A General Approach to the Verification of Cryptographic Protocols using Answer Set Programming James P. Delgrande, Torsten Grote, and Aaron Hunter School of Computing Science, Simon Fraser University, Burnaby, B.C., Canada V5A 1S6. {jim, tga14, hunter}@cs.sfu.ca Abstract. We introduce a general approach to cryptographic protocol verifica- tion based on answer set programming. In our approach, cryptographic protocols are represented as extended logic programs where the answer sets correspond to traces of protocol runs. Using queries, we can find attacks on a protocol by finding the answer sets for the corresponding logic program. Our encoding is modular, with different modules representing the message passing environment, the pro- tocol structure and the intruder model. We can easily tailor each module to suit a specific application, while keeping the rest of the encoding constant. As such, our approach is more flexible and elaboration tolerant than related formalizations. The present system is intended as a first step towards the development of a com- piler from protocol specifications to executable programs; such a compiler would make verification a completely automated process. This work is also part of a larger project in which we are exploring the advantages of explicit, declarative representations of protocol verification problems. 1 Introduction A cryptographic protocol is a sequence of encrypted messages that is used to exchange information and achieve communicative goals over an insecure network. Proving that a cryptographic protocol is secure is difficult, because many attacks are subtle and diffi- cult to find. The problem is further complicated by the fact that protocol goals are often specified imprecisely, which makes it difficult to know exactly what might constitute an attack. In this paper, we use Answer Set Programming (ASP) to encode relevant information involved in a cryptographic protocol, including agent capabilities and the message passing environment, and to automatically detect attacks. A wide range of methods have been previously employed for the verification of cryptographic protocols, including encodings in many different formal logics. Our work is distinguished from most of these methods in that we use a declarative formalism for reasoning about action effects. We specify the steps of a cryptographic protocol in a logic program where the answer sets correspond to sequences of messages exchanged between agents. After translating a given protocol into our encoding, it is straightfor- ward to automatically generate attacks by using an answer set solver.