joint_GDH_UFCMA_collresistance(G, Z, g, exp, mult, pGDH,
  signature, seed, sign, ver, Psign, Psigncoll).')

(* Hash function HASH is collision resistant *)

type t_SHA256_out [large, fixed]. (* 256 bits, output of SHA256 *)

type hash_key [large,fixed].
proba Phash.
expand CollisionResistant_hash(hash_key, bitstring, t_SHA256_out, HASH, Phash).

type t_AMS_Appendix.
fun concat_hash(t_AMS_Appendix, t_Rand32): bitstring [compos].

(* the concatenation of KDF256 and KDF128 is a random oracle *)
type hash_key1 [large,fixed].
type mac_enc_key [large,fixed].
expand ROM_hash_quad(hash_key1, G, t_SHA256_out, t_id, t_id, mac_enc_key, KDF256_128).
param qH [noninteractive].
channel c1h, c2h.
let KDF256_128_oracle = ! qH in(c1h, (x1:G, x2:t_SHA256_out, x3:t_id, x4:t_id)); out(c2h, KDF256_128(hk1,x1,x2,x3,x4)).

(* Generating a single random key of type mac_enc_key and splitting it into
   a MAC key and an encryption key is equivalent to generating a
   random MAC key and a random encryption key.
   We need to apply this equivalence even if the key of type mac_enc_key
   is also used as a whole, for proving absence of UKS attacks. *)

fun get_kmac(mac_enc_key): mac_key.
fun get_kenc(mac_enc_key): enc_key.
fun concat_mac_enc_key(mac_key, enc_key): mac_enc_key [compos].

param N.

equiv eq_mac_enc_key
      !N new r: mac_enc_key; (O1() [useful_change] := get_kmac(r),
      	    	              O2() [useful_change] := get_kenc(r),
			      O3() := r)
    <=(0)=>
      !N new r1: mac_key; new r2: enc_key;
         (O1() := r1,
      	  O2() := r2,
	  O3() := concat_mac_enc_key(r1,r2)).

(* Certificates *)

proba Psigncert.
proba Psigncollcert.

type keyseed [large,fixed].
type pkey [large,bounded].
type skey [large,bounded].

expand UF_CMA_signature(keyseed, pkey, skey, bitstring, signature, seed, skgen, pkgen, signcert, checkcert, Psigncert, Psigncollcert).

letfun cert(Ux: t_id, Q: G, sCA: skey) = new r: seed; (Ux, Q, signcert((Ux, Q), sCA, r)).
letfun vercert(certif: bitstring, pkCA: pkey) = 
       let (Ux: t_id, Q:G, s: signature) = certif in
       if checkcert((Ux, Q), pkCA, s) then (true, Ux, Q) else (false, Ux, Q)
       else (false, certif).

(* Time *)

type t_AMS_Time [fixed].

fun check_time(t_AMS_Time, t_AMS_Time): bool.
     (* check_time(tU, tV) is supposed to check that 
     	tV - 60 seconds <= tU <= tV + 120 seconds. *)

(* Supplementary address type *)

type t_AMS_SuppAddr.

(* Session identifiers *)

type t_SID [fixed]. (* 3 bits *)
const SID0, SID1, SID2, SID3, SID4, SID5: t_SID.

(* Building AMS messages *)

type t_AMS_IMI. (* empty or "PM1." *)
type t_AMS_ID.

(* t_AMS_SuppAddr has variable length, but starts with / and ends with .
   so it can be distinguished from the PID, and its length can be determined. *)
fun buildAMS_id1(t_AMS_SuppAddr, t_AMS_IMI, t_AMS_PID): t_AMS_ID [compos].
fun buildAMS_id2(t_AMS_PID): t_AMS_ID [compos].

type t_AMS_Header. (* 2 bytes = 16 bits *)

fun buildAMS_Header(bool (*R1 parameter, ignored*), t_AMS_Policy, t_encode_algo, t_SID, t_comp_algo, t_Cmd): t_AMS_Header [compos].

fun buildAMS_msg_prefix1(t_AMS_ID, t_AMS_Header, bitstring): bitstring [compos].
fun buildAMS_msg_prefix_Init(bitstring, t_AMS_AlgID, t_AMS_Time): bitstring [compos].
fun buildAMS_msg_prefix_RSP(bitstring, t_AMS_AlgID, t_AMS_Time, t_Rand32, t_Count): bitstring [compos].
fun buildAMS_msg_prefix_TBP_RSP(bitstring, t_AMS_AlgID, t_AMS_Time, t_Rand32, t_Count, t_AMS_Appendix): bitstring [compos].
fun buildAMS_msg_prefix_Rest(bitstring, t_Count): bitstring [compos].

fun buildMAC_arg(t_id, t_id, bitstring): bitstring [compos].
fun build_msg_Init(bitstring, signature): bitstring [compos].
fun buildAMS_appendix_Init(t_AMS_AlgID, t_AMS_Time, signature): t_AMS_Appendix [compos].
fun concat(bitstring, bitstring): bitstring. (* concatenation; it is NOT compos, because the
    		      		  	     	lengths of the two concatenated bitstrings is not known. *)
fun split_message(t_MAClen, bitstring): bitstring.
    			    		(* split_message(l, m) returns a pair (m1, m2) such that
					   m is the concatenation of m1 and m2, and m2 has length l.
					   In this protocol, m2 is the MAC, m1 is the rest of the message. *)

(* Tables of message counters
   We simulate a distinct table for each session by
   adding a unique session identifier as first argument. *)

table received_count_table(session_ids, t_Count).
table sent_count_table(session_ids, t_Count).

(* Tables for replay protection for Init_IND and Init_REQ messages *)

table received_Init_IND_table(t_id, t_AMS_Time, signature).
table received_Init_REQ_table(t_id, t_AMS_Time, signature).

(**** Security properties ****)

(* Authenticity of the payload messages, when the policy is not NONE *)

event send_msgU(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).
event send_msgV(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).
event recv_msgU(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).
event recv_msgV(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).

query tU: t_AMS_Time, sU: signature, randV: t_Rand32, policy_id: t_policy_id, policy: t_AMS_Policy, 
      enc: t_EncAlgo, count: t_Count, msg: bitstring;
      event inj:recv_msgU(U, V, tU, sU, randV, policy_id, policy, enc, count, msg) ==>
      policy = get_policy(policy_id, msg) && 
      (inj:send_msgV(V, U, tU, sU, randV, policy_id, policy, enc, count, msg) || policy = NONE).

query tU: t_AMS_Time, sU: signature, randV: t_Rand32, policy_id: t_policy_id, policy: t_AMS_Policy, 
      enc: t_EncAlgo, count: t_Count, msg: bitstring;
      event inj:recv_msgV(V, U, tU, sU, randV, policy_id, policy, enc, count, msg) ==>
      policy = get_policy(policy_id, msg) && 
      (inj:send_msgU(U, V, tU, sU, randV, policy_id, policy, enc, count, msg) || policy = NONE).

(* Freshness of the AMS_Init_REQ message; 
   authentication of the aircraft to the ground entity *)

event send_Init_REQ(t_id, t_id, bitstring, signature, t_AMS_Time).
event recv_Init_REQ(t_id, t_id, bitstring, signature, t_AMS_Time, t_AMS_Time).

ifdef(`REPLAY_PROT',`
query x: bitstring, sU: signature, tU: t_AMS_Time, tV: t_AMS_Time;
      event inj:recv_Init_REQ(V, U, x, sU, tU, tV) ==>
      check_time(tU, tV) && inj:send_Init_REQ(U, V, x, sU, tU).
',`
query x: bitstring, sU: signature, sU2: signature, tU: t_AMS_Time, tV: t_AMS_Time;
      event recv_Init_REQ(V, U, x, sU, tU, tV) ==>
      check_time(tU, tV) && send_Init_REQ(U, V, x, sU2, tU).
')

(* Authentication of the ground entity to the aircraft *)

event send_Init_RSP(t_id, t_id, bitstring, bitstring, signature, t_Rand32, t_AMS_Time, t_AMS_Time, mac_key, enc_key).
event recv_Init_RSP(t_id, t_id, bitstring, bitstring, signature, t_Rand32, t_AMS_Time, mac_key, enc_key).
query x: bitstring, m: bitstring, sU: signature, RandV: t_Rand32, tU: t_AMS_Time, tV: t_AMS_Time, KMAC_UV: mac_key,
      KENC_UV: enc_key;
      event inj:recv_Init_RSP(U, V, x, m, sU, RandV, tU, KMAC_UV, KENC_UV) ==>
      check_time(tU, tV) && inj:send_Init_RSP(V, U, x, m, sU, RandV, tU, tV, KMAC_UV, KENC_UV).

(* NOTE: In the correspondence above and the one below, the Init_RSP message is split into
   two arguments: the message prefix (message without its MAC), x, and the MAC, m.
   This change facilitates the modeling in CryptoVerif because we 
   do not need to express that the concatenation of the prefix and 
   the MAC is injective once the length of the MAC is known. *)

(* Detection of bilateral UKS attacks *)

query Ux: t_id, Vx: t_id, x: bitstring, m: bitstring, sU: signature, RandV: t_Rand32, tU: t_AMS_Time, tV: t_AMS_Time, KMAC_UV: mac_key, KENC_UV: enc_key,
      Ux2: t_id, Vx2: t_id, x2: bitstring, m2: bitstring, sU2: signature, RandV2: t_Rand32, tU2: t_AMS_Time, KMAC_UV2: mac_key;
      event send_Init_RSP(Vx, Ux, x, m, sU, RandV, tU, tV, KMAC_UV, KENC_UV) &&
      	    recv_Init_RSP(Ux2, Vx2, x2, m2, sU2, RandV2, tU2, KMAC_UV2, KENC_UV) ==> Ux = Ux2 && Vx = Vx2.

query Ux: t_id, Vx: t_id, x: bitstring, m: bitstring, sU: signature, RandV: t_Rand32, tU: t_AMS_Time, tV: t_AMS_Time, KMAC_UV: mac_key, KENC_UV: enc_key,
      Ux2: t_id, Vx2: t_id, x2: bitstring, m2: bitstring, sU2: signature, RandV2: t_Rand32, tU2: t_AMS_Time, KENC_UV2: enc_key;
      event send_Init_RSP(Vx, Ux, x, m, sU, RandV, tU, tV, KMAC_UV, KENC_UV) &&
      	    recv_Init_RSP(Ux2, Vx2, x2, m2, sU2, RandV2, tU2, KMAC_UV, KENC_UV2) ==> Ux = Ux2 && Vx = Vx2.

(* Freshness of the AMS_Init_IND message (ground-initiated trigger);
   authentication of the ground entity to the aircraft *)

event send_Init_IND(t_id, t_id, bitstring, signature, t_AMS_Time).
event recv_Init_IND(t_id, t_id, bitstring, signature, t_AMS_Time, t_AMS_Time).

ifdef(`REPLAY_PROT',`
query x: bitstring, sV: signature, tV: t_AMS_Time, tU: t_AMS_Time;
      event inj:recv_Init_IND(U, V, x, sV, tV, tU) ==>
      check_time(tV, tU) && inj:send_Init_IND(V, U, x, sV, tV).
',`
query x: bitstring, sV: signature, sV2: signature, tV: t_AMS_Time, tU: t_AMS_Time;
      event recv_Init_IND(U, V, x, sV, tV, tU) ==>
      check_time(tV, tU) && send_Init_IND(V, U, x, sV2, tV).
')

(* Secrecy -- see arinc823-public-key.SECRECY.cv *)

(**** The protocol ****)

param Naircraft, Nground, Nground_init, Nground_init_react, Ncert_server, Nmessage.
channel c_gen1, c_gen2, c_aircraft0, c_aircraft0', c_aircraft1, c_aircraft2, c_aircraft3, c_aircraft4, 
	c_ground1, c_ground2, c_ground_initiated_trigger1, c_ground_initiated_trigger2,
	c_aircraft_react_ground_initiated_trigger1, c_aircraft_react_ground_initiated_trigger2,
	c_cert_server1, c_cert_server2,
	choicechannel, pub.

(* The process tunnel_protocol models the secure session data exchange
   (Attachment 7, Section 7.3) *)

let tunnel_protocolU =
(
    (* Sender side *)
    ! Nmessage
    in(choicechannel, (AMS_payload: bitstring, 
    		       encode_alg: t_encode_algo, comp_algo: t_comp_algo,
		       ams_dstaddr: t_AMS_SuppAddr, ams_imi: t_AMS_IMI, 
		       count: t_Count, cmd: t_Cmd));
		       (* cmd can be
		       	  - Data_IND / DataCnf_IND in case D04
			  - Info_IND in case X04
			  - Release_REQ in case R03 (Confirmed release)
			  - Release_RSP+ / Release_RSP- in case R12 (reply to a confirmed release request)
			  - Abort_IND in case A03 (Abort) *)
    if ok_tunnel(cmd) then
    (* We never send two messages with the same count, in the same session. *)
    get sent_count_table(=current_session_id, =count) in yield else
    let policy_req = get_policy(policy_id, AMS_payload) in
    event send_msgU(my_id, other_id, tU, sU, RandV, policy_id, policy_req, common_enc_algo, count, AMS_payload);
    (* D01 *)
    if policy_req = NONE then
       out(pub, AMS_payload)
    else
    (* D/X02 *)
    let encoded_payload = encode(encode_alg, AMS_payload) in
    let actual_comp_algo = select_common_compression(common_comp_algo_id, comp_algo) in
    let compressed_payload = compress(actual_comp_algo, encoded_payload) in
    insert sent_count_table(current_session_id, count);
    (* D/X03 *)
    let protect_mode = get_protect_mode(policy_req, common_enc_algo) in
    let encrypted_AMS_payload =
       if protect_mode = AUTH then
          compressed_payload
       else 
          E'(KENC_UV, buildIVdata(dir_send, count), compressed_payload)
    in
    (* D/X04 *)
    let ams_id = buildAMS_id1(ams_dstaddr, ams_imi, ams_pid) in
    let ams_header = buildAMS_Header(false, protect_mode, encode_alg, sid, actual_comp_algo, cmd) in
    let AMS_Data_IND_prefix = buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Rest(encrypted_AMS_payload, count)) in
    let TBP_AMS_Data_IND = buildMAC_arg(my_id, other_id, AMS_Data_IND_prefix) in
    let mac = sessionMAC(MAClen, KMAC_UV, TBP_AMS_Data_IND) in
    let AMS_Data_IND = concat(AMS_Data_IND_prefix, mac) in
    (* D/X05 *)
    out(pub, AMS_Data_IND)
)
|
(
    (* Receiver side *)
    ! Nmessage
    in(pub, (clear:bool, AMS_Data_IND: bitstring));
    	    (* clear is true when the received message is not AMS-protected.
	       This is determined using the ACARS label:
	       there are specific Px ACARS labels for AMS protected messages (cf p. 58) *)
    if clear then
    (
      (* Policy check not explicit in the description of the protocol p 135, but
         mentioned  p 29-30, and essential for security *)
      if get_policy(policy_id, AMS_Data_IND) = NONE then
      event recv_msgU(my_id, other_id, tU, sU, RandV, policy_id, NONE, common_enc_algo, Count_unspecified, AMS_Data_IND)
    )
    else
    (* D/X06 *)
    let (AMS_Data_IND_prefix: bitstring, mac: bitstring) = split_message(MAClen, AMS_Data_IND) in
    (* The MAC checking of step D/X08 is moved here to facilitate verification *)
    let TBP_AMS_Data_IND = buildMAC_arg(other_id, my_id, AMS_Data_IND_prefix) in
    if mac = sessionMAC(MAClen, KMAC_UV, TBP_AMS_Data_IND) then
    let buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Rest(encrypted_AMS_payload, MsgCount)) = AMS_Data_IND_prefix in
    let buildAMS_Header(R1, protect_mode, encode_alg, sid, compression, cmd) = ams_header in
    if ok_tunnel(cmd) then
    (* D/X07 *)
    (* D/X08 *)
    (* Check on the message count is slightly weaker than the check
       given in the specification: we just discard the message if a message
       with the same count has already been received in the same session. *)
    get received_count_table(=current_session_id, =MsgCount) in yield else
    insert received_count_table(current_session_id, MsgCount);
    (* Message accepted *)
    (* D/X09 *)
    let compressed_payload = 
    	if protect_mode = AUTH then
           encrypted_AMS_payload
        else
	   D'(KENC_UV, buildIVdata(dir_recv, MsgCount), encrypted_AMS_payload)
    in
    (* D/X10 *)
    let encoded_payload = decompress(compression, compressed_payload) in
    let AMS_payload = decode(encode_alg, encoded_payload) in
    (* Policy check not explicit in the description of the protocol p 137, but
       mentioned  p 29-30 *)
    let policy_req = get_policy(policy_id, AMS_payload) in
    if protect_mode = get_protect_mode(policy_req, common_enc_algo) then
    event recv_msgU(my_id, other_id, tU, sU, RandV, policy_id, policy_req, common_enc_algo, MsgCount, AMS_payload)
).

let tunnel_protocolV =
(
    (* Sender side *)
    ! Nmessage
    in(choicechannel, (AMS_payload: bitstring, 
    		       encode_alg: t_encode_algo, comp_algo: t_comp_algo,
		       ams_dstaddr: t_AMS_SuppAddr, ams_imi: t_AMS_IMI, 
		       count: t_Count, cmd: t_Cmd));
		       (* cmd can be
		       	  - Data_IND / DataCnf_IND in case D04
			  - Info_IND in case X04
			  - Release_REQ in case R03 (Confirmed release)
			  - Release_RSP+ / Release_RSP- in case R12 (reply to a confirmed release request)
			  - Abort_IND in case A03 (Abort) *)
    if ok_tunnel(cmd) then
    (* We never send two messages with the same count, in the same session. *)
    get sent_count_table(=current_session_id, =count) in yield else
    let policy_req = get_policy(policy_id, AMS_payload) in
    event send_msgV(my_id, other_id, tU, sU, RandV, policy_id, policy_req, common_enc_algo, count, AMS_payload);
    (* D01 *)
    if policy_req = NONE then
       out(pub, AMS_payload)
    else
    (* D/X02 *)
    let encoded_payload = encode(encode_alg, AMS_payload) in
    let actual_comp_algo = select_common_compression(common_comp_algo_id, comp_algo) in
    let compressed_payload = compress(actual_comp_algo, encoded_payload) in
    insert sent_count_table(current_session_id, count);
    (* D/X03 *)
    let protect_mode = get_protect_mode(policy_req, common_enc_algo) in
    let encrypted_AMS_payload =
       if protect_mode = AUTH then
          compressed_payload
       else 
          E'(KENC_UV, buildIVdata(dir_send, count), compressed_payload)
    in
    (* D/X04 *)
    let ams_id = buildAMS_id1(ams_dstaddr, ams_imi, ams_pid) in
    let ams_header = buildAMS_Header(false, protect_mode, encode_alg, sid, actual_comp_algo, cmd) in
    let AMS_Data_IND_prefix = buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Rest(encrypted_AMS_payload, count)) in
    let TBP_AMS_Data_IND = buildMAC_arg(my_id, other_id, AMS_Data_IND_prefix) in
    let mac = sessionMAC(MAClen, KMAC_UV, TBP_AMS_Data_IND) in
    let AMS_Data_IND = concat(AMS_Data_IND_prefix, mac) in
    (* D/X05 *)
    out(pub, AMS_Data_IND)
)
|
(
    (* Receiver side *)
    ! Nmessage
    in(pub, (clear:bool, AMS_Data_IND: bitstring));
    	    (* clear is true when the received message is not AMS-protected.
	       This is determined using the ACARS label:
	       there are specific Px ACARS labels for AMS protected messages (cf p. 58) *)
    if clear then
    (
      (* Policy check not explicit in the description of the protocol p 135, but
         mentioned  p 29-30, and essential for security *)
      if get_policy(policy_id, AMS_Data_IND) = NONE then
      event recv_msgV(my_id, other_id, tU, sU, RandV, policy_id, NONE, common_enc_algo, Count_unspecified, AMS_Data_IND)
    )
    else
    (* D/X06 *)
    let (AMS_Data_IND_prefix: bitstring, mac: bitstring) = split_message(MAClen, AMS_Data_IND) in
    (* The MAC checking of step D/X08 is moved here to facilitate verification *)
    let TBP_AMS_Data_IND = buildMAC_arg(other_id, my_id, AMS_Data_IND_prefix) in
    if mac = sessionMAC(MAClen, KMAC_UV, TBP_AMS_Data_IND) then
    let buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Rest(encrypted_AMS_payload, MsgCount)) = AMS_Data_IND_prefix in
    let buildAMS_Header(R1, protect_mode, encode_alg, sid, compression, cmd) = ams_header in
    if ok_tunnel(cmd) then
    (* D/X07 *)
    (* D/X08 *)
    (* Check on the message count is slightly weaker than the check
       given in the specification: we just discard the message if a message
       with the same count has already been received in the same session. *)
    get received_count_table(=current_session_id, =MsgCount) in yield else
    insert received_count_table(current_session_id, MsgCount);
    (* Message accepted *)
    (* D/X09 *)
    let compressed_payload = 
    	if protect_mode = AUTH then
           encrypted_AMS_payload
        else
	   D'(KENC_UV, buildIVdata(dir_recv, MsgCount), encrypted_AMS_payload)
    in
    (* D/X10 *)
    let encoded_payload = decompress(compression, compressed_payload) in
    let AMS_payload = decode(encode_alg, encoded_payload) in
    (* Policy check not explicit in the description of the protocol p 137, but
       mentioned  p 29-30 *)
    let policy_req = get_policy(policy_id, AMS_payload) in
    if protect_mode = get_protect_mode(policy_req, common_enc_algo) then
    event recv_msgV(my_id, other_id, tU, sU, RandV, policy_id, policy_req, common_enc_algo, MsgCount, AMS_payload)
).

(* Secure session initiation, aircraft-initiated (Attachement 7, Section 7.2.1) *)

let aircraft_fixed_MAClen =
    in(c_aircraft1, (Vx: t_id, software_part_number: t_software_part_number, policy_id: t_policy_id, 
    	      algo_bits: t_algo_bits, encode_alg: t_encode_algo, cert_or_query: t_AMS_elem,
	      ams_dstaddr: t_AMS_SuppAddr, ams_imi: t_AMS_IMI, sid: t_SID, 
	      tU: t_AMS_Time, enc_algo: t_EncAlgo (* either NULL_enc or AES128_CFB128, depending on whether the aircraft supports encryption *)));
    (* Choose a session id *)
    new current_session_id: session_ids;
    (* Message 1, N01 *)
    let s_init_info = buildAMS10_s_init_info(software_part_number, policy_id, U, Vx) in
    let comp_algo_id = buildAMS41_comp_algo_id(algo_bits) in 
    let ams_payload = concat_AMS_element(s_init_info, concat_AMS_element(comp_algo_id, payload_with_1_element(cert_or_query))) in
    let encoded_payload = encode(encode_alg, ams_payload) in
    (* N02 *)
    let ams_id = buildAMS_id1(ams_dstaddr, ams_imi, ams_pid1) in
    let ams_header = buildAMS_Header(false, SIGN, encode_alg, sid, comp_OFF, Init_REQ) in
    let alg_ID_U = algo(MAClen, HMAC_SHA256, enc_algo) in
    let AMS_Init_REQ_prefix = buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Init(encoded_payload, alg_ID_U, tU)) in
    let TBP_AMS_Init_REQ = buildMAC_arg(U, Vx, AMS_Init_REQ_prefix) in
    new r: seed;
    let sU = sign(dU, TBP_AMS_Init_REQ, r) in
    let AMS_Appendix = buildAMS_appendix_Init(alg_ID_U, tU, sU) in
    let AMS_Init_REQ = build_msg_Init(AMS_Init_REQ_prefix, sU) in
    (* N03 *)
    event send_Init_REQ(U, Vx, AMS_Init_REQ_prefix, sU, tU);
    out(c_aircraft2, AMS_Init_REQ);
    (* Message 2, N14 *)
    in(c_aircraft3, (AMS_Init_RSP: bitstring, certV: bitstring));
    let (AMS_Init_RSP_prefix: bitstring, mac2: bitstring) = split_message(MAClen, AMS_Init_RSP) in
    let buildAMS_msg_prefix1(ams_id2, ams_header2, buildAMS_msg_prefix_RSP(compressed_payload2, AlgSel, =tU, RandV, MsgCount)) = AMS_Init_RSP_prefix in
    let buildAMS_Header(R1, =AUTH, encode_alg2, sid2, compression2, cmd2) = ams_header2 in
    let encoded_payload2 = decompress(compression2, compressed_payload2) in
    let AMS_payload2 = decode(encode_alg2, encoded_payload2) in
    let concat_AMS_element(common_comp_algo_id, app_data2) = AMS_payload2 in
    (* N15 - certificate already obtained above *)
    (* N16 *)
    let (=true, =Vx, QV: G) = vercert(certV, pkCA) in
    (* N17 *)
    let Z_UV1 = exp(QV, dU) in
    let X_UV = HASH(hk, concat_hash(AMS_Appendix, RandV)) in
    (* N18 *)
    let algo(MAClen', =HMAC_SHA256, common_enc_algo) = AlgSel in
             (* We use the MAC length initially chosen by the aircraft,
	     	and ignore the MAC length included in AlgSel. *)             
    let KMAC_KENC_UV = KDF256_128(hk1, Z_UV1, X_UV, U, Vx) in
    let KMAC_UV = get_kmac(KMAC_KENC_UV) in
    (* N19 - This should be done only if the encryption is not NULL,
       but doing it anyway does not hurt. *)
    let KENC_UV = get_kenc(KMAC_KENC_UV) in
    (* N20 *)
    let TBP_AMS_Init_RSP = buildMAC_arg(Vx, U, buildAMS_msg_prefix1(ams_id2, ams_header2, buildAMS_msg_prefix_TBP_RSP(compressed_payload2, AlgSel, tU, RandV, MsgCount, AMS_Appendix))) in
    (* N21 *)
    if MsgCount = Count1 then
    if mac2 = sessionMAC(MAClen, KMAC_UV, TBP_AMS_Init_RSP) then
    if cmd2 = Init_RSP_Plus then
    event recv_Init_RSP(U, Vx, AMS_Init_RSP_prefix, mac2, sU, RandV, tU, KMAC_UV, KENC_UV);
    insert received_count_table(current_session_id, Count1);
    (* When the command is Init_RSP- instead of Init_RSP_Plus, 
       the aircraft entity executes an airline configurable unavailable action,
       which is ignored here. *)
    (* Message accepted, secure session established *)
    (* Parameters for the process tunnel_protocol *)
    let ams_pid = ams_pid1 in
    let dir_send = CstDN in
    let dir_recv = CstUP in
    let my_id = U in
    let other_id = Vx in
    out(c_aircraft4, ());
    tunnel_protocolU.
    (*tunnel_protocol(ams_pid1, common_comp_algo_id, policy_id,
      tU, sU, RandV, KMAC_UV, KENC_UV, MAClen, common_enc_algo, sid, CstDN, CstUP, U, Vx)*)

let aircraft = 
    (in(c_aircraft0, MAClen: t_MAClen); 
     if MAClen = MAClen32 || MAClen = MAClen64 || MAClen = MAClen128 then 
     out(c_aircraft0', ()); aircraft_fixed_MAClen). 

let ground = 
    in(c_ground1, (gd_algo_bits: t_algo_bits, tV: t_AMS_Time, 
            app_data: bitstring, encode_alg: t_encode_algo, comp_algo: t_comp_algo,
            AMS_Init_REQ: bitstring, certU: bitstring));
    (* Choose a session id *)
    new current_session_id: session_ids;
    (* Message 1, N04 *)
    let build_msg_Init(AMS_Init_REQ_prefix, sU: signature) = AMS_Init_REQ in
    let buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Init(encoded_payload, alg_ID_U, tU)) = AMS_Init_REQ_prefix in
    let buildAMS_Header(R1, =SIGN, encode_alg: t_encode_algo, sid: t_SID, compression: t_comp_algo, =Init_REQ) = ams_header in
    let ams_payload = decode(encode_alg, encoded_payload) in
    let concat_AMS_element(s_init_info, concat_AMS_element(comp_algo_id, payload_with_1_element(cert_or_query))) = ams_payload in
    let buildAMS10_s_init_info(software_part_number, policy_id, Ux, =V) = s_init_info in
    (* The signature checking of step N07 could be moved here to facilitate verification *)
    let AMS_Appendix = buildAMS_appendix_Init(alg_ID_U, tU, sU) in
    if check_time(tU, tV) then
    let algo(MAClen, =HMAC_SHA256, enc_algo) = alg_ID_U in
    let common_enc_algo = get_common_enc_algo(enc_algo) in
    let buildAMS41_comp_algo_id(algo_bits) = comp_algo_id in
    let gd_comp_algo_id = buildAMS41_comp_algo_id(gd_algo_bits) in
    let common_comp_algo_id = buildAMS42_comp_algo_sel(bool_and(algo_bits, gd_algo_bits)) in
    (* N05 - certificate already obtained above in certU *)
    (* N06 *)
    let (=true, =Ux, QU: G) = vercert(certU, pkCA) in
    (* N07 *)
    let TBP_AMS_Init_REQ = buildMAC_arg(Ux, V, AMS_Init_REQ_prefix) in
    if ver(QU, sU, TBP_AMS_Init_REQ) then
ifdef(`REPLAY_PROT',`
    (* Replay protection. This check is stronger than the one in the specification! *)
    get received_Init_REQ_table(=Ux, =tU, =sU) in yield else
    insert received_Init_REQ_table(Ux, tU, sU);
',`
    (* Uniqueness check of AMS_Appendix not modeled *)
')
    (* N08 - Message 1 accepted *)
    (* Termination of another session with the same peer aircraft not modeled *)
    let Z_UV2 = exp(QU, dV) in
    new RandV: t_Rand32;
    let X_UV = HASH(hk, concat_hash(AMS_Appendix, RandV)) in
    (* event recv_Init_REQ put after some variable definitions to help prove injectivity *)
    event recv_Init_REQ(V, Ux, AMS_Init_REQ_prefix, sU, tU, tV);
    (* N09 *)
    let KMAC_KENC_UV = KDF256_128(hk1, Z_UV2, X_UV, Ux, V) in
    let KMAC_UV = get_kmac(KMAC_KENC_UV) in
    (* N10 - This should be done only if the encryption is not NULL,
       but doing it anyway does not hurt. *)
    let KENC_UV = get_kenc(KMAC_KENC_UV) in
    (* Message 2, N11 *)
    (* I consider the optional Certificate, Query and Ping as application data, 
       whose content does not need to be detailed. *)
    let AMS_payload = concat_AMS_element(common_comp_algo_id, app_data) in
    let encoded_payload = encode(encode_alg, AMS_payload) in
    let actual_comp_algo = select_common_compression(common_comp_algo_id, comp_algo) in
    let compressed_payload = compress(actual_comp_algo, encoded_payload) in
    insert sent_count_table(current_session_id, Count1);
    (* N12 *)
    let ams_id = buildAMS_id2(ams_pid1) in
    let ams_header = buildAMS_Header(false, AUTH, encode_alg, sid, actual_comp_algo, Init_RSP_Plus) in
    let AlgSel = algo(MAClen, HMAC_SHA256, common_enc_algo) in
    let AMS_Init_RSP_prefix = buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_RSP(compressed_payload, AlgSel, tU, RandV, Count1)) in
    let TBP_AMS_Init_RSP = buildMAC_arg(V, Ux, buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_TBP_RSP(compressed_payload, AlgSel, tU, RandV, Count1, AMS_Appendix))) in
    let mac = sessionMAC(MAClen, KMAC_UV, TBP_AMS_Init_RSP) in
    let AMS_Init_RSP = concat(AMS_Init_RSP_prefix, mac) in
    (* N13 *)
    event send_Init_RSP(V, Ux, AMS_Init_RSP_prefix, mac, sU, RandV, tU, tV, KMAC_UV, KENC_UV);
    (* Parameters for the process tunnel_protocol *)
    let ams_pid = ams_pid1 in
    let dir_send = CstUP in
    let dir_recv = CstDN in
    let my_id = V in
    let other_id = Ux in
    out(c_ground2, AMS_Init_RSP);
    tunnel_protocolV. (* tunnel_protocol(ams_pid1, common_comp_algo_id, policy_id,
       tU, sU, RandV, KMAC_UV, KENC_UV, MAClen, common_enc_algo, sid, CstUP, CstDN, V, Ux)*)

(* Ground-initiated trigger (Attachment 7, Section 7.2.2). *)

let ground_initiated_trigger =
    in(c_ground_initiated_trigger1, (opt_certV: bitstring, Ux: t_id, encode_alg: t_encode_algo, MAClen: t_MAClen, tV: t_AMS_Time));
    (* G01 *)
    let ams_payload = concat_AMS_element(buildAMS40_entity_id(Ux,V), opt_certV) in 
    let encoded_payload = encode(encode_alg, ams_payload) in
    (* G02 *)
    let ams_id = buildAMS_id2(ams_pid1) in
    let ams_header = buildAMS_Header(false, SIGN, encode_alg, SID0, comp_OFF, Init_IND) in
    let alg_ID_V = algo(MAClen, HMAC_SHA256, AES128_CFB128) in
    let AMS_Init_IND_prefix = buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Init(encoded_payload, alg_ID_V, tV)) in
    let TBP_AMS_Init_IND = buildMAC_arg(V, Ux, AMS_Init_IND_prefix) in
    new r: seed;
    let sV = sign(dV, TBP_AMS_Init_IND, r) in
    let AMS_Init_IND = build_msg_Init(AMS_Init_IND_prefix, sV) in
    (* G03 *)
    event send_Init_IND(V, Ux, AMS_Init_IND_prefix, sV, tV);
    out(c_ground_initiated_trigger2, AMS_Init_IND).

let aircraft_react_ground_initiated_trigger =
    (* G04 *)
    in(c_aircraft_react_ground_initiated_trigger1, (tU: t_AMS_Time, AMS_Init_IND: bitstring, certV: bitstring));
    let build_msg_Init(AMS_Init_IND_prefix, sV) = AMS_Init_IND in
    let buildAMS_msg_prefix1(ams_id, ams_header, buildAMS_msg_prefix_Init(encoded_payload, alg_ID_V, tV)) = AMS_Init_IND_prefix in
    if check_time(tV, tU) then
    let buildAMS_Header(R1, =SIGN, encode_alg: t_encode_algo, sid: t_SID, compression: t_comp_algo, =Init_IND) = ams_header in
    let ams_payload = decode(encode_alg, encoded_payload) in
    let concat_AMS_element(buildAMS40_entity_id(=U,Vx), opt_certV) = ams_payload in
    (* G05 - certificate already obtained above *)
    (* G06 *)
    let (=true, =Vx, QV: G) = vercert(certV, pkCA) in
    (* G07 *)
    let TBP_AMS_Init_IND = buildMAC_arg(Vx, U, AMS_Init_IND_prefix) in
    if ver(QV, sV, TBP_AMS_Init_IND) then
ifdef(`REPLAY_PROT',`
    (* Replay protection. This check is not present in the specification! *)
    get received_Init_IND_table(=Vx, =tV, =sV) in yield else
    insert received_Init_IND_table(Vx, tV, sV);
')
    (* G08 - Message accepted *)
    event recv_Init_IND(U, Vx, AMS_Init_IND_prefix, sV, tV, tU);
    out(c_aircraft_react_ground_initiated_trigger1, ()).
    (* We let the adversary schedule the aircraft;
       no need to put it explicitly here. *)

(* Certificate server, to allow the adversary to create its own
   participants *)

let cert_server =
    in(c_cert_server1, (h: t_id, pk: G));
    if h <> U && h <> V then
    out(c_cert_server2, cert(h, pk, sCA)).

(* Putting the whole system together *)

process 
	in(c_gen1, ());
	(* CA private and public keys *)
	new seedCA: keyseed;
	let sCA = skgen(seedCA) in
	let pkCA = pkgen(seedCA) in
	(* Aircraft private and public keys *)
	new dU: Z; let QU = exp(g, dU) in
	(* Ground private and public keys *)
	new dV: Z; let QV = exp(g, dV) in
	(* Aircraft certificate *)
	let certU = cert(U, QU, sCA) in
	(* Ground certificate *)
	let certV = cert(V, QV, sCA) in
	(* Keys that models the choice of hash functions *)
	new hk: hash_key; new hk1: hash_key1;
	(* Publish the public keys and certificates, and hash key for the collision resistant hash function *)
	out(c_gen2, (hk, pkCA, QU, QV, certU, certV));
	((! Naircraft aircraft) | 
	 (! Nground ground) | 
	 (! Nground_init ground_initiated_trigger) | 
	 (! Nground_init_react aircraft_react_ground_initiated_trigger) |
	 (! Ncert_server cert_server) |
	 KDF256_128_oracle)

(* EXPECTED
All queries proved.
47.471s (user 46.743s + system 0.728s), max rss 1390400K
END *)

Added wiki_references/2017/software/CryptoVerif/doc/2017_06_12_wget_copy_of_http_prosecco_gforge_inria_fr_personal_bblanche_cryptoverif/bonnet/prosecco.gforge.inria.fr/personal/bblanche/arinc823/publickey/computational/arinc823-public-key.KEY_SECRECY.m4.cv.html version [e77b5dc3a9].































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































































>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
(* ARINC 823 
AMS protocol using private/public keys
described in Attachment 7 of the ARINC specification 823 Part I. 
CryptoVerif model.

In case replay protection is added for the Init_REQ and Init_IND 
messages, try to prove injective correspondences. *)

(**** Proof indications ****)

set autoMove = false.
    (* Do not move "let received_count_table_960" under "event recv_MsgU".
       That would prevent proving the injective correspondence recv_msgU ==> send_msgV *)

proof {
      (* Apply UF-CMA assumption on signatures used for
      	 certificates *)
      crypto uf_cma(signcert) seedCA;
      (* Apply random oracle assumption on KDF256 and KDF128.
      	 After these transformations, the games compare
	 the arguments of key generation functions with arguments
	 in previous calls to these functions.
	 Hence there are comparisons between values of Z_UV1, Z_UV2,
	 and values coming from the adversary. *)
      crypto rom(KDF256_128);
      (* Replace occurrences of Z_UV1 and Z_UV2 with their values.
      	 This step makes comparisons m = exp(g, dU.dV) and other comparisons
	 with exponentials appear. *)
      remove_assign binder Z_UV1;
      remove_assign binder Z_UV2;
      (* Use the Gap Diffie-Hellman assumption. 
      	 This step eliminates cases in which the comparisons m = exp(g, dU.dV)
	 fail. *)
      crypto gdh(exp) dU dV;
      (* Apply (S)UF-CMA assumption on signatures under dU and dV.
      	 This step must be applied after the Gap Diffie-Hellman assumption
	 because of the way the joint security assumption on DH
	 and signatures is written. *)
ifdef(`REPLAY_PROT',`
      crypto suf_cma(sign) dV;
      crypto suf_cma(sign) dU;
',`
      crypto uf_cma(sign) dV;
      crypto uf_cma(sign) dU;
')
      (* Use the automatic proof strategy.
      	 This step applies the security assumptions on
	 the MAC and encryption *)
      auto
}

(**** Declarations of types, constants, and function symbols ****)

(* Type for session ids, used internally in the model to distinguish
   each session of the protocol. *)

type session_ids [large, fixed].

(* Type of 32 bits numbers *)

type t_Rand32 [large, fixed]. 

(* Ids 
U = aircraft
V = ground entity *)

type t_id [fixed]. (* 8 bytes = 64 bits entity type, AMS_EntityType *)
const U, V: t_id.

(* AMS Message elements *)

type t_AMS_elem.
type t_software_part_number.
type t_policy_id.
type t_algo_bits [fixed].

fun buildAMS10_s_init_info(t_software_part_number, t_policy_id, t_id, t_id): t_AMS_elem [compos].
fun buildAMS40_entity_id(t_id, t_id): t_AMS_elem [compos].
fun buildAMS41_comp_algo_id(t_algo_bits): t_AMS_elem [compos].
fun buildAMS42_comp_algo_sel(t_algo_bits): t_AMS_elem [compos].
    (* The first bit is 1 when DMC level 0 is supported.
       The second bit is 1 when DMC level 1 is supported.
       The third bit is 1 when DEFLATE is supported.
       We ignore algorithms reserved for future use. *)

fun payload_with_1_element(t_AMS_elem): bitstring [compos].
fun concat_AMS_element(t_AMS_elem, bitstring): bitstring [compos].

(* Encoding algorithms *)

type t_encode_algo [fixed]. (* 2 bits *)

const encode_OFF, encode_B64, encode_B64PAD, encode_B128: t_encode_algo.

fun encode(t_encode_algo, bitstring): bitstring.
fun decode(t_encode_algo, bitstring): bitstring.

forall encode_algo: t_encode_algo, payload:bitstring; 
      decode(encode_algo, encode(encode_algo, payload)) = payload.

(* encode is injective *)
forall encode_algo: t_encode_algo, payload1:bitstring, payload2:bitstring; 
      (encode(encode_algo, payload1) = encode(encode_algo, payload2)) = (payload1 = payload2).

(* Compression *)

type t_comp_algo [fixed]. (* 4 bits, Value of the CompMode field *)

const comp_OFF, comp_DMC0, comp_DMC1, comp_DEFLATE: t_comp_algo.

fun compress(t_comp_algo, bitstring): bitstring.
fun decompress(t_comp_algo, bitstring): bitstring.

forall comp_algo: t_comp_algo, payload:bitstring; 
      decompress(comp_algo, compress(comp_algo, payload)) = payload.

fun bool_and(t_algo_bits, t_algo_bits): t_algo_bits.
fun select_common_compression(t_AMS_elem, t_comp_algo): t_comp_algo.

(* Algorithms *)

type t_AMS_AlgID [bounded]. (* 16 bits *)
type t_MAClen [bounded]. (* 4 bits *)
type t_AuthAlgo [bounded]. (* 4 bits *)
type t_EncAlgo [bounded]. (* 8 bits *)

fun algo(t_MAClen, t_AuthAlgo, t_EncAlgo): t_AMS_AlgID [compos].

const MAClen32, MAClen64, MAClen128: t_MAClen.
const HMAC_SHA256: t_AuthAlgo.
const NULL_enc, AES128_CFB128: t_EncAlgo.

fun get_common_enc_algo(t_EncAlgo): t_EncAlgo.
(* The protocol satisfies authentication independently of the definition of this function.
   letfun get_common_enc_algo(enc_algo: t_EncAlgo) = 
      if enc_algo = AES128_CFB128 then AES128_CFB128 else NULL_enc. *)

(* Policy types *)

type t_AMS_Policy [fixed]. (* 2 bits *)

const NONE, SIGN, AUTH, BOTH: t_AMS_Policy.

fun get_policy(t_policy_id, bitstring): t_AMS_Policy.
     (* The definition of the policy is left implicit in this model.
     	get_policy(policy_id, msg) is supposed to 
	determine the expected policy to apply to the message msg 
	from the message msg itself and the policy identifier policy_id. *)

fun get_protect_mode(t_AMS_Policy, t_EncAlgo): t_AMS_Policy.
(* The protocol satisfies authentication independently of the definition of this function.
   letfun get_protect_mode(policy: t_AMS_Policy, enc_algo: t_EncAlgo) =
       if enc_algo = NULL_enc && policy = BOTH then AUTH else policy.

   If the security policy specifies the BOTH protection mode
   and the selected encryption is NULL, then ProtectMode is set to AUTH.
   In all other cases, ProtectMode is the protection mode
   specified in the security policy. *)

(* Protocol ids *)

type t_AMS_PID [bounded]. (* 1 byte, "1" or "2" *)

const ams_pid1 (* public-key protocol *), ams_pid2 (* shared-key protocol *): t_AMS_PID.

(* Commands *)

type t_Cmd [fixed]. (* 4 bits *)

const Data_IND, Info_IND, DataCnf_IND, Release_REQ, Release_RSP_Minus, 
      Release_RSP_Plus, Init_IND, Init_REQ, Init_RSP_Minus, Init_RSP_Plus,
      Abort_IND: t_Cmd.

fun ok_tunnel(t_Cmd): bool.
forall; ok_tunnel(Init_IND) = false.
forall; ok_tunnel(Init_REQ) = false.
forall; ok_tunnel(Init_RSP_Minus) = false.
forall; ok_tunnel(Init_RSP_Plus) = false.

(* Counter *)

type t_Count [fixed].

const Count1: t_Count.
const Count_unspecified: t_Count. 
      (* Used as a dummy value to fill the count argument
      	 of event recv_msg when the message is sent unprotected. *)

(* MAC *)

type mac_key [large, fixed].

proba PPRF. 
      (* PPRF(t, qMAC, l, qKDF256, qKDF128) is the probability of 
         distinguishing MAC, KDF256, and KDF128 from independent pseudo-random
	 functions in time t, with qMAC, qKDF256, qKDF128 queries to
	 MAC, KDF256, and KDF128 respectively, with MAC queries of length
	 at most l. *)

(* sessionMAC is SUF-CMA for each of the 3 lengths *)

expand SUF_CMA_MAC_3lengths(t_MAClen, MAClen32, MAClen64, MAClen128,
       mac_key, sessionMAC, PPRF).

(* Encryption *)

type enc_key [large, fixed]. (* 128 bits *)
type t_IVdata [fixed].

type byte [fixed]. (* 1 byte = 8 bits *)
const CstDN: byte. (* 0x00 *)
const CstUP: byte. (* 0x01 *)
fun buildIVdata(byte, t_Count): t_IVdata [compos].

expand encryption_IV_no_hyp(enc_key, t_IVdata, E', D').

(* encryption is IND-CPA provided IVdata is distinct
   for each encryption --- This property is needed only for
   secrecy. *)

(* Elliptic curve Diffie-Hellman and UF-CMA or SUF-CMA signatures,
   with collision resistance property. *)

type Z [bounded, large].
type G [bounded, large].
proba pGDH.
type seed [fixed, large].
type signature [bounded].
proba Psign.
proba Psigncoll.

ifdef(`REPLAY_PROT', `
expand joint_GDH_SUFCMA_collresistance(G, Z, g, exp, mult, pGDH,
  signature, seed, sign, ver, Psign, Psigncoll).', `
expand joint_GDH_UFCMA_collresistance(G, Z, g, exp, mult, pGDH,
  signature, seed, sign, ver, Psign, Psigncoll).')

(* Hash function HASH is collision resistant *)

type t_SHA256_out [large, fixed]. (* 256 bits, output of SHA256 *)

type hash_key [large,fixed].
proba Phash.
expand CollisionResistant_hash(hash_key, bitstring, t_SHA256_out, HASH, Phash).

type t_AMS_Appendix.
fun concat_hash(t_AMS_Appendix, t_Rand32): bitstring [compos].

(* the concatenation of KDF256 and KDF128 is a random oracle *)
type hash_key1 [large,fixed].
type mac_enc_key [large,fixed].
expand ROM_hash_quad(hash_key1, G, t_SHA256_out, t_id, t_id, mac_enc_key, KDF256_128).
param qH [noninteractive].
channel c1h, c2h.
let KDF256_128_oracle = ! qH in(c1h, (x1:G, x2:t_SHA256_out, x3:t_id, x4:t_id)); out(c2h, KDF256_128(hk1,x1,x2,x3,x4)).

(* Generating a single random key of type mac_enc_key and splitting it into
   a MAC key and an encryption key is equivalent to generating a
   random MAC key and a random encryption key. *)

fun get_kmac(mac_enc_key): mac_key.
fun get_kenc(mac_enc_key): enc_key.

param N.

equiv eq_mac_enc_key
      !N new r: mac_enc_key; (O1() := get_kmac(r),
      	    	              O2() := get_kenc(r))
    <=(0)=>
      !N (O1() := new r1: mac_key; r1,
      	  O2() := new r2: enc_key; r2).

(* Certificates *)

proba Psigncert.
proba Psigncollcert.

type keyseed [large,fixed].
type pkey [large,bounded].
type skey [large,bounded].

expand UF_CMA_signature(keyseed, pkey, skey, bitstring, signature, seed, skgen, pkgen, signcert, checkcert, Psigncert, Psigncollcert).

letfun cert(Ux: t_id, Q: G, sCA: skey) = new r: seed; (Ux, Q, signcert((Ux, Q), sCA, r)).
letfun vercert(certif: bitstring, pkCA: pkey) = 
       let (Ux: t_id, Q:G, s: signature) = certif in
       if checkcert((Ux, Q), pkCA, s) then (true, Ux, Q) else (false, Ux, Q)
       else (false, certif).

(* Time *)

type t_AMS_Time [fixed].

fun check_time(t_AMS_Time, t_AMS_Time): bool.
     (* check_time(tU, tV) is supposed to check that 
     	tV - 60 seconds <= tU <= tV + 120 seconds. *)

(* Supplementary address type *)

type t_AMS_SuppAddr.

(* Session identifiers *)

type t_SID [fixed]. (* 3 bits *)
const SID0, SID1, SID2, SID3, SID4, SID5: t_SID.

(* Building AMS messages *)

type t_AMS_IMI. (* empty or "PM1." *)
type t_AMS_ID.

(* t_AMS_SuppAddr has variable length, but starts with / and ends with .
   so it can be distinguished from the PID, and its length can be determined. *)
fun buildAMS_id1(t_AMS_SuppAddr, t_AMS_IMI, t_AMS_PID): t_AMS_ID [compos].
fun buildAMS_id2(t_AMS_PID): t_AMS_ID [compos].

type t_AMS_Header. (* 2 bytes = 16 bits *)

fun buildAMS_Header(bool (*R1 parameter, ignored*), t_AMS_Policy, t_encode_algo, t_SID, t_comp_algo, t_Cmd): t_AMS_Header [compos].

fun buildAMS_msg_prefix1(t_AMS_ID, t_AMS_Header, bitstring): bitstring [compos].
fun buildAMS_msg_prefix_Init(bitstring, t_AMS_AlgID, t_AMS_Time): bitstring [compos].
fun buildAMS_msg_prefix_RSP(bitstring, t_AMS_AlgID, t_AMS_Time, t_Rand32, t_Count): bitstring [compos].
fun buildAMS_msg_prefix_TBP_RSP(bitstring, t_AMS_AlgID, t_AMS_Time, t_Rand32, t_Count, t_AMS_Appendix): bitstring [compos].
fun buildAMS_msg_prefix_Rest(bitstring, t_Count): bitstring [compos].

fun buildMAC_arg(t_id, t_id, bitstring): bitstring [compos].
fun build_msg_Init(bitstring, signature): bitstring [compos].
fun buildAMS_appendix_Init(t_AMS_AlgID, t_AMS_Time, signature): t_AMS_Appendix [compos].
fun concat(bitstring, bitstring): bitstring. (* concatenation; it is NOT compos, because the
    		      		  	     	lengths of the two concatenated bitstrings is not known. *)
fun split_message(t_MAClen, bitstring): bitstring.
    			    		(* split_message(l, m) returns a pair (m1, m2) such that
					   m is the concatenation of m1 and m2, and m2 has length l.
					   In this protocol, m2 is the MAC, m1 is the rest of the message. *)

(* Tables of message counters
   We simulate a distinct table for each session by
   adding a unique session identifier as first argument. *)

table received_count_table(session_ids, t_Count).
table sent_count_table(session_ids, t_Count).

(* Tables for replay protection for Init_IND and Init_REQ messages *)

table received_Init_IND_table(t_id, t_AMS_Time, signature).
table received_Init_REQ_table(t_id, t_AMS_Time, signature).

(**** Security properties ****)

(* Authenticity of the payload messages, when the policy is not NONE *)

event send_msgU(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).
event send_msgV(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).
event recv_msgU(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).
event recv_msgV(t_id, t_id, t_AMS_Time, signature, t_Rand32, t_policy_id, t_AMS_Policy, t_EncAlgo, t_Count, bitstring).

(* Freshness of the AMS_Init_REQ message; 
   authentication of the aircraft to the ground entity *)

event send_Init_REQ(t_id, t_id, bitstring, signature, t_AMS_Time).
event recv_Init_REQ(t_id, t_id, bitstring, signature, t_AMS_Time, t_AMS_Time).


(* Authentication of the ground entity to the aircraft *)

event send_Init_RSP(t_id, t_id, bitstring, bitstring, signature, t_Rand32, t_AMS_Time, t_AMS_Time, mac_key, enc_key).
event recv_Init_RSP(t_id, t_id, bitstring, bitstring, signature, t_Rand32, t_AMS_Time, mac_key, enc_key).

(* Detection of bilateral UKS attacks *)

(* Freshness of the AMS_Init_IND message (ground-initiated trigger);
   authentication of the ground entity to the aircraft *)

event send_Init_IND(t_id, t_id, bitstring, signature, t_AMS_Time).
event recv_Init_IND(t_id, t_id, bitstring, signature, t_AMS_Time, t_AMS_Time).

(* Key secrecy *)

query secret secretV_KENC_UV.
query secret secretU_KENC_UV.

(* Secrecy -- see arinc823-public-key.SECRECY.cv *)

(**** The protocol ****)

param Naircraft, Nground, Nground_init, Nground_init_react, Ncert_server, Nmessage.
channel c_gen1, c_gen2, c_aircraft0, c_aircraft0', c_aircraft1, c_aircraft2, c_aircraft3, c_aircraft4, 
	c_ground1, c_ground2, c_ground_initiated_trigger1, c_ground_initiated_trigger2,
	c_aircraft_react_ground_initiated_trigger1, c_aircraft_react_ground_initiated_trigger2,
	c_cert_server1, c_cert_server2,
	choicechannel, pub.


(* Secure session initiation, aircraft-initiated (Attachement 7, Section 7.2.1) *)

let aircraft_fixed_MAClen =
    in(c_aircraft1, (Vx: t_id, software_part_number: t_software_part_number, policy_id: t_policy_id, 
    	      algo_bits: t_algo_bits, encode_alg: t_encode_algo, cert_or_query: t_AMS_elem,
	      ams_dstaddr: t_AMS_SuppAddr, ams_imi: t_AMS_IMI, sid: t_SID, 
	      tU: t_AMS_Time, enc_algo: t_EncAlgo (* either NULL_enc or AES128_CFB128, depending on whether the aircraft supports encryption *)));
    (* Choose a session id *)
    new current_session_id: session_ids;
    (* Message 1, N01 *)
    let s_init_info = buildAMS10_s_i