Model checking the iKP electronic payment protocols

Abstract

Much progress of formal verification techniques has been made and therefore many formal verification case studies of systems, such as security protocols, have been conducted and reported. Two major formal verification techniques are model checking and interactive theorem proving. Almost all case studies, however, use either model checking or interactive theorem proving. Even though both techniques are used, two different specifications dedicated to model checking and interactive theorem proving, respectively, are used. It would be desirable to make it possible to use one specification for one system for both model checking and interactive theorem proving. Observational transition systems (OTSs) have been proposed so that they can be written as equational theory specifications and used for interactive theorem proving. OTSs can also be written as rewrite theory specifications, which can be used for model checking, but it would take time to model check OTSs written as rewrite theory specifications in the existing techniques.There are two main contributions described in this article: (1) to propose an effective way to write OTSs as rewrite theory specifications, and (2) to conduct a case study in which an electronic commerce protocol has been model checked. Contribution (1) can be regarded as an effective way to translate equational theory specifications of OTSs for interactive theorem proving into rewrite theory specifications of OTSs for model checking. Moreover, since rewrite theory specifications of OTSs can be used for interactive theorem proving as well, contribution (1) may lead to the desirable situation aforementioned.