Section: New Results
A Framework for analyzing probabilistic protocols
Probabilistic security protocols involve probabilistic choices and are used for many purposes including signing contracts, sending certified email and protecting the anonymity of communication agents. Some probabilistic protocols rely on specific random primitives such as the Oblivious Transfer  . There are various examples in this category, notably the contract signing protocol in  and the privacy-preserving auction protocol in  .
A large effort has been dedicated to the formal verification of security protocols, and several approaches based on process-calculi techniques have been proposed. However, in the particular case of probabilistic protocols, only few attempts of this kind have been made. One proposal of this kind is  , which defines a probabilistic version of the noninterference property, and uses a probabilistic variant of CCS and of bisimulation to analyze protocols wrt this property.
In  and  we have developed a framework for analyzing probabilistic security protocols using a probabilistic extension of the -calculus inspired by the work in  ,  . In order to express security properties in this calculus, we have extended the notion of testing equivalence  to the probabilistic setting. We have have applied these techniques to verify the Partial Secret Exchange, a protocol which uses a randomized primitive, the Oblivious Transfer, to achieve fairness of information exchange between two parties.