VerifHub allows Verifpal® users to easily share and discuss Verifpal models of cryptographic protocols. The VerifHub service provides unique URIs for each shared model which includes a syntax-highlighted model, an automatically generated diagram and a summary of the analysis results.
static_pwd_shares.vpSubmitted on 05 Jul 20 09:24 UTC.
attacker[active] principal Pwdserver1[ knows private s1 knows private s3 gs1 = G^s1 gs3 = G^s3 ] principal Pwdserver2[ knows private s2 gs2 = G^s2 ] Pwdserver1 -> Alice: [gs1] Pwdserver1 -> Pwdserver2: [gs3] Pwdserver2 -> Alice: [gs2] principal Alice[ generates pwd hpwd = HASH(pwd) a, b, _ = SHAMIR_SPLIT(hpwd) ea = PKE_ENC(gs1, a) eb = PKE_ENC(gs2, b) ] Alice -> Pwdserver1: ea Alice -> Pwdserver2: eb phase principal Pwdserver1[ leaks s3 ] principal Alice[ aa, ab, _ = SHAMIR_SPLIT(hpwd) aea = PKE_ENC(gs2, aa) aeb = PKE_ENC(gs1, ab) ] Alice -> Pwdserver2: aea Alice -> Pwdserver1: aeb principal Pwdserver2[ h2 = SHAMIR_JOIN(PKE_DEC(s2, aea), PKE_DEC(s2, eb)) eh2 = PKE_ENC(gs3, h2) ] Pwdserver2 -> Pwdserver1: eh2 principal Pwdserver1[ h1 = SHAMIR_JOIN(PKE_DEC(s1, ea), PKE_DEC(s1, aeb)) _ = ASSERT(h1, PKE_DEC(s3, eh2))? ] queries[ confidentiality? hpwd ]
The model submitter provided the following analysis results:
- Query 1 (Confidentiality): FAIL
Please note that these results are not verified to be accurate. The model submitter may choose to provide false analysis results if they so desire. It is strongly recommended that you re-run the analysis of this model locally if you wish to verify the authenticity of the analysis results above.