## Section: Scientific Foundations

### Models mixing probabilistic and non-deterministic choice

While objective 1.3 (computational
soundness) is important to reach the SECSI goal of *more
realism* , i.e., to show that security proofs in formal models
have realistic implications, one will also have to consider some
protocols for which no formal model exists that is solely based on
logic. This is the case for protocols whose security depends on
probabilities, for example. The paradigmatic example is Chaum's
dining cryptographers, whereby N agents try to determine whether
one of them paid while not revealing the identity of the payer with
any non-negligible probability. Chaum's protocol involves flipping
coins, and any bias in coin-flipping is known to result into
possible attacks.

Probabilities are also needed to model realistic notions of anonymity, where the distribution of possible outputs of the protocol should not give any information on the distribution of the inputs. Here, models purely based on logic will miss an important point.

Work in this direction was conducted in 2006–2007 through the INRIA ARC ProNoBis, on finding appropriate models for mixing probabilistic choice and non-deterministic choice. Intuitively, protocols can be seen as the interaction between honest agents, who proceed deterministically or by tossing coins, and attackers, who can be thought of as always choosing the action that will defeat some security objective in the worst way. I.e., attackers run as demonic non-deterministic agents. Finding simple and usable models mixing probabilistic choice and demonic non-determinism is challenging in itself. SECSI is also exploring the possibility of including angelic non-determinism (e.g., specified but not yet implemented behavior from honest agents), and chaotic non-determinism. Finally, these models are explored both from the point of view of transition systems, and model-checking, even in the non-discrete case, and from the point of view of the semantics of programming languages, in particular of Moggi's monadic lambda-calculus.

The main originality in this line of work used to be the theory of
*convex games* and *belief functions* [84] , which originated in economic circles in the
1950s and in statistics in the 1960s. This evolved into the use of
*continuous previsions* [85] , similar to a notion
invented in finance by Walley. Most of the required fundamental
theoretic results are now established, and practical applications
should come by in 2008, e.g., adapting the semantics and results on
observational equivalence for the probabilistic applied pi-calculus
of [88] .

The thrust here is on *more properties* , and *more
realism* .