Tom Newcomb and Gavin Lowe
Oct 2005, 29pp.
Recently attempts have been made to extend the Dolev-Yao security model by allowing an intruder to learn weak secrets, such as poorly-chosen passwords, by off-line guessing. In such an attack, the intruder is able to verify a guessed value g if he can use it to produce a value called a verifier. In such a case we say that g is verifier-producing. The definition was formed by inspection of known guessing attacks.
A more intuitive definition might be formed as follows: a value is verifiable if there exists some computational process that can somehow recognise a correct guess over any other value.
We formalise this intuitive definition, and use it to justify the soundness and completeness of the existing definition. Specifically we show that a value is recognisable if and only if the value is either already Dolev-Yao deducible or it is verifier-producing. In order to do this it was necessary to clarify the definition of verifier production slightly, revealing an ambiguity in the original definition.