LLMpediaThe first transparent, open encyclopedia generated by LLMs

Dolev–Yao model

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Double Ratchet Algorithm Hop 5
Expansion Funnel Raw 88 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted88
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Dolev–Yao model
NameDolev–Yao model
Introduced1983
CreatorsDanny Dolev, Andrew Yao
FieldCryptographic protocol analysis
TypeAdversary model

Dolev–Yao model The Dolev–Yao model is an abstract adversary framework for analyzing cryptographic protocols, introduced in a foundational 1983 paper by Danny Dolev and Andrew Yao. It idealizes cryptographic primitives as perfect black boxes and treats adversaries as network-controlling entities able to intercept, modify, and fabricate messages; the model underlies formal verification work in protocol analysis and automated tooling. Major influences include subsequent formal methods research and the design of model checkers and theorem provers used in security protocol verification.

Introduction

The model was proposed by Danny Dolev and Andrew Yao while they were engaged with research communities around IBM Research, Stanford University, Princeton University, MIT, and Bell Labs. It abstracts cryptographic operations so that an attacker cannot break primitives except by explicit algebraic manipulations, which tied into later developments at IETF, NIST, ACM, IEEE, and IFIP workshops. The model became a cornerstone for projects at institutions such as Carnegie Mellon University, University of California, Berkeley, University of Cambridge, and ETH Zurich that focused on automated protocol analysis and formal verification.

Formal definition

Formally the Dolev–Yao model represents messages as algebraic terms and cryptographic operators as constructors and destructors, an approach used in proof frameworks at Cornell University, University of Oxford, École Polytechnique Fédérale de Lausanne, and University College London. The model specifies a transition system or inference rules that capture message composition, encryption, decryption, and signing, which align with logic-based methods developed in venues like PLDI, POPL, CSF, and TACAS. Formalizations were integrated into theorem-proving environments such as Coq, Isabelle/HOL, HOL4, and ACL2 to allow mechanized proofs of secrecy and authentication properties.

Threat model and attacker capabilities

In this framework attackers are as powerful as the network: they control channels between principals drawn from case studies at DARPA, NSA, European Commission, and Japan Science and Technology Agency. Attackers can intercept messages, replay, reorder, and synthesize new terms from known components, a capability modeled in tools developed at SRI International, Siemens, Microsoft Research, and Google Research. The model assumes attackers cannot invert cryptographic primitives without keys, reflecting cryptographic assumptions discussed in literature from RSA Laboratories, D. R. Stinson, Bruce Schneier, and Phil Zimmermann.

Applications in protocol analysis

The Dolev–Yao model has been applied to analyze authentication and key-exchange protocols like Needham–Schroeder protocol, Kerberos, TLS, IPsec, and OAuth, with case studies reported by research groups at Columbia University, ETH Zurich, KTH Royal Institute of Technology, and Australian National University. It underpins automated analyzers including model checkers and symbolic analyzers used in projects at VeriSoft, AVISPA, ProVerif, Scyther, and Tamarin Prover, and influenced standards work at IETF working groups and evaluations by ENISA. Protocol attacks discovered using the model were discussed in conferences like IEEE S&P, USENIX Security, CCS, NDSS, and Eurosys.

Limitations and extensions

Limitations drove extensions bridging symbolic and computational models pursued by teams at Princeton University, Zhengzhou University, Microsoft Research, and ETH Zurich. Key limitations include idealized cryptography and absence of probabilistic reasoning, problems addressed by computational soundness results from researchers at Brown University, University of Maryland, University of California, Santa Barbara, and SRI International. Extensions incorporate algebraic theories for primitives, time and probabilistic behaviors, and side-channel models developed in collaborations involving Google, Intel, ARM, and Qualcomm labs.

Tool support and implementations

Implementations and tools supporting Dolev–Yao-style analysis include ProVerif from CNRS teams, Tamarin Prover from Austrian Academy of Sciences collaborators, Scyther from Royal Holloway, University of London, and AVISPA developed with European partners; academic projects at IMDEA Software Institute, CISPA Helmholtz Center, and RIACS also contributed. Integration with proof assistants such as Isabelle/HOL, Coq, and HOL4 enabled mechanized proofs and extraction of counterexamples, and industry adaptations influenced products and audits at Cisco Systems, Symantec, McAfee, and Qualys.

Historical context and impact on security research

Historically the Dolev–Yao model catalyzed a shift from ad hoc protocol reasoning to formal, automated verification, inspiring work at Harvard University, MIT Lincoln Laboratory, University of Toronto, University of Washington, and National University of Singapore. It fostered cross-pollination between cryptography and formal methods communities represented at CRYPTO, EUROCRYPT, CCS, TACAS, and FSE conferences. The model’s influence persists in standards development, toolchains, and curricula at universities including Yale University, Imperial College London, University of Michigan, and Peking University, shaping generations of research on secure protocols.

Category:Cryptographic protocol analysis