Guessing Attacks in the pi-calculus with a Computational Justification. Draft Comments Welcome

This paper presents an extension of the pi-calculus that can reason about brute force and guessing attacks. We relate new name declarations in the pi-calculus with random sampling in the computational model of security. The scope of a new name can then be expanded at a comparable cost as it would take to guess the randomly sampled value in the computational setting. We provide a syntax and reduction semantics for this system and a function that calculates the cost of a given attack, taking into account the ease with which the attacker can confirm their guesses. We argue the correctness of this calculus by relating it to the computational model of security. We show that if the cost of an attack in the calculus is less than exponential in a security parameter, then there exists a polynomial time Turing machine that can defeat the process with non-negligibility probability. On the other hand, if there is no sub-exponential cost attack, then the process is just as safe as its spi-calculus counterpart, and so the use of guessable names does not help the attacker.