proverif

AuthorBruno Blanchet <bruno.blanchet@inria.fr>, Vincent Cheval <vincent.cheval@icloud.com>, Ben Smyth <research@bensmyth.com>, Marc Sylvestre <marc.sylvestre@inria.fr>
LicenseGNU General Public License
Homepagehttp://proverif.inria.fr/
Issue Trackerbruno.blanchet@inria.fr
MaintainerBruno Blanchet <bruno.blanchet@inria.fr>, Marc Sylvestre <marc.sylvestre@inria.fr>
Dependencies
&ocamlbuild
ocamlfind
PublishedNov 9, 2017
Source [http] http://proverif.inria.fr/proverif1.97pl3.tar.gz
947a428f71cc335aeea8d178c1e8e84f
StatisticsInstalled 4 times last month.
Edithttps://github.com/ocaml/opam-repository/tree/master/packages/proverif/proverif.1.97pl3/opam

ProVerif: Cryptographic protocol verifier in the symbolic model

ProVerif is an automatic cryptographic protocol verifier, in the symbolic model (so called Dolev-Yao model). This protocol verifier is based on a representation of the protocol by Horn clauses. Its main features are:

  • It can handle many different cryptographic primitives, including shared- and public-key cryptography (encryption and signatures), hash functions, and Diffie-Hellman key agreements, specified both as rewrite rules or as equations.

  • It can handle an unbounded number of sessions of the protocol (even in parallel) and an unbounded message space. This result has been obtained thanks to some well-chosen approximations. This means that the verifier can give false attacks, but if it claims that the protocol satisfies some property, then the property is actually satisfied.

ProVerif can prove the following properties:

  • secrecy (the adversary cannot obtain the secret)
  • authentication and more generally correspondence
  • strong secrecy (the adversary does not see the difference when the value of the secret changes)
  • equivalences between processes that differ only by terms

A survey of ProVerif with references to other papers is available at

Bruno Blanchet. Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security, 1(1-2):1-135, October 2016. http://dx.doi.org/10.1561/3300000004

No package is dependent