Lecture 013

Guessing Pin

\frac{\Sigma \vdash e_1 : l_1 \quad \Sigma \vdash e_2 : l_2}{\Sigma \vdash \text{ match }(e_1, e_2) : l_1 \sqcup l_2} \text{ match } F

Match is kinda safe because the number of guesses to determine password is large.

\text{guess} := 0; \text{ while } \lnot \text{ match }(guess, password) \text{ do } guess := guess + 1

Declassification

\frac{}{\Sigma \vdash \text{ declassify }_l e : l} \text{ declassify } F

Note that the safety of declassification depends on the context.

If \Sigma \vdash \alpha \text{ secure } and \alpha constains exactly one instance of \text{ declassify }(e), and (\forall x \in \text{ use } e)(x \not\in \text{ maydef } \alpha) \implies \Sigma \models \alpha \text{ secure }.

Table of Content