@inproceedings{Cheval-tacas14,
   author = {Cheval, Vincent},
   title = {APTE: an Algorithm for Proving Trace Equivalence},
   booktitle = {{P}roceedings of the 20th {I}nternational {C}onference on {T}ools and {A}lgorithms for the {C}onstruction and {A}nalysis of {S}ystems ({TACAS}'14)},
   year = {2014},
   editor = {{\'A}brah{\'a}m, Erika and Havelund, JKlaus},
   volume = {8413},
   pages = {587-592},
   series = {Lecture Notes in Computer Science},
   publisher = {Springer Berlin Heidelberg},
   address = {Grenoble, France},
   month = apr,
   doi = {10.1007/978-3-642-54862-8_50},
   abstract = {This paper presents APTE, a new tool for automatically proving the security of cryptographic protocols. It focuses on proving trace equivalence between processes, which is crucial for specifying privacy type properties such as anonymity and unlinkability.

The tool can handle protocols expressed in a calculus similar to the applied-pi calculus, which allows us to capture most existing protocols that rely on classical cryptographic primitives. In particular, APTE handles private channels and else branches in protocols with bounded number of sessions. Unlike most equivalence verifier tools, APTE is guaranteed to terminate

Moreover, APTE is the only tool that extends the usual notion of trace equivalence by considering ``side-channel'' information leaked to the attacker such as the length of messages and the execution times. We illustrate APTE on different case studies which allowed us to automatically (re)-discover attacks on protocols such as the Private Authentication protocol or the protocols of the electronic passports.},
}