?. Un-bit-b and R. ?. , 1} est tiré au sort ; si b = 0, soit c le chiffrement (étiqueté) d'un nombre aléatoire par k, c'est-à-dire, m

L. Gagne-si-b-?-=-b.-l-'adversaire-a-gagne-si-b-?-=-b, L'avantage de A est par définition Adv ? Pwd,?,A (?) = P[A gagne] ? 1 2 . On dit que ? est T enc -Pwd-sûr si pour tout adversaire PPTIME A et tout ? ? T enc

. Pour-finir, T. Enc-sûr-s-'il-est-À-la-fois-t-enc-ror, and . Enc-pwd-sûr, La condition 1 (sûreté T enc -RoR) est une variante du critère de sécurité Cette propriété est requise du fait que nous autorisons l'utilisation de enc en tant qu'algorithme de chiffrement à part entière, c'est-à-dire également avec des clés fortes. Sans cette condition, le résultat de cette section reste valable si l'on restreint les clés de enc aux constantes ? comme c'est le cas dans le formalisme de M La condition 2 (sûreté T enc -Pwd) concerne la sécurité des mots de passe (et autres données faibles) quand ils sont utilisés comme clés. Intuitivement, cette condition contraint le chiffrement d'une donnée aléatoire à être distribué, au moins en apparence, comme la valeur elle-même, Abadi et de B. Warinschi [AW05] Une condition similaire introduite par M. Abadi et B. Warinschi [AW05] donne la possibilité aux distributions des valeurs et des chiffrements d'être deux distributions (fixées) différentes. La différence ici est due au fait que nous autorisons plusieurs couches de chiffrement par des mots de passe

B. Encore-dans-la-procédure-de, M. Blanchet, C. Abadi, and . Fournet, Il s'agit ainsi de la première définition logique des attaques par dictionnaire à bénéficier de procédures d'analyse dans le cas actif et d'une justification calculatoire partielle. En guise de travaux futurs, il serait intéressant d'étudier d'autres théories équationnelles comme la réunion des théories considérées, ou

. De-manière, on peut également s'interroger sur l'existence d'un modèle équationnel calculatoirement sûr pour un attaquant actif. À cet égard, les résultats négatifs de M, Backes et B. Pfitzmann [BP05], concernant le OU exclusif dans le formalisme (plus exigeant) de la simulabilité

M. Abadi and B. Blanchet, Analyzing security protocols with secrecy types and logic programs, Journal of the ACM, vol.52, issue.1, pp.102-146, 2005.
DOI : 10.1145/1044731.1044735

X. Allamigeon and B. Blanchet, Reconstruction of attacks against cryptographic protocols, 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.140-154, 2005.
DOI : 10.1109/CSFW.2005.25

M. Abadi, Secrecy by typing in security protocols, Journal of the ACM, vol.46, issue.5, 1999.

[. Adão, G. Bana, and A. Scedrov, Computational and Information-Theoretic Soundness and Completeness of Formal Encryption, 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.170-184, 2005.
DOI : 10.1109/CSFW.2005.13

[. Abadi, M. Baudet, and B. Warinschi, Guessing Attacks and the Computational Soundness of Static Equivalence, Proc. 9th International Conference on Foundations of Software Science and Computation Structures (FoSSaCS'06), pp.398-412, 2006.
DOI : 10.1007/11690634_27

[. Abadi and V. Cortier, Deciding Knowledge in Security Protocols Under Equational Theories, Proc. 31st International Colloquium on Automata, Languages and Programming, pp.46-58, 2004.
DOI : 10.1007/978-3-540-27836-8_7

URL : https://hal.archives-ouvertes.fr/inria-00000554

M. Abadi and V. Cortier, Deciding Knowledge in Security Protocols under (Many More) Equational Theories, 18th IEEE Computer Security Foundations Workshop (CSFW'05), pp.62-76, 2005.
DOI : 10.1109/CSFW.2005.14

URL : https://hal.archives-ouvertes.fr/inria-00000554

M. Abadi and V. Cortier, Deciding knowledge in security protocols under equational theories, Theoretical Computer Science, vol.367, issue.1-2, pp.2-32, 2006.
DOI : 10.1016/j.tcs.2006.08.032

URL : https://hal.archives-ouvertes.fr/inria-00000554

M. Abadi and C. Fournet, Mobile values, new names, and secure communications, Proc. 28th Annual ACM Symposium on Principles of Programming Languages (POPL'01), pp.104-115, 2001.

[. Abadi and A. D. Gordon, A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.36-47, 1997.
DOI : 10.1145/266420.266432

[. Abadi and A. D. Gordon, A bisimulation method for cryptographic protocols, Nordic Journal of Computing, vol.5, issue.4, pp.267-303, 1998.
DOI : 10.1007/BFb0053560

[. Adão, J. Herzog, G. Bana, and A. Scedrov, Soundness of Formal Encryption in the Presence of Key-Cycles, Proc. 10th European Symposium on Research in Computer Security (ESO- RICS'05), pp.374-396, 2005.
DOI : 10.1007/11555827_22

M. Roberto, D. Amadio, and . Lugiez, On the reachability problem in cryptographic protocols, Proc. 11th International Conference on Concurrency Theory, pp.380-394, 2000.

M. Abadi and R. Needham, Prudent engineering practice for cryptographic protocols, IEEE Transactions on Software Engineering, vol.22, issue.1, pp.6-15, 1996.
DOI : 10.1109/32.481513

M. Abadi and P. Rogaway, Reconciling Two Views of Cryptography, Proc. 1st IFIP International Conference on Theoretical Computer Science (IFIP?TCS'00), pp.3-22, 2000.
DOI : 10.1007/3-540-44929-9_1

M. Abadi and P. Rogaway, Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)*, Journal of Cryptology, vol.15, issue.2, pp.103-127, 2002.
DOI : 10.1007/s00145-001-0014-7

M. Abadi and B. Warinschi, Password-Based Encryption Analyzed, Proc. 32nd International Colloquium on Automata, Languages and Programming (ICALP'05), pp.664-676, 2005.
DOI : 10.1007/11523468_54

[. Blanchet, M. Abadi, and C. Fournet, Automated Verification of Selected Equivalences for Security Protocols, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05), pp.331-340, 2005.
DOI : 10.1109/LICS.2005.8

[. Burrows, M. Abadi, and R. M. Needham, A logic of authentication, ACM Transactions on Computer Systems, vol.8, issue.1, pp.18-36, 1990.
DOI : 10.1145/77648.77649

[. Baudet, Prototype YAPA (Yet Another Protocol Analyzer) http://www.lsv.ens-cachan.fr/~baudet Deciding security of protocols against off-line guessing attacks, Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05), pp.16-25, 2005.

M. Boreale and M. G. Buscemi, A method for symbolic analysis of security protocols, Theoretical Computer Science, vol.338, issue.1-3, pp.393-425, 2005.
DOI : 10.1016/j.tcs.2005.03.044

[. Baudet, V. Cortier, and S. Kremer, Computationally Sound Implementations of Equational Theories Against Passive Adversaries, Proc. 32nd International Colloquium on Automata, Languages and Programming (ICALP'05), pp.652-663, 2005.
DOI : 10.1007/11523468_53

URL : https://hal.archives-ouvertes.fr/inria-00426620

[. Bodei, P. Degano, F. Nielson, and H. Nielson, Flow logic for Dolev???Yao secrecy in cryptographic processes, Future Generation Computer Systems, vol.18, issue.6, pp.747-756, 2002.
DOI : 10.1016/S0167-739X(02)00047-X

M. Boreale, R. De-nicola, and R. Pugliese, Proof techniques for cryptographic processes, Proc. 14th IEEE Symposium on Logics in Computer Science (LICS'99), pp.157-166, 1999.

M. Backes and P. Laud, Computationnally sound secrecy proofs by mechanized flow analysis, Proc. 13th ACM Conference on Computer and Communications Security (CCS'06), 2006.

[. Blanchet, Cryptoverif tool

B. Blanchet, ProVerif tool

B. Blanchet, An efficient cryptographic protocol verifier based on prolog rules, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001., pp.82-96, 2001.
DOI : 10.1109/CSFW.2001.930138

B. Blanchet, From Secrecy to Authenticity in Security Protocols, Proc. 9th International Static Analysis Symposium (SAS'02), pp.342-359, 2002.
DOI : 10.1007/3-540-45789-5_25

B. Blanchet, Automatic proof of strong secrecy for security protocols, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, pp.86-100, 2004.
DOI : 10.1109/SECPRI.2004.1301317

B. Blanchet, A computationally sound mechanized prover for security protocols, IEEE Symposium on Security and Privacy, 2006.

M. Steven, M. Bellovin, and . Merritt, Encrypted key exchange : Password-based protocols secure against dictionary attacks, Proc. 1992 IEEE Symposium on Security and Privacy (SSP'92), pp.72-84, 1992.

[. Borgström and U. Nestmann, On bisimulations for the spi calculus, Mathematical Structures in Computer Science, vol.15, issue.3, pp.487-552, 2005.
DOI : 10.1017/S0960129505004706

D. Bolignano, Towards the formal verification of electronic commerce protocols, Proceedings 10th Computer Security Foundations Workshop, pp.113-147, 1997.
DOI : 10.1109/CSFW.1997.596802

M. Boreale, Symbolic Trace Analysis of Cryptographic Protocols
DOI : 10.1007/3-540-48224-5_55

M. Backes and B. Pfitzmann, Symmetric encryption in a simulatable Dolev-Yao style cryptographic library, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004., pp.204-218, 2004.
DOI : 10.1109/CSFW.2004.1310742

M. Backes and B. Pfitzmann, Limits of the Cryptographic Realization of Dolev-Yao-Style XOR, Proc. 10th European Symposium on Research in Computer Security (ESORICS'05), pp.336-354, 2005.
DOI : 10.1007/11555827_11

B. Blanchet and D. Pointcheval, Automated Security Proofs with Sequences of Games, Proc. 26th Annual International Cryptology Conference (CRYPTO'06), Lecture Notes in Computer Science, 2006.
DOI : 10.1007/11818175_32

[. Backes, B. Pfitzmann, and M. Waidner, A composable cryptographic library with nested operations, Proceedings of the 10th ACM conference on Computer and communication security , CCS '03, pp.220-230, 2003.
DOI : 10.1145/948109.948140

[. Backes, B. Pfitzmann, and M. Waidner, Symmetric Authentication within a Simulatable Cryptographic Library, Proc. 8th European Symposium on Research in Computer Security (ESO- RICS'03), pp.271-290, 2003.
DOI : 10.1007/978-3-540-39650-5_16

[. Bellare and P. Rogaway, Introduction to modern cryptography, 2003.

J. Corbin and M. Bidoit, A rehabilitation of robinson's unification algorithm, IFIP Congress, pp.909-914, 1983.

H. Comon, V. Cortier, and J. C. Mitchell, Tree Automata with One Memory, Set Constraints, and Ping-Pong Protocols, Proc. 28th International Conference Automata Languages and Programming, pp.682-693, 2001.
DOI : 10.1007/3-540-48224-5_56

[. Corin, J. Doumen, and S. Etalle, Analysing Password Protocol Security Against Off-line Dictionary Attacks, Proc. 2nd International Workshop on Security Issues with Petri Nets and other Computational Models, pp.47-63, 2004.
DOI : 10.1016/j.entcs.2004.10.007

[. Cortier, S. Delaune, and P. Lafourcade, A survey of algebraic properties used in cryptographic protocols, Journal of Computer Security, vol.14, issue.1, pp.1-43, 2006.
DOI : 10.3233/JCS-2006-14101

URL : https://hal.archives-ouvertes.fr/inria-00000552

[. Canetti and J. Herzog, Universally Composable Symbolic Analysis of Mutual Authentication and Key-Exchange Protocols, Proc. 3rd Theory of Cryptography Conference, pp.380-403, 2006.
DOI : 10.1007/11681878_20

J. Clark and J. Jacob, A survey of authentication protocol literature, 1997.

H. Comon and J. Jouannaud, Les termes en logique et en programmation (version préliminaire), 2003.

[. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani, Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents, Proc. 23rd Conference on Foundations of Software Technology and Theoretical Computer Science (FST?TCS'03), volume 2914 of Lecture Notes in Computer ScienceCKRT03b] Yannick Chevalier, Ralf Küsters, Michaël Rusinowitch, and Mathieu Turuani. An NP decision procedure for protocol insecurity with XOR, pp.124-135, 2003.
DOI : 10.1007/978-3-540-24597-1_11

URL : https://hal.archives-ouvertes.fr/inria-00103935

E. Contejean, C. Marché, B. Monate, and X. Urbain, The CiME Rewrite Tool Proving secrecy is easy enough, Proc. 14th IEEE Computer Security Foundations Workshop (CSFW'01), pp.97-110, 2000.

E. Cohen, Proving protocols safe from guessing, Proc. Foundations of Computer Security (FCS'02, pp.85-92, 2002.

V. Cortier, Observational equivalence and trace equivalence in an extension of the spi-calculus Laboratoire Spécification et Vérification Combining intruder theories, Proc. 32nd International Colloquium on Automata, Languages and Programming (ICALP'05), pp.639-651, 2002.

V. Cortier and B. Warinschi, Computationally Sound, Automated Proofs for Security Protocols, European Symposium on Programming (ESOP'05), pp.157-171, 2005.
DOI : 10.1007/978-3-540-31987-0_12

URL : https://hal.archives-ouvertes.fr/inria-00000556

A. Datta, A. Derek, J. C. Mitchell, V. Shmatikov, and M. Turuani, Probabilistic Polynomial-Time Semantics for a Protocol Security Logic, Proc. of 32nd International Colloquium on Automata, Languages and Programming (ICALP'05), pp.16-29, 2005.
DOI : 10.1007/11523468_2

URL : https://hal.archives-ouvertes.fr/inria-00103654

S. Delaune, An undecidability result for AGh, Theoretical Computer Science, vol.368, issue.1-2, 2006.
DOI : 10.1016/j.tcs.2006.08.018

S. Delaune, Vérification des protocoles cryptographiques et propriétés algébriques, Thèse de doctorat, 2006.

[. Dershowitz, Termination of rewriting, Journal of Symbolic Computation, vol.3, issue.1-2, pp.69-116, 1987.
DOI : 10.1016/S0747-7171(87)80022-6

[. Diffie and M. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638

[. Delaune and F. Jacquemard, A decision procedure for the verification of security protocols with explicit destructors, Proceedings of the 11th ACM conference on Computer and communications security , CCS '04, pp.278-287, 2004.
DOI : 10.1145/1030083.1030121

URL : https://hal.archives-ouvertes.fr/inria-00579012

S. Delaune and F. Jacquemard, A theory of dictionary attacks and its complexity, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004., pp.2-15, 2004.
DOI : 10.1109/CSFW.2004.1310728

URL : https://hal.archives-ouvertes.fr/inria-00579014

[. Delaune, P. Lafourcade, D. Lugiez, and R. Treinen, Symbolic Protocol Analysis in Presence of a Homomorphism Operator and Exclusive Or, Proc. 33rd International Colloquium on Automata, Languages and Programming, pp.132-141, 2006.
DOI : 10.1007/11787006_12

. A. Nancy, J. Durgin, D. Mitchell, and . Pavlovic, A compositional logic for proving security properties of protocols, Journal of Computer Security, vol.11, issue.4, pp.677-722, 2003.

G. Dowek, Higher-Order Unification and Matching, Handbook of Automated Reasoning, pp.1009-1062, 2001.
DOI : 10.1016/B978-044450813-3/50018-7

E. Dorothy, G. M. Denning, and . Sacco, Timestamps in key distribution protocols, Communications of the ACM, vol.24, issue.8, pp.533-536, 1981.

[. Durante, R. Sisto, and A. Valenzano, Automatic testing equivalence verification of spi calculus specifications, ACM Transactions on Software Engineering and Methodology, vol.12, issue.2, pp.222-284, 2003.
DOI : 10.1145/941566.941570

A. Degtyarev and A. Voronkov, The undecidability of simultaneous rigid E-unification, Theoretical Computer Science, vol.166, issue.1-2, pp.291-300, 1996.
DOI : 10.1016/0304-3975(96)00092-8

W. Diffie, P. C. Van-oorschot, and M. J. Wiener, Authentication and authenticated key exchanges. Designs, Codes and Cryptography, pp.107-125, 1992.

D. Dolev and A. C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, IT, issue.12, pp.29198-208, 1983.

S. Even and O. Goldreich, On the security of multi-party ping-pong protocols, Proc. 24th IEEE Annual Symposium on Foundations of Computer Science (FOCS'83), pp.34-39, 1983.

[. Gong, M. A. Lomas, R. M. Needham, and J. H. Saltzer, Protecting poorly chosen secrets from guessing attacks, IEEE Journal on Selected Areas in Communications, vol.11, issue.5, pp.648-656, 1993.
DOI : 10.1109/49.223865

[. Goubault-larrecq, M. Roger, and K. N. Verma, Abstraction and resolution modulo AC: How to verify Diffie???Hellman-like protocols automatically, The Journal of Logic and Algebraic Programming, vol.64, issue.2, pp.219-251, 2005.
DOI : 10.1016/j.jlap.2004.09.004

S. Hohenberger, The cryptographic impact of groups with infeasible inversion, 2003.

G. Huet, A unification algorithm for typed ??-calculus, Theoretical Computer Science, vol.1, issue.1, pp.27-57, 1975.
DOI : 10.1016/0304-3975(75)90011-0

A. Huima, Efficient infinite-state analysis of security protocols, Proc. FLOC Workshop on Formal Methods and Security Protocols, 1999.

J. Hullot, Canonical forms and unification, Proc. 8th International Conference on Automated Deduction, pp.318-334, 1980.
DOI : 10.1007/3-540-10009-1_25

H. Hüttel, Deciding framed bisimilarity, Proc. 4th Int. Workshop on Verification of Infinite State Systems(INFINITY'02), pp.1-20, 2000.

J. and C. Kirchner, Solving equations in abstract algebras : A rule-based survey of unification, Computational Logic : Essays in Honor of Alan Robinson, pp.257-321, 1991.

[. Janvier, Y. Lakhnech, and L. Mazaré, Completing the Picture: Soundness of Formal Encryption in the Presence of Active Adversaries, European Symposium on Programming (ESOP'05), pp.172-185, 2005.
DOI : 10.1007/978-3-540-31987-0_13

[. Käeler and R. Küsters, Constraint Solving for Contract-Signing Protocols, Proc. 16th International Conference on Concurrency Theory, pp.233-247, 2005.
DOI : 10.1007/11539452_20

S. Kremer and J. Raskin, Game analysis of abuse-free contract signing, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15, pp.206-222, 2002.
DOI : 10.1109/CSFW.2002.1021817

S. Kremer and M. Ryan, Analysis of an Electronic Voting Protocol in the Applied Pi Calculus, Proc. 14th European Symposium on Programming (ESOP'05), pp.186-200, 2005.
DOI : 10.1007/978-3-540-31987-0_14

S. Kremer, Private communication, 2006.

P. Laud, Computationally Secure Information Flow, 2002.

G. Lowe, Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR, Proc. 2nd International Workshop on Tools and Algorithms for Construction and Analysis of Systems (TACAS'96), pp.147-166, 1996.
DOI : 10.1007/3-540-61042-1_43

G. Lowe, A hierarchy of authentication specifications, Proceedings 10th Computer Security Foundations Workshop, pp.31-44, 1997.
DOI : 10.1109/CSFW.1997.596782

G. Lowe, Analysing protocols subject to guessing attacks, Proc. IEEE Symposium on Security and Privacy (SSP'99), pp.83-98113, 1996.
DOI : 10.3233/JCS-2004-12104

A. Middeldorp and E. Hamoen, Completness results for basic narrowing Applicable Algebra in Engineering, Communication and Computing, vol.5, pp.213-253, 1994.

D. Micciancio, The RSA Group is Pseudo-Free, Advances in Cryptology ? EUROCRYPT'05, pp.387-403, 1993.
DOI : 10.1007/11426639_23

J. C. Mitchell, M. Mitchell, U. S. , P. Mateus, J. C. Mitchell et al., Automated analysis of cryptographic protocols using Mur? Composition of cryptographic protocols in a probabilistic polynomial-time process calculus, Proc. IEEE Symposium on Security and Privacy (SSP'97) Proc. 14th International Conference on Concurrency Theory (CONCUR'03), volume 2761 of Lecture Notes in Computer Science, pp.141-153, 1997.

D. Monniaux, Abstracting cryptographic protocols with tree automata, Science of Computer Programming, vol.47, issue.2-3, pp.177-202, 2003.
DOI : 10.1016/S0167-6423(02)00132-6

J. C. Mitchell, A. Ramanathan, A. Scedrov, and V. Teague, A Probabilistic Polynomial-time Calculus For Analysis of Cryptographic Protocols, Proc. 17th Annual Conference on the Mathematical Foundations of Programming Semantics, 2001.
DOI : 10.1016/S1571-0661(04)80968-X

J. K. Millen and V. Shmatikov, Constraint solving for bounded-process cryptographic protocol analysis, Proceedings of the 8th ACM conference on Computer and Communications Security , CCS '01, pp.166-175, 2001.
DOI : 10.1145/501983.502007

J. K. Millen and V. Shmatikov, Symbolic protocol analysis with products and Diffie-Hellman exponentiation, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings., pp.47-61, 2003.
DOI : 10.1109/CSFW.2003.1212704

A. J. Menezes, P. C. Van-oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, 1996.
DOI : 10.1201/9781439821916

D. Micciancio and B. Warinschi, Completeness theorems for the Abadi???Rogaway language of encrypted expressions1, Journal of Computer Security, vol.12, issue.1, pp.99-129, 2004.
DOI : 10.3233/JCS-2004-12105

D. Micciancio and B. Warinschi, Soundness of Formal Encryption in the Presence of Active Adversaries, Proc. 1st Theory of Cryptography Conference, pp.133-151, 2004.
DOI : 10.1007/978-3-540-24638-1_8

M. Roger, M. D. Needham, P. Schroeder-friedrich-otto, D. J. Narendran, and . Dougherty, Using encryption for authentication in large networks of computers Equational unification, word unification, and 2nd-order equational unification, Communications of the ACM Theoretical Computer Science, vol.21, issue.19812, pp.993-9991, 1978.

C. Lawrence and . Paulson, The inductive approach to verifying cryptographic protocols [Pot02] François Pottier. A simple view of type-secure information flow in the ?-calculus, Proc. 15th IEEE Computer Security Foundations Workshop (CSFW'02), pp.85-128, 1998.

D. Hieu-phan and D. Pointcheval, About the security of ciphers (semantic security and pseudo-random permutations) [PS03] François Pottier and Vincent Simonet. Information flow inference for ML, Proc. Selected Areas in Cryptography, pp.185-200117, 2003.

R. L. Rivest, On the Notion of Pseudo-Free Groups, Proc. 1st Theory of Cryptography Conference, pp.505-521, 2004.
DOI : 10.1007/978-3-540-24638-1_28

[. Ramanathan, J. C. Mitchell, A. Scedrov, and V. Teague, Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols, Proc. 7th International Conference on Foundations of Software Science and Computation Structures (FOS- SACS'04), volume 2987 of Lecture Notes in Computer Science, pp.468-483, 2004.
DOI : 10.1007/978-3-540-24727-2_33

[. Shoup, Sequences of games : a tool for taming complexity in security proofs, Cryptology ePrint Archive Report, vol.332, 2004.

[. Thayer, J. C. Herzog, and J. D. Guttman, Strand spaces : Proving security protocols correct, Journal of Computer Security, vol.7, issue.1, 1999.

[. Warinschi, A computational analysis of the Needham- Schroeder protocol, Proc. 16th IEEE Computer Science Foundations Workshop (CSFW'03), pp.248-262, 2003.

Y. C. Thomas, S. S. Woo, and . Lam, A semantic model for authentication protocols, Proc. IEEE Symposium on Research in Security and Privacy (SP'93), pp.178-195, 1993.

R. Zunino and P. Degano, Handling exp,?? (and Timestamps) in Protocol Analysis, Proc. 9th Int. Conference on Foundations of Software Science and Computation Structures (FOS- SACS'06), pp.413-427, 2006.
DOI : 10.1007/11690634_28

.. Transitions-entre-configurations-doubles, 54 3.6 Configurations doubles divergentes, 67 3.9 Transitions entre configurations symboliques doubles . . . . . . . . . 80 3.10 Configurations symboliques doubles divergentes, p.80