Alpha-Beta Privacy

Abstract: The formal specification of privacy goals in symbolic protocol models has proved to be not quite trivial so far. The most widely used approach in formal methods is based on the static equivalence of frames in the applied pi-calculus, basically asking whether or not the intruder is able to distinguish two given worlds. But then a subtle question emerges: how can we be sure that we have specified all pairs of worlds to properly reflect our intuitive privacy goal? To address this problem, we introduce in this pap… Show more

“…For brevity, we only highlight the differences to standard first-order logic, the precise definition that we use can be found in the original paper on (α, β)privacy [5]. The main point is that in Herbrand logic fixes the universe in which to interpret all symbols.…”

“…Definitinon 5 (Message-analysis problem (adapted from [5])). Let α be combinatoric, struct and concr be two frames with domain D. We say that β is a message-analysis problem if β ≡ MsgAna(D, α, struct, concr ) with:…”

“…This work is based on the framework of (α, β)-privacy [5], which is in turn based on Herbrand logic [7]. As a variant of First-Order Logic, using the ground terms of uninterpreted function symbols as a universe, Herbrand logic is very expressive, e.g.…”

“…In our extended version we also discuss coercion resistance. We build on the framework of (α, β)-privacy [5], that defines privacy as a state-based safety property, where each state consists of two formulae α, the deliberately released high-level information like the result of an election, and β, the observations that the intruder could make. During transitions, the information in α and β can only increase (by adding new conjuncts to the formulae).…”

Formalizing and Proving Privacy Properties of Voting Protocols Using Alpha-Beta Privacy

“…For brevity, we only highlight the differences to standard first-order logic, the precise definition that we use can be found in the original paper on (α, β)privacy [5]. The main point is that in Herbrand logic fixes the universe in which to interpret all symbols.…”

“…Definitinon 5 (Message-analysis problem (adapted from [5])). Let α be combinatoric, struct and concr be two frames with domain D. We say that β is a message-analysis problem if β ≡ MsgAna(D, α, struct, concr ) with:…”

“…This work is based on the framework of (α, β)-privacy [5], which is in turn based on Herbrand logic [7]. As a variant of First-Order Logic, using the ground terms of uninterpreted function symbols as a universe, Herbrand logic is very expressive, e.g.…”

“…In our extended version we also discuss coercion resistance. We build on the framework of (α, β)-privacy [5], that defines privacy as a state-based safety property, where each state consists of two formulae α, the deliberately released high-level information like the result of an election, and β, the observations that the intruder could make. During transitions, the information in α and β can only increase (by adding new conjuncts to the formulae).…”

Formalizing and Proving Privacy Properties of Voting Protocols Using Alpha-Beta Privacy

“…Given a protocol with some intended use case, it is not immediately obvious which definition provides strong enough guarantees. Second, most definitions of unlinkability rely on some form of behavioural equivalence, which makes proofs even more difficult -this is a general problem when dealing with privacy notions, which has motivated a recent alternative approach which can avoid equivalences in some cases, not including unlinkability so far [28]. Proofs of equivalences are cumbersome, and we believe that they cannot realistically be carried out in details by hand.…”

A Method for Proving Unlinkability of Stateful Protocols

Deciding a Fragment of $$(\alpha , \beta )$$-Privacy