Hi,
I've read (most of) the paper. I think this is exactly what I was looking for. Thank you! That problem's solved, seems.
I've got another question, but that's not really inherent to the topic of this conversation. I'll send it here anyway though, it probably is a rather easy fix - but I can't get my head around it.
I'm getting errors about pattern matching. I've created another basic example, here's the code:
theory patt_matching
begin
builtins: asymmetric-encryption
functions:
higher_level_encrypt/2,
higher_level_decrypt/2,
lower_level_encrypt/2,
lower_level_decrypt/2
/*
* I'd really like to keep on using my higher level functions as the lower level
* one requires, in my case, deriving a session key and an IV (here I've skipped
* the details about it and just used a placeholder).
*/
equations:
higher_level_encrypt(m, pubkey) = lower_level_encrypt(m, pubkey),
higher_level_decrypt(c, privkey) = lower_level_decrypt(c, privkey)
rule RegisterPK:
[ Fr(~sk) ]
-->
[ !PrivateKey($X, ~sk), !PublicKey($X, pk(~sk)), Out(pk(~sk))]
rule C1:
[
!PublicKey($Server, pkey),
Fr(~msg)
]
-->
[ Out(higher_level_encrypt(~msg, pkey)) ]
rule S1:
[
!PrivateKey($Server, skey),
// Using lower_level_encrypt instead of higher level solves the error (but not the main problem)
In(higher_level_encrypt(msg, pk(skey)))
]
-->
[ Out(msg) ]
end
This gives the following error:
Multiplication restriction of rules:
The following rule is not multiplication restricted:
rule (modulo E) S1:
[
!PrivateKey( $Server, skey ),
In( higher_level_encrypt(msg, pk(skey)) )
]
-->
[ Out( msg ) ]
After replacing reducible function symbols in lhs with variables:
rule (modulo E) S1:
[ !PrivateKey( $Server, skey ), In( x.1 ) ]
-->
[ Out( msg ) ]
Variables that occur only in rhs: msg
CallStack (from HasCallStack):
error, called at src/Theory/Tools/Wellformedness.hs:919:28 in tamarin-prover-theory-1.6.0-4xY8tGI4gcd2kXzIGyjzDc:Theory.Tools.Wellformedness
Why is the LHS rewritten that way? Is there a way to avoid having to actually use the lower_level_function? I've got a rather complex protocol to model, having higher level functions would prove very beneficial in terms of both readability and maintainability.
Thank you again for your kind help.
| Regards, Alessandro Zanatta |
You received this message because you are subscribed to a topic in the Google Groups "tamarin-prover" group.