A Trace Based Bisimulation for the Spi Calculus

A notion of open bisimulation is formulated for the spi calculus, an extension of the pi-calculus with cryptographic primitives. In this formulation, open bisimulation is indexed by pairs of symbolic traces, which represent the history of interactions between the environment with the pairs of processes being checked for bisimilarity. The use of symbolic traces allows for a symbolic treatment of bound input in bisimulation checking which avoids quantification over input values. Open bisimilarity is shown to be sound with respect to testing equivalence, and futher, it is shown to be an equivalence relation on processes and a congruence relation on finite processes. As far as we know, this is the first formulation of open bisimulation for the spi calculus for which the congruence result is proved.

💡 Research Summary

The paper introduces a trace‑based formulation of open bisimulation for the spi calculus, an extension of the π‑calculus that incorporates cryptographic primitives such as encryption, decryption, and key generation. Traditional open bisimulation techniques for the spi calculus suffer from two major drawbacks: (1) they require universal quantification over all possible input values when dealing with bound inputs, leading to a combinatorial explosion, and (2) proving congruence (i.e., that the equivalence is preserved under any context) has remained elusive for existing definitions.

To overcome these issues, the authors propose the use of symbolic traces. A symbolic trace records the sequence of interactions between a process and its environment, but instead of concrete data values it stores symbolic variables together with associated constraints (e.g., “the key used in this encryption equals the key used in that decryption”). This representation allows the bisimulation relation to be defined without explicit quantification over input values: each bound input introduces fresh variables and constraints, and the bisimulation check reduces to constraint satisfaction.

The core definition, called trace‑indexed open bisimulation, relates two processes P and Q if, for every symbolic trace that P can generate, Q can generate an identical trace with the same set of constraints, and vice‑versa. The definition is symmetric, reflexive, and transitive, establishing that it is an equivalence relation. The authors prove soundness with respect to testing equivalence: any observer (or test) that cannot distinguish P from Q in the standard testing framework will also be unable to distinguish them under the trace‑indexed relation, because the observer’s actions are captured by the same symbolic traces.

A substantial technical contribution is the proof that this bisimulation is a congruence for finite processes. The authors show that for any context C