. Moreover, to reflect that duality also requires that identity parameters should be the same, we replace k ? by k. Note that by using the same messages (m, m ? , etc.) for corresponding inputs and outputs, we express that the messages that are

?. Issuer and . Tpm, ), sk I )

[. Abdulla, S. Aronis, B. Jonsson, and K. Sagonas, Optimal dynamic partial order reduction, Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '14, pp.373-384, 2014.
DOI : 10.1145/2535838.2535845

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Abadi and B. Blanchet, Computer-assisted verification of a protocol for certified email, Static Analysis, pp.316-335, 2003.

M. Abadi, Secrecy by typing in security protocols, Theoretical Aspects of Computer Software, pp.611-638, 1997.
DOI : 10.1145/324133.324266

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green et al., Imperfect Forward Secrecy, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pp.5-17, 2015.
DOI : 10.1145/2810103.2813707

URL : https://hal.archives-ouvertes.fr/hal-01184171

A. Armando, R. Carbone, L. Compagna, J. Cuellar, and L. Tobarra, Formal analysis of SAML 2.0 web browser single sign-on, Proceedings of the 6th ACM workshop on Formal methods in security engineering, FMSE '08, pp.1-10, 2008.
DOI : 10.1145/1456396.1456397

[. Arapinis, V. Cheval, and S. Delaune, Verifying Privacy-Type Properties in a Modular Way, 2012 IEEE 25th Computer Security Foundations Symposium, pp.95-109, 2012.
DOI : 10.1109/CSF.2012.16

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Arapinis, T. Chothia, E. Ritter, and M. Ryan, Untraceability in the applied pi-calculus, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST), pp.1-6, 2009.
DOI : 10.1109/ICITST.2009.5402514

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Arapinis, T. Chothia, E. Ritter, and M. Ryan, Analysing Unlinkability and Anonymity Using the Applied Pi Calculus, 2010 23rd IEEE Computer Security Foundations Symposium, 2010.
DOI : 10.1109/CSF.2010.15

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

O. Admp-+-09-]-ben-adida, O. De-marneffe, J. Pereira, and . Quisquater, Electing a university president using open-audit voting: Analysis of real-world use of Helios, EVT/WOTE, vol.9, pp.10-10, 2009.

C. [. Abadi and . Fournet, Mobile values, new names, and secure communication, Proceedings of the ACM SIGPLAN Symposium on Principles of Programming Languages, 2001.
DOI : 10.1145/373243.360213

URL : https://hal.archives-ouvertes.fr/hal-01423924

M. Abadi and C. Fournet, Private authentication, Theoretical Computer Science, vol.322, issue.3, 2004.
DOI : 10.1007/3-540-36467-6_3

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Abadi, D. Andrew, and . Gordon, A calculus for cryptographic protocols, Proceedings of the 4th ACM conference on Computer and communications security , CCS '97, pp.36-47, 1997.
DOI : 10.1145/266420.266432

M. Abadi and A. D. Gordon, A bisimulation method for cryptographic protocols, Nord. J. Comput, vol.5, issue.4, p.267, 1998.
DOI : 10.1007/BFb0053560

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

G. Alpár and J. Hoepman, A secure channel for attribute-based credentials, Proceedings of the 2013 ACM workshop on Digital identity management, DIM '13, pp.13-18, 2013.
DOI : 10.1145/2517881.2517884

D. [. Anisimov and . Knuth, Inhomogeneous sorting, International Journal of Computer & Information Sciences, vol.8, issue.4, pp.255-260, 1979.
DOI : 10.1007/BF00993053

L. Arapinis, E. Mancini, M. Ritter, N. Ryan, K. Golde et al., New privacy issues in mobile telephony, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.205-216, 2012.
DOI : 10.1145/2382196.2382221

M. Arapinis, L. I. Mancini, E. Ritter, and M. Ryan, Privacy through Pseudonymity in Mobile Telephony Systems, Proceedings 2014 Network and Distributed System Security Symposium, 2014.
DOI : 10.14722/ndss.2014.23082

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

A. Andreoli, Logic Programming with Focusing Proofs in Linear Logic, Journal of Logic and Computation, vol.2, issue.3, 1992.
DOI : 10.1093/logcom/2.3.297

. Apta, http://projects.lsv.ens-cachan, pp.2016-2017

/. Apte-/-apte and . Accessed, Sources of APTE Available at https://github, Bibliography, pp.2016-2017

M. Abadi and P. Rogaway, Reconciling two views of cryptography (the computational soundness of formal encryption), Proc. International Conference on Theoretical Computer Science, pp.3-22, 2000.

[. Blanchet, M. Abadi, and C. Fournet, Automated Verification of Selected Equivalences for Security Protocols, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05), pp.331-340, 2005.
DOI : 10.1109/LICS.2005.8

[. Blanchet, M. Abadi, and C. Fournet, Automated Verification of Selected Equivalences for Security Protocols, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05), pp.3-51, 2008.
DOI : 10.1109/LICS.2005.8

M. Baudet, Deciding security of protocols against off-line guessing attacks, Proceedings of the 12th ACM conference on Computer and communications security , CCS '05
DOI : 10.1145/1102120.1102125

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Brusó, K. Chatzikokolakis, and J. D. Hartog, Formal Verification of Privacy for RFID Systems, 2010 23rd IEEE Computer Security Foundations Symposium, pp.75-88, 2010.
DOI : 10.1109/CSF.2010.13

M. Brusó, K. Chatzikokolakis, S. Etalle, and J. D. Hartog, Linking Unlinkability, Trustworthy Global Computing, pp.129-144, 2013.
DOI : 10.1007/978-3-642-41157-1_9

J. Bender, Ö. Dagdelen, M. Fischlin, and D. Kügler, The PACE|AA Protocol for Machine Readable Travel Documents, and Its Security, Financial Cryptography and Data Security, pp.344-358, 2012.
DOI : 10.1007/978-3-642-32946-3_25

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Bdh-]-david-baelde, L. Delaune, and . Hirschi, A reduced semantics for deciding trace equivalence

[. Baelde, S. Delaune, and L. Hirschi, A Reduced Semantics for Deciding Trace Equivalence Using Constraint Systems, Proc. 3rd Conference on Principles of Security and Trust, pp.1-21, 2014.
DOI : 10.1007/978-3-642-54792-8_1

URL : http://arxiv.org/abs/1401.2854

[. Baelde, S. Delaune, and L. Hirschi, Partial order reduction for security protocols, 26th International Conference on Concurrency Theory (CONCUR'15), p.497, 2015.

J. David-basin, R. Dreier, and . Sasse, Automated symbolic proofs of observational equivalence, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp.1144-1155, 2015.

G. Barthe, C. Fournet, B. Grégoire, P. Strub, N. Swamy et al., Probabilistic relational verification for cryptographic implementations, Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '14, pp.193-205, 2014.
DOI : 10.1145/2535838.2535847

URL : https://hal.archives-ouvertes.fr/hal-00935743

J. Bender, M. Fischlin, and D. Kügler, Security Analysis of the PACE Key-Agreement Protocol, Information Security, pp.33-48, 2009.
DOI : 10.1007/11889663_14

[. Borgström, R. Gutkovas, I. Rodhe, and B. Victor, The Psi-Calculi Workbench, ACM Transactions on Embedded Computing Systems, vol.14, issue.1, pp.1-925, 2015.
DOI : 10.1145/2682570

[. Barthe, B. Grégoire, and S. Z. Béguelin, Formal certification of code-based cryptographic proofs, ACM SIGPLAN Notices, vol.44, issue.1, pp.90-101, 2009.
DOI : 10.1145/1594834.1480894

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Backes, C. Hritcu, and M. Maffei, Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus, 2008 21st IEEE Computer Security Foundations Symposium, pp.195-209, 2008.
DOI : 10.1109/CSF.2008.26

J. Bengtson, M. Johansson, J. Parrow, and B. Victor, Psicalculi: a framework for mobile processes with nominal data and logic, Logical Methods in Computer Science, vol.7, issue.1, 2011.
DOI : 10.2168/lmcs-7(1:11)2011

URL : http://arxiv.org/pdf/1101.3262

J. Baier and . Katoen, Principles of Model Checking (Representation and Mind Series), 2008.

B. Blanchet, Automatic proof of strong secrecy for security protocols, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, pp.86-100, 2004.
DOI : 10.1109/SECPRI.2004.1301317

B. Blanchet, A Computationally Sound Mechanized Prover for Security Protocols, IEEE Transactions on Dependable and Secure Computing, vol.5, issue.4, pp.193-207, 2008.
DOI : 10.1109/TDSC.2007.1005

A. D. Blf-+-14-]-karthikeyan-bhargavan, C. Lavaud, A. Fournet, P. Y. Pironti, and . Strub, Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS, 2014 IEEE Symposium on Security and Privacy, pp.98-113, 2014.

[. Backes, M. Maffei, and D. Unruh, Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol, 2008 IEEE Symposium on Security and Privacy (sp 2008), pp.202-215, 2008.
DOI : 10.1109/SP.2008.23

J. Borgström, A Complete Symbolic Bisimilarity for an Extended Spi Calculus, Electronic Notes in Theoretical Computer Science, vol.242, issue.3, pp.3-20, 2009.
DOI : 10.1016/j.entcs.2009.07.078

B. Blanchet and A. Podelski, Verification of cryptographic protocols: Tagging enforces termination, Foundations of Software Science and Computation Structures, 2003.
DOI : 10.1007/3-540-36576-1_9

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Beringer, A. Petcher, . Katherine, W. Andrew, and . Appel, Verified correctness and security of OpenSSL HMAC, 24th USENIX Security Symposium, pp.207-221, 2015.

[. Brusó, Dissecting Unlinkability, 2014.

B. Blanchet and B. Smyth, Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers, 2016 IEEE 29th Computer Security Foundations Symposium (CSF), 2016.
DOI : 10.1109/CSF.2016.29

URL : https://hal.archives-ouvertes.fr/hal-01423742

[. Benaloh, S. Vaudenay, and J. Quisquater, Final report of iacr electronic voting committee. international association for cryptologic research, 2010. [car] Blackhat'15 talk about cars hacking

V. Cheval and B. Blanchet, Proving More Observational Equivalences with ProVerif, Proc. 2nd Conference on Principles of Security and Trust, pp.226-246, 2013.
DOI : 10.1007/978-3-642-36830-1_12

URL : https://hal.archives-ouvertes.fr/hal-00863377

V. Cheval and V. Cortier, Timing Attacks in Security Protocols: Symbolic Framework and Proof Techniques, Proc. 4th Conference on Principles of Security and Trust, pp.280-299, 2015.
DOI : 10.1007/978-3-662-46666-7_15

URL : https://hal.archives-ouvertes.fr/hal-01103618

[. Chadha, V. Cheval, ?. Ciobâc?, and S. Kremer, Automated verification of equivalence properties of cryptographic protocol, ACM Transactions on Computational Logic, 2016.

[. Cheval, H. Comon-lundh, and S. Delaune, Automating Security Analysis: Symbolic Equivalence of Constraint Systems, Proc. 5th International Joint Conference on Automated Reasoning, 2010.
DOI : 10.1007/978-3-642-14203-1_35

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Cheval, H. Comon-lundh, and S. Delaune, Trace equivalence decision, Proceedings of the 18th ACM conference on Computer and communications security, CCS '11, 2011.
DOI : 10.1145/2046707.2046744

URL : http://kar.kent.ac.uk/46878/1/CCD-ccs11.pdf

V. Cheval, V. Cortier, and S. Delaune, Deciding equivalencebased properties using constraint solving, Theoretical Computer Science, vol.492, 2013.
DOI : 10.1016/j.tcs.2013.04.016

URL : https://hal.archives-ouvertes.fr/hal-00881060

V. Ccd13b-]-rémy-chrétien, S. Cortier, and . Delaune, From security protocols to pushdown automata, Proc. 40th International Colloquium on Automata, Languages and Programming, pp.137-149, 2013.

V. Ccd15a-]-rémy-chrétien, S. Cortier, and . Delaune, Decidability of trace equivalence for protocols with nonces, Proc. 28th Computer Security Foundations Symposium, pp.170-184, 2015.

V. Ccd15b-]-rémy-chrétien, S. Cortier, and . Delaune, From security protocols to pushdown automata, ACM Transactions on Computational Logic, vol.17, issue.13, 2015.

[. Chadha, ?. Ciobâc?, and S. Kremer, Automated verification of equivalence properties of cryptographic protocols, Programming Languages and Systems, pp.108-127, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01306561

V. Cheval, H. Comon-lundh, and S. Delaune, A procedure for deciding symbolic equivalence between sets of constraint systems, Information and Computation, 2016.
DOI : 10.1016/j.ic.2017.05.004

[. Cheval, V. Cortier, and A. Plet, Lengths May Break Privacy ??? Or How to Check for Equivalences with Length, Proc. 25th International Conference on Computer Aided Verification (CAV'13), pp.708-723, 2013.
DOI : 10.1007/978-3-642-39799-8_50

URL : https://hal.archives-ouvertes.fr/hal-00881065

. Cervesato, A. Nancy, . Durgin, D. Patrick, . Lincoln et al., A meta-notation for protocol analysis, Proceedings of the 12th IEEE Computer Security Foundations Workshop, pp.55-69, 1999.
DOI : 10.1109/CSFW.1999.779762

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Cortier, S. Delaune, and P. Lafourcade, A survey of algebraic properties used in cryptographic protocols, Journal of Computer Security, vol.14, issue.1, pp.1-43, 2006.
DOI : 10.3233/JCS-2006-14101

URL : https://hal.archives-ouvertes.fr/inria-00000552

[. Cremers and L. Hirschi, Improving automatic symbolic analysis for e-voting protocols: Sufficient conditions for ballot secrecy. (Under submission ) A copy can be, 2017.

V. Cheval, Automatic verification of cryptographic protocols: privacy-type properties, 2012.
URL : https://hal.archives-ouvertes.fr/tel-00861389

V. Cheval, APTE: An Algorithm for Proving Trace Equivalence, Proceedings TACAS'14, 2014.
DOI : 10.1007/978-3-642-54862-8_50

URL : http://kar.kent.ac.uk/46724/1/Cheval-tacas14.pdf

T. Chothia, Analysing the mute anonymous file-sharing system using the picalculus, Formal Techniques for Networked and Distributed Systems-FORTE 2006, pp.115-130, 2006.
DOI : 10.1007/11888116_9

[. Cremers, M. Horvat, S. Scott, and T. Van-der-merwe, Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication, 2016 IEEE Symposium on Security and Privacy (SP), 2016.
DOI : 10.1109/SP.2016.35

S. [. Clarke, W. Jha, and . Marrero, Partial Order Reductions for Security Protocol Verification, Tools and Algorithms for the Construction and Analysis of Systems, pp.503-518, 2000.
DOI : 10.1007/3-540-46419-0_34

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

E. M. Clarke, S. Jha, and W. R. Marrero, Efficient verification of security protocols using partial-order reductions, International Journal on Software Tools for Technology Transfer (STTT), vol.4, issue.2, 2003.
DOI : 10.1007/s10009-002-0103-4

[. Cortier, S. Kremer, and B. Warinschi, A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems, Journal of Automated Reasoning, vol.13, issue.1, pp.3-4225, 2011.
DOI : 10.1007/s10817-010-9187-9

URL : https://hal.archives-ouvertes.fr/inria-00525776

S. Hubert-comon-lundh and . Delaune, The Finite Variant Property: How to Get Rid of Some Algebraic Properties, Proc. International Conference on Rewriting Techniques and Applications, pp.294-307, 2005.
DOI : 10.1007/978-3-540-32033-3_22

J. Camenisch, A. Lehmann, and G. Neven, Electronic Identities Need Private Credentials, IEEE Security & Privacy Magazine, vol.10, issue.1, pp.80-83, 2012.
DOI : 10.1109/MSP.2012.7

J. Cas, S. Cremers, and . Mauw, Checking secrecy by means of partial order reduction, System Analysis and Modeling, 2005.

[. Chaudhuri, D. Miller, and A. Saurin, Canonical Sequent Proofs via Multi-Focusing, International Conference On Theoretical Computer Science
DOI : 10.1007/978-0-387-09680-3_26

URL : https://hal.archives-ouvertes.fr/hal-00527893

J. Camenisch, S. Mödersheim, and D. Sommer, A Formal Model of Identity Mixer, Formal Methods for Industrial Critical Systems, pp.198-214
DOI : 10.1007/BF00196725

[. Chevalier and M. Rusinowitch, Decidability of Equivalence of Symbolic Derivations, Journal of Automated Reasoning, vol.17, issue.3, p.2012
DOI : 10.1007/s10817-010-9199-5

URL : https://hal.archives-ouvertes.fr/inria-00527630

[. Cremers, K. B. Rasmussen, B. Schmidt, and S. ?apkun, Distance Hijacking Attacks on Distance Bounding Protocols, 2012 IEEE Symposium on Security and Privacy, pp.113-127, 2012.
DOI : 10.1109/SP.2012.17

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Cortier and B. Smyth, Attacking and fixing Helios: An analysis of ballot secrecy, Journal of Computer Security, vol.21, issue.1, pp.89-148, 2013.
DOI : 10.3233/JCS-2012-0458

URL : https://hal.archives-ouvertes.fr/hal-00732899

L. Cheikhrouhou, W. Stephan, Ö. Dagdelen, M. Fischlin, and M. Ullmann, Merging the cryptographic security analysis and the algebraiclogic security proof of pace, Sicherheit, pp.83-94, 2012.

[. Demir, M. Cunche, and C. Lauradoux, Analysing the privacy policies of Wi-Fi trackers, Proceedings of the 2014 workshop on physical analytics, WPA '14, pp.39-44, 2014.
DOI : 10.1145/2611264.2611266

URL : https://hal.archives-ouvertes.fr/hal-00968585

[. Deng, I. Cervesato, and R. J. Simmons, Relating reasoning methodologies in linear logic and process algebra, LINEARITY, 2012.
DOI : 10.4204/eptcs.101.5

URL : http://arxiv.org/abs/1211.4100

[. Degano, R. D. Nicola, and U. Montanari, A partial ordering semantics for CCS, Theoretical Computer Science, vol.75, issue.3, pp.223-262, 1990.
DOI : 10.1016/0304-3975(90)90095-Y

URL : http://doi.org/10.1016/0304-3975(90)90095-y

M. [. Diffie and . Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Delaune and L. Hirschi, A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols, Journal of Logical and Algebraic Methods in Programming, vol.87, 2016.
DOI : 10.1016/j.jlamp.2016.10.005

[. Dong, H. Jonker, and J. Pang, Formal Analysis of Privacy in an eHealth Protocol, Computer Security?ESORICS 2012, pp.325-342, 2012.
DOI : 10.1007/978-3-642-33167-1_19

[. Delaune, S. Kremer, and M. Ryan, Coercion-Resistance and Receipt-Freeness in Electronic Voting, 19th IEEE Computer Security Foundations Workshop (CSFW'06), p.12, 2006.
DOI : 10.1109/CSFW.2006.8

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Delaune, S. Kremer, and M. D. Ryan, Verifying privacy-type properties of electronic voting protocols, Journal of Computer Security, vol.17, issue.4, 2008.
DOI : 10.3233/JCS-2009-0340

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Delaune, S. Kremer, and M. D. Ryan, Symbolic bisimulation for the applied pi calculus*, Journal of Computer Security, vol.18, issue.2, pp.317-377, 2010.
DOI : 10.3233/JCS-2010-0363

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Delaune, M. D. Ryan, and B. Smyth, Automatic Verification of Privacy Properties in the Applied pi Calculus, Proceedings of the 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08), volume 263 of IFIP Conference Proceedings, 2008.
DOI : 10.1007/978-0-387-09428-1_17

E. Dorothy, G. M. Denning, and . Sacco, Timestamps in key distribution protocols, Communications of the ACM, vol.24, issue.8, pp.533-536, 1981.

[. Durante, R. Sisto, and A. Valenzano, Automatic testing equivalence verification of spi calculus specifications, ACM Transactions on Software Engineering and Methodology, vol.12, issue.2, 2003.
DOI : 10.1145/941566.941570

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. Dolev and A. Yao, On the security of public key protocols, IEEE Transactions on Information Theory, vol.29, issue.2, pp.198-208, 1983.
DOI : 10.1109/TIT.1983.1056650

S. Escobar, C. Meadows, J. Meseguer, and S. Santiago, State space reduction in the Maude-NRL Protocol Analyzer, Information and Computation, vol.238, pp.157-186, 2014.
DOI : 10.1016/j.ic.2014.07.007

URL : http://arxiv.org/abs/1105.5282

[. Escobar, R. Sasse, and J. Meseguer, Folding variant narrowing and optimal variant termination, Rewriting Logic and Its Applications, pp.52-68
DOI : 10.1007/978-3-642-16310-4_5

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Feldhofer, S. Dominikus, and J. Wolkerstorfer, Strong Authentication for RFID Systems Using the AES Algorithm, Cryptographic Hardware and Embedded Systems-CHES 2004, pp.357-370, 2004.
DOI : 10.1007/978-3-540-28632-5_26

[. Fokkink, M. T. Dashti, and A. Wijs, Partial Order Reduction for Branching Security Protocols, 2010 10th International Conference on Application of Concurrency to System Design, 2010.
DOI : 10.1109/ACSD.2010.19

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Flanagan and P. Godefroid, Dynamic partial-order reduction for model checking software, ACM SIGPLAN Notices, vol.40, issue.1, pp.110-121
DOI : 10.1145/1047659.1040315

[. Fabrega, . Javier, C. Jonathan, J. D. Herzog, and . Guttman, Strand spaces: proving security protocols correct, Journal of Computer Security, vol.7, issue.2-3, pp.191-230, 1999.
DOI : 10.3233/JCS-1999-72-304

P. Godefroid, Using partial orders to improve automatic verification methods
DOI : 10.1007/bfb0023731

D. Garg and F. Pfenning, Type-Directed Concurrency, Proceedings of the International Conference on Concurrency Theory, 2005.
DOI : 10.1007/11539452_5

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Gurchetan, . Grewal, D. Mark, L. Ryan, . Chen et al., Duvote: Remote electronic voting with untrusted computers, 2015 IEEE 28th Computer Security Foundations Symposium, pp.155-169, 2015.

+. Gvlh, P. Godefroid, . Van-leeuwen, . Hartmanis, P. Goos et al., Partial-order methods for the verification of concurrent systems: an approach to the state-explosion problem, 1996.

[. Hirschi, D. Baelde, and S. Delaune, A Method for Verifying Privacy-Type Properties: The Unbounded Case, 2016 IEEE Symposium on Security and Privacy (SP), pp.564-581, 2016.
DOI : 10.1109/SP.2016.40

[. Hirschi, SPEC with dependency constraints

[. Hirschi, Réduction d'entrelacements pour l'équivalence de traces, 2013.

[. Huhn, P. Niebert, and H. Wehrheim, Partial Order Reductions for Bisimulation Checking, Foundations of Software Technology and Theoretical Computer Science, 18th Conference Proceedings, volume 1530 of Lecture Notes in Computer Science, pp.271-282, 1998.
DOI : 10.1007/978-3-540-49382-2_26

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

H. Hüttel, Deciding Framed Bisimilarity, Electronic Notes in Theoretical Computer Science, vol.68, issue.6, pp.1-18, 2003.
DOI : 10.1016/S1571-0661(04)80530-9

A. Juels, A. Stephen, and . Weis, Defining strong privacy for RFID, ACM Transactions on Information and System Security, vol.13, issue.1, p.7, 2009.
DOI : 10.1109/percomw.2007.37

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Kremer, To Du or Not to Du: A Security Analysis of Du-Vote, 2016 IEEE European Symposium on Security and Privacy (EuroS&P), pp.473-486, 2016.
DOI : 10.1109/EuroSP.2016.42

URL : https://hal.archives-ouvertes.fr/hal-01238894

M. [. Kremer and . Ryan, Analysis of an Electronic Voting Protocol in the Applied Pi Calculus, Proc. 14th European Symposium on Programming, pp.186-200, 2005.
DOI : 10.1007/978-3-540-31987-0_14

[. Lee, T. Asano, and K. Kim, RFID mutual authentication scheme based on synchronized secret information In Symposium on cryptography and information security [log] Logjam website. https://mitls, pp.2016-2017, 2006.

G. Lowe, A hierarchy of authentication specifications, Proceedings 10th Computer Security Foundations Workshop, pp.18-30, 1997.
DOI : 10.1109/CSFW.1997.596782

[. Miller, Encryption as an abstract data-type, Electronic Notes in Theoretical Computer Science, vol.84, 2003.
DOI : 10.1016/S1571-0661(04)80841-7

URL : http://doi.org/10.1016/s1571-0661(04)80841-7

R. [. Boreale, R. De-nicola, and . Pugliese, Proof Techniques for Cryptographic Processes, SIAM Journal on Computing, vol.31, issue.3, pp.947-986, 2002.
DOI : 10.1137/S0097539700377864

URL : http://basics.sjtu.edu.cn/~yuehg/lics/proof techniques for cryptographic processes 1999.pdf

D. [. Milner and . Sangiorgi, Barbed bisimulation, Proc. 19th International Colloquium on Automata, Languages, and Programming, pp.685-695, 1992.
DOI : 10.1007/3-540-55719-9_114

V. [. Millen and . Shmatikov, Constraint solving for bounded-process cryptographic protocol analysis, Proceedings of the 8th ACM conference on Computer and Communications Security , CCS '01, 2001.
DOI : 10.1145/501983.502007

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

D. Miller and A. Saurin, From Proofs to Focused Proofs: A Modular Proof of Focalization in Linear Logic, Proceedings of the EACSL Annual Conference on Computer Science Logic, 2007.
DOI : 10.1007/978-3-540-74915-8_31

URL : https://hal.archives-ouvertes.fr/hal-00527888

B. [. Meier, C. Schmidt, D. Cremers, and . Basin, The TAMARIN Prover for the Symbolic Analysis of Security Protocols, Proc. 25th International Conference on Computer Aided Verification, pp.696-701, 2013.
DOI : 10.1007/978-3-642-39799-8_48

[. Mitchell, . Scedrov, P. Durgin, and . Lincoln, Undecidability of bounded security protocols, Workshop on Formal Methods and Security Protocols, 1999.

[. Mödersheim, L. Viganò, and D. A. Basin, Constraint differentiation: Search-space reduction for the constraint-based analysis of security protocols, Journal of Computer Security, vol.18, issue.4, 2010.
DOI : 10.3233/JCS-2009-0351

M. Roger, . Needham, D. Michael, and . Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, vol.21, issue.12, pp.993-999, 1978.

O. Pereira, B. Adida, and O. De-marneffe, Bringing open audit elections into practice: Real world uses of Helios. swiss e-voting workshop, 2010.

D. Peled, Ten years of partial order reduction, Proceedings of International Conference on Computer-Aided Verification, 1998.
DOI : 10.1007/BFb0028727

A. Petcher and G. Morrisett, The Foundational Cryptography Framework, Principles of Security and Trust, pp.53-72, 2015.
DOI : 10.1007/978-3-662-46666-7_4

URL : http://arxiv.org/abs/1410.3735

G. Kenneth, T. Paterson, and . Van-der-merwe, Reactive and proactive standardisation of TLS, Security Standardisation Research, pp.160-186, 2016.

C. Paquin and G. Zaverucha, U-prove cryptographic specification v1.1 (revision 3), 2013.

A. [. Rivest, L. Shamir, and . Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, vol.21, issue.2, pp.120-126, 1978.
DOI : 10.1145/359340.359342

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

[. Sen and G. Agha, Automated Systematic Testing of Open Distributed Programs, Fundamental Approaches to Software Engineering, pp.339-356
DOI : 10.1007/11693017_25

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Santiago, S. Escobar, C. Meadows, and J. Meseguer, A formal definition of protocol indistinguishability and its verification using maudenpa, Security and Trust Management, pp.162-177, 2014.

[. Smyth, D. Mark, L. Ryan, and . Chen, Formal analysis of privacy in Direct Anonymous Attestation schemes, Science of Computer Programming, vol.111, pp.300-317, 2015.
DOI : 10.1016/j.scico.2015.04.004

S. Schneider and A. Sidiropoulos, CSP and anonymity, Proc. International Conference on Computer Security, pp.198-218, 1996.
DOI : 10.1007/3-540-61770-1_38

A. Shaik, J. Seifert, R. Borgaonkar, N. Asokan, and V. Niemi, Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems, Proceedings 2016 Network and Distributed System Security Symposium, 2016.
DOI : 10.14722/ndss.2016.23236

URL : http://arxiv.org/abs/1510.07563

D. Sangiorgi and D. Walker, The pi-calculus: a Theory of Mobile Processes

A. Tiu and J. E. Dawson, Automating Open Bisimulation Checking for the Spi Calculus, 2010 23rd IEEE Computer Security Foundations Symposium, 2010.
DOI : 10.1109/CSF.2010.28

A. Tiu, A trace based bisimulation for the spi calculus, Programming Languages and Systems, pp.367-382, 2007.

S. Tasharofi, K. Rajesh, S. Karmani, A. Lauterburg, D. Legay et al., TransDPOR: A Novel Dynamic Partial-Order Reduction Technique for Testing Actor Programs, Formal Techniques for Distributed Systems, pp.219-234, 2012.
DOI : 10.1007/978-3-642-30793-5_14

URL : https://hal.archives-ouvertes.fr/hal-01528727

J. Turow, The Aisles Have Eyes, 2017.
DOI : 10.1353/asr.2017.0010

R. Fabian-van-den-broek, J. Verdult, and . De-ruiter, Defeating IMSI Catchers, Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, 2015.
DOI : 10.1145/2810103.2813615

S. Vdmr08-]-ton-van-deursen, S. Mauw, and . Radomirovi?, Untraceability of RFID protocols, Information Security Theory and Practices. Smart Devices, Convergence and Next Generation Networks, pp.1-15, 2008.

S. Vdr08-]-ton-van-deursen and . Radomirovic, Attacks on RFID protocols, IACR Cryptology ePrint Archive, p.310, 2008.