proverif-tamarin-protocol-modeling

What problem does it solve?

Provides guidance and repeatable modeling patterns to formally verify security properties of multi-agent coordination systems under a Dolev-Yao attacker, helping you decide between ProVerif and Tamarin and avoid common modeling pitfalls that lead to false attacks or non-termination.

Core Features & Use Cases

• Decision guidance: A clear decision tree for when to use ProVerif (stateless, unbounded sessions, equivalence queries) versus Tamarin (mutable global state, ordering, replay resistance).
• Model templates: ProVerif patterns for secrecy and observational equivalence and Tamarin sketches for stateful rules (issue, dismiss, verify) and epoch-based mitigations for backup/restore attacks.
• Diagnostics & anti-patterns: Practical advice on diagnosing ProVerif non-termination, handling equational theories, avoiding vacuous proofs, and factoring large models into composable pieces.
• Security posture: Notes on computational soundness requirements (IND-CCA2, EUF-CMA), Dolev-Yao limitations specific to Port Daddy, and formal quality gates for review readiness.

Quick Start

Ask whether ProVerif or Tamarin is appropriate for your target property and request a model sketch with the appropriate secrecy queries or Tamarin rules and mitigation strategies.