VerifHub

VerifHub

VerifHub allows Verifpal® users to easily share and discuss Verifpal models of cryptographic protocols. The VerifHub service provides unique URIs for each shared model which includes a syntax-highlighted model, an automatically generated diagram and a summary of the analysis results.

Switch to Diagram View

invitation.vp

Submitted on 12 Sep 24 10:42 UTC. attacker[active] principal Alice[ knows private invitation_unlock_key generates invitation_secret knows private alice_server_session_key knows public invitation_id_input_constant ] principal Server[ knows private alice_server_session_key knows private bob_server_session_key ] principal Bob[ knows private bob_server_session_key ] principal Alice[ invitation_id = MAC(invitation_unlock_key, invitation_id_input_constant) invitation_ciphertext = AEAD_ENC(invitation_unlock_key, invitation_secret, invitation_id) invitation_server = ENC(alice_server_session_key, CONCAT(invitation_id, invitation_ciphertext)) ] Alice -> Server: invitation_server principal Server[ server_invitation_id, server_invitation_ciphertext = SPLIT(DEC(alice_server_session_key, invitation_server)) ] principal Bob[ knows private invitation_unlock_key bob_invitation_id = MAC(invitation_unlock_key, invitation_id_input_constant) ] Bob -> Server: bob_invitation_id principal Server[ invitation_bob = ENC(bob_server_session_key, server_invitation_ciphertext) ] Server -> Bob: invitation_bob principal Bob[ bob_invitation_ciphertext = DEC(bob_server_session_key, invitation_bob) bob_invitation_secret = AEAD_DEC(invitation_unlock_key, bob_invitation_ciphertext, bob_invitation_id) ] phase[1] principal Server[ leaks server_invitation_ciphertext leaks server_invitation_id ] queries[ confidentiality? invitation_unlock_key confidentiality? bob_invitation_secret equivalence? invitation_id, bob_invitation_id ]
Switch to Model View
Title:invitation.vp Note over Alice: knows private invitation_unlock_key\n generates invitation_secret\n knows private alice_server_session_key\n knows public invitation_id_input_constant\n Note over Server: knows private alice_server_session_key\n knows private bob_server_session_key\n Note over Bob: knows private bob_server_session_key\n Note over Alice: invitation_id = MAC(invitation_unlock_key, invitation_id_input_constant)\n invitation_ciphertext = AEAD_ENC(invitation_unlock_key, invitation_secret, invitation_id)\n invitation_server = ENC(alice_server_session_key, CONCAT(invitation_id, invitation_ciphertext))\n Alice -> Server: invitation_server Note over Server: server_invitation_id, server_invitation_ciphertext = SPLIT(DEC(alice_server_session_key, invitation_server))\n Note over Bob: knows private invitation_unlock_key\n bob_invitation_id = MAC(invitation_unlock_key, invitation_id_input_constant)\n Bob -> Server: bob_invitation_id Note over Server: invitation_bob = ENC(bob_server_session_key, server_invitation_ciphertext)\n Server -> Bob: invitation_bob Note over Bob: bob_invitation_ciphertext = DEC(bob_server_session_key, invitation_bob)\n bob_invitation_secret = AEAD_DEC(invitation_unlock_key, bob_invitation_ciphertext, bob_invitation_id)\n Note left of Alice:phase 1 Note over Server: leaks server_invitation_ciphertext\n leaks server_invitation_id\n

Analysis Results

The model submitter provided the following analysis results:

Please note that these results are not verified to be accurate. The model submitter may choose to provide false analysis results if they so desire. It is strongly recommended that you re-run the analysis of this model locally if you wish to verify the authenticity of the analysis results above.

Discuss This Model

© Copyright 2019- Nadim Kobeissi. All Rights Reserved. “Verifpal” and the “Verifpal” logo/mascot are registered trademarks of Nadim Kobeissi. Verifpal software is provided as free and open source software, licensed under the GPLv3. Verifpal User Manual, as well as this website, are provided under the CC BY-NC-ND 4.0 license. Published by Symbolic Software.