Adel Bouhoula and Florent Jacquemard Tree Automata ,

We present a new method for automatic implicit induction theorem proving, and its application for the verification of cryptographic protocols. The method is based on constrained tree grammars and handles non-confluent rewrite systems which are required in the context of the verification of security protocols because of the non-deterministic behavior of attackers. It also handles axioms between constructor terms which allows us to specify explicit destructors representing cryptographic operators. Constrained tree grammars are used in our procedure both as induction schemes and as oracles for checking validity and redundancy by reduction to an emptiness problem. They also permit to characterize security failure of cryptographic protocols as sets of execution traces corresponding to an attack. This way, we obtain a generic framework for the verification of protocols, in which we can verify reachability properties like confidentiality, but also more complex properties like authentication. We present three case studies which gave very promising results.