A Logic of Authentication

Reference: Burrows, M., Abadi, M. & Needham, R. (1990). A Logic of Authentication. ACM Transactions on Computer Systems, 8(1), pp. 18–36. (Earlier DEC SRC Research Report 39, 1989.) ACM DOI · Open access PDF (Stanford)

Summary

Burrows, Abadi and Needham introduce BAN logic — a belief logic for reasoning about the authentication properties of cryptographic protocols. The setting is the symbolic Dolev-Yao world: principals communicate by exchanging cryptographic messages over an untrusted network. BAN provides a small modal language whose primary modality is P believes X (“principal P believes X”) together with auxiliary operators (P sees X, P said X, P controls X, fresh(X), P has K, K is shared between P and Q). Its inference rules (the message-meaning rule, nonce-verification rule, jurisdiction rule, freshness rule, etc.) capture how beliefs propagate as messages are received and decrypted — for instance, if P believes K is a key shared with Q and P sees {X}_K and P believes X is fresh, then P may conclude that Q recently sent X. Verification proceeds by idealising the protocol (replacing each message by the abstract belief-statement it is intended to convey), making explicit assumptions about initial beliefs, and then deriving the goal beliefs (typically, that the principals share a fresh authenticated session key). The paper analyses Kerberos, the original Needham-Schroeder protocol, the Andrew Secure RPC handshake, and several others — finding errors and clarifying intended semantics. BAN was a watershed: the first widely-adopted formal method for authentication-protocol analysis. Its limitations (no explicit attacker model, the idealisation step is informal, soundness is debatable for unintended uses) drove the development of more rigorous frameworks — notably the Spi Calculus (process-calculus equivalence-based) and the symbolic provers ProVerif / Tamarin — but the belief-logic style remains in widespread teaching use as the most intuitive entry to protocol verification.

Key Ideas

Belief modalities: P |≡ X (P believes X), P ⊲ X (P sees / receives X), P |~ X (P once said X), P ⇒ X (P has jurisdiction over X — i.e. is an authority on it).
Cryptographic primitives appear in formulas: {X}_K (X encrypted with K), <X>_Y (X with secret Y), (X, Y) (concatenation), with associated extraction rules.
Inference rules as belief-derivation: e.g. message-meaning — if P believes K is shared with Q and sees {X}_K, then P believes Q once said X. Nonce-verification — if P believes Q once said X and P believes X is fresh, then P believes Q currently believes X. Jurisdiction — if P believes Q controls X and P believes Q believes X, then P believes X.
Idealisation: each protocol message is rewritten into an abstract form that makes its intended belief-meaning explicit (typically, the protocol designer has to do this — and the soundness of the analysis depends on the idealisation being faithful).
Goal beliefs: an authentication protocol is correct (in BAN) iff the participants reach the intended mutual beliefs about a fresh session key (P |≡ P ↔K Q, Q |≡ P ↔K Q, often with belief-about-belief: P |≡ Q |≡ P ↔K Q).
Found bugs in real protocols: BAN-style analysis of Needham-Schroeder shared-key protocol revealed that one party could not prove freshness of a session key — the bug Lowe later exploited symbolically.

Connections

Conceptual Contribution

Claim: Authentication properties of cryptographic protocols can be derived in a small modal belief logic whose inference rules capture how beliefs propagate when messages are received and decrypted; verifying a protocol becomes (i) idealising it as a sequence of abstract belief-statements, (ii) stating initial beliefs, and (iii) deriving the goal beliefs. This is rigorous enough to find real bugs in deployed protocols.
Mechanism: Modal language with believes / sees / said / controls / fresh / shares-key operators; ~20 inference rules covering message-meaning, nonce-verification, jurisdiction, freshness, and decomposition; idealisation step from concrete protocol messages to belief-statements; standard goal beliefs for authentication and key establishment.
Concepts introduced/used: BAN Logic, Belief Modality, Idealisation (of protocols), Nonce-Verification Rule, Jurisdiction Rule, Crypto Protocol Verification, Mentalistic Semantics (in the cryptographic setting).
Stance: foundational technical paper — the first widely-adopted formal method for cryptographic-protocol analysis.
Relates to: Conceptually parallel to the mentalistic-semantics family in the ACL literature (KQML, FIPA-ACL) — both treat communication as belief-update under explicit modal operators. BAN is exactly what one gets if one specialises mentalistic ACL semantics to cryptographic-protocol exchanges. The critique that struck mentalistic ACLs (Singh’s argument that beliefs cannot be observed by third parties) hits BAN in the same way: the idealisation step is informal, and “soundness” presupposes the very mental-state assumptions one cannot verify externally. The Spi Calculus (Abadi & Gordon 1997) is BAN’s process-calculus counterpoint — equivalence-based rather than belief-based, with the attacker built in as an arbitrary context. The Lowe attack on Needham-Schroeder, derivable from a careful BAN analysis but missed by the original 1978 informal argument, is the canonical worked example demonstrating why formal protocol verification matters and why even rigorous methods need more rigorous successors. BAN’s belief modalities also share semantic ground with Halpern & Moses 1990 — both apply epistemic logic to distributed/multi-agent systems, with BAN specialising to authentication and Halpern–Moses staying general.

Tags

#crypto-protocol-verification #ban-logic #belief-logic #burrows #abadi #needham #security #foundations

Backlinks

Linked Pages

Knowledge and Common Knowledge in a Distributed Environment

Reference

Halpern, J. Y., & Moses, Y. (1990). “Knowledge and Common Knowledge in a Distributed Environment.” Journal of the ACM, 37(3), 549-587. URL

Summary

Halpern and Moses recast distributed protocol design as knowledge transformation: sending a message changes the knowledge state of the system, and correctness specifications can be stated in terms of what individual processes, groups, or “the system” know at various points. The paper develops a formal epistemic logic for distributed systems with operators K_i (agent i knows), E (everyone knows), and C (common knowledge — everyone knows that everyone knows, to infinite depth).

The central technical result is striking: in a truly asynchronous distributed system, common knowledge is unattainable. The classical “coordinated attack” problem (two generals must attack simultaneously but communicate only via lossy messengers) is unsolvable because simultaneous action requires common knowledge of the time to attack, and no finite message chain ever reaches the fixpoint. The muddy children puzzle — a beloved epistemic set piece walked through in the opening — shows how a public announcement can create common knowledge that sequential private reasoning cannot, illuminating why synchronous broadcast matters.

Because strict common knowledge is unattainable, the paper introduces and characterises weaker variants: eventual common knowledge, ε-common knowledge (bounded delay), timestamped common knowledge, and concurrent common knowledge. Each corresponds to a different system model (synchronous, partially synchronous, etc.) and a different class of solvable coordination tasks. This framework turned “what does a protocol achieve?” into a precise epistemic question and seeded the entire field of Theoretical Aspects of Reasoning about Knowledge (TARK).

Key Ideas

Epistemic hierarchy: distributed knowledge ⊑ someone knows ⊑ everyone knows (E) ⊑ common knowledge (C).
Common knowledge (C): fixpoint E^ω — needed for any simultaneous coordinated action.
Coordinated attack / muddy children: canonical illustrations of how public announcements create C.
Impossibility: in async or even synchronous-with-uncertain-delivery systems, C cannot be attained by message exchange.
Weakenings: ε-C (bounded-time C), eventual C, timestamped C, concurrent C — each aligned with a synchrony assumption.
Protocols as knowledge transformers: specifications are claims about K_i, E, C; message sends are knowledge updates.
Runs-and-systems semantics: each global history is a “run”; agent’s knowledge is the set of runs it cannot distinguish from the actual one.

Connections

Epistemic Logic
Epistemic S5
Knowing What vs Knowing That
The Synthesis of Digital Machines with Provable Epistemic Properties — Rosenschein-Kaelbling operationalise this framework.
Time Clocks and the Ordering of Events in a Distributed System — the “local history” underpinning indistinguishable runs is Lamport’s past-cone.
Impossibility of Distributed Consensus with One Faulty Process — consensus impossibility has an epistemic reading: common knowledge of a decision cannot be attained.
CAP Theorem

Conceptual Contribution

Spi Calculus

Abadi & Gordon’s (1997) extension of the Pi-Calculus with cryptographic primitives — encryption, decryption, hashing, pairing, name-equality. Security properties (authentication, secrecy) are formalised as process equivalences: a protocol is secure iff no spi-calculus context can distinguish it from an idealised specification. The most general attacker is just an arbitrary spi process. Foundation under ProVerif / Tamarin and the applied π-calculus (Abadi & Fournet 2001).

In this vault

ACL Rethinking Principles

Agent Communication Languages: Rethinking the Principles

Reference: Munindar P. Singh (1998). IEEE Computer, December 1998, pp. 40-47. Source file: computer-acl-98.pdf. URL

Summary

Singh surveys the state of Agent Communication Languages (ACLs) such as KQML and FIPA/Arcol, and argues that their dominant mental-agency semantics (defining communicative acts in terms of beliefs and intentions) is conceptually unsatisfying and practically untestable because we cannot read agents’ minds. He proposes a conceptual shift to social agency: ACL semantics should be grounded in a public perspective on commitments, roles, and societies, so compliance with the standard is observable and testable.

The paper maps the ACL design space along two critical dimensions — meaning (perspective, type, basis, context, coverage of communicative acts) and agent construction (design vs. execution autonomy) — and shows how both KQML and Arcol emphasize private, mental-state semantics and thus fail to enable true heterogeneous interoperation. Singh’s alternative emphasizes protocols, roles, and “society management” infrastructure as a richer public substrate for ACLs.

Key Ideas

Mental-agency ACL semantics (KQML, Arcol, early FIPA) cannot be verified without inspecting agent internals.
ACLs need a public perspective, conventional meaning, pragmatics, and full coverage of communicative act categories.
Seven categories of communicative acts: assertives, directives, commissives, permissives, prohibitives, declaratives, expressives.
Social agency replaces BDI with commitments, roles, and societies as the semantic basis.
Dialects/idiolects arise when only private perspectives are considered.

Connections

FIPA-ACL
FIPA-ACL Specifications
KQML
Speech Act Theory
Agent Communication Languages
Multi-Agent Systems
Communicative Actions for Artificial Agents - Cohen Levesque — the Mentalistic Semantics high-water mark Singh is critiquing
An Ontology for Commitments in Multiagent Systems - Singh — Singh’s own formal sequel: the four-place commitment ontology
Commitment Machines - Yolum and Singh
A Commitment-Based Approach to Agent Communication
Articulating Reasons - Brandom — the philosophical underwriting of public, commitment-based semantics
Making It Explicit - Brandom
Jones-Sergot Normative Systems — Counts-As Relation for institutional grounding of commitments
CBCL - Safe Self-Extending Agent Communication — O’Connor 2026: contemporary realisation of Singh’s social-agency programme (dialect installation as public commitment) in a Lean-verified LangSec-grounded ACL.

Conceptual Contribution

Claim: Agent Communication Language semantics must abandon mental agency (beliefs/intentions) and be grounded in a public, social perspective (commitments, roles, societies) in order to be testable and support heterogeneous interoperation.
Mechanism: Surveys KQML, Arcol, FIPA; lays out a two-dimensional design space (meaning × agent construction); shows that mental-state semantics cannot determine compliance; proposes social-agency framework using protocols, roles, and “society management” infrastructure.
Concepts introduced/used: Mentalistic Semantics, Public Semantics, Social Agency, Commitments, Communicative Acts, Verifiable Semantics, Interoperability, Dialects and Idiolects
Stance: critique / foundational
Relates to: Direct antecedent to Verifiable Semantics for ACLs (Wooldridge) which formalises the verification problem Singh names. Sharpens the critique of the mentalistic approach underlying KQML Overview and FIPA-ACL, and motivates commitment-based frameworks such as Agent Communication And Institutional Reality.

Tags

FIPA-ACL

The Foundation for Intelligent Physical Agents Agent Communication Language — a standardised successor to KQML, defining performatives with mentalistic semantics (beliefs/intentions of sender and receiver).

Primary source

FIPA-ACL Specifications — the canonical standards documents (FIPA00037 Communicative Act Library, FIPA00061 Message Structure)
Communicative Actions for Artificial Agents - Cohen Levesque — Cohen & Levesque 1995, the direct semantic ancestor

Discussed in

Agent Communication Languages
Speech Act Theory
Multi-Agent Systems
Mentalistic Semantics
Public Semantics
Commitment-based Semantics
An Ontology for Commitments in Multiagent Systems - Singh
CBCL - Safe Self-Extending Agent Communication — DCFL-bounded ACL with public-commitment semantics, addressing the unverifiability of FIPA-ACL’s mentalistic SL semantics

KQML as an Agent Communication Language

Reference: Tim Finin, Richard Fritzson, Don McKay, and Robin McEntire (1994). CIKM ’94 (Proceedings of the Third International Conference on Information and Knowledge Management). Source file: 191246.191322.pdf. URL

Summary

Foundational paper on the Knowledge Query and Manipulation Language (KQML), developed under the ARPA Knowledge Sharing Effort. KQML is both a message format and a message-handling protocol for run-time knowledge sharing among intelligent agents. It builds on speech-act theory: each message (a performative) carries an illocutionary force (ask, tell, subscribe, advertise, recommend, broker, recruit, etc.) atop a content language (often KIF) and an ontology reference.

The paper describes the three-layer structure (content / message / communication), facilitator agents that provide matchmaking, brokering and content-based routing, and implementations including routers, facilitators, and KRIL interface libraries. KQML became the reference point against which later ACLs (notably FIPA-ACL) were designed.

Key Ideas

Performatives as speech-act-inspired message types
Separation of content language, message layer, and transport
Facilitators for advertise/subscribe, brokering, recruitment, routing
Reserved performatives: ask-if/ask-all, tell, stream-all, subscribe, monitor, advertise, recruit
KIF + ontologies as the assumed content layer

Connections

Conceptual Contribution

Claim: Interoperable knowledge sharing among heterogeneous intelligent agents requires a three-layer communication language (content / message / communication) whose message layer is built from speech-act-inspired performatives, and whose runtime infrastructure provides facilitator agents for matchmaking and brokering.
Mechanism: Specify ~30 reserved performatives (ask-if, tell, subscribe, advertise, recruit, broker-one, …) that wrap a content expression (typically KIF) with an ontology reference and transport metadata; implement via routers, facilitators, and per-application KRIL interface libraries; demonstrate advertise/subscribe, content-based routing, and recruitment patterns.
Concepts introduced/used: KQML, Performatives, Speech Act Theory, Facilitators, Facilitator Agents, Mentalistic Semantics, KIF, Ontologies, Agent Communication Languages, Conversation Policy, Interaction Protocols
Stance: engineering / standard-proposal
Relates to: Foundational reference against which FIPA-ACL, A Common Ontology Of ACLs, ACL Rethinking Principles, and Agent Communication Languages - Rethinking the Principles argue (over mentalistic vs commitment-based semantics). Performatives-as-protocol anticipates Agora’s Protocol Documents in A Scalable Communication Protocol for Networks of LLMs and the MCP/A2A/ANP layer of modern LLM agents (Model Context Protocol, Agent-to-Agent Protocol, Agent Network Protocol).

Tags

Mentalistic Semantics

ACL semantics in which each message commits the sender’s (and sometimes receiver’s) beliefs and intentions — powerful but unverifiable from outside.

In this vault

Crypto Protocol Verification

The formal analysis of cryptographic protocols for properties such as authentication, secrecy, key agreement, forward secrecy, and resistance to replay. Two principal traditions:

Belief-logic / symbolic — BAN Logic (Burrows, Abadi & Needham 1990) and successors (GNY, SVO): reason about agents’ beliefs as a protocol unfolds. Diagnostic; not always sound for arbitrary attackers.
Process-calculus / equivalence-based — Spi Calculus (Abadi & Gordon 1997), applied π-calculus, and the modern symbolic provers (ProVerif, Tamarin): security as observational equivalence under an arbitrary attacker context. Sound, automatable for restricted fragments.

Recent industrial use: TLS 1.3, Signal, EAP, FIDO/WebAuthn, post-quantum protocols all have machine-checked symbolic analyses by Tamarin and/or ProVerif.

In this vault

BAN Logic

The belief logic of Burrows, Abadi & Needham (1990) for analysing cryptographic authentication protocols. A small modal language with operators P believes X, P sees X, P said X, P controls X, fresh(X), P shares K with Q. Inference rules (message-meaning, nonce-verification, jurisdiction) propagate beliefs as messages are received and decrypted. Verification proceeds by idealising the protocol, stating initial beliefs, and deriving the goal beliefs (typically: authenticated session-key agreement). The first widely-adopted formal method for protocol analysis; superseded by Spi Calculus / ProVerif for rigorous use, but still pedagogically dominant.

In this vault

Verifiable Semantics for ACLs

Verifiable Semantics for Agent Communication Languages

Reference: Michael Wooldridge (1998). ICMAS-98 (International Conference on Multi-Agent Systems). Source file: icmas98.pdf. URL

Summary

Wooldridge tackles a central problem for ACL standardization: how can an external observer verify that an agent conforms to an ACL’s semantics when semantics are expressed in modal BDI logic (beliefs, desires, intentions)? He formalizes an agent communication framework as a tuple containing agent programs, local states, a communication language, a semantic language, and interpretation functions, and defines precisely what it means for a framework to be verifiable: whether one can decide, from program text alone, that the semantic conditions for a sent message are satisfied.

He shows that KQML and FIPA-97 ACL, which define the “sincerity condition” for an inform act using multi-modal quantified logics like SL, are not practically verifiable — deciding whether an agent program really believes what it says requires checking undecidable properties. In contrast, he gives two example frameworks with verifiable (even co-NP-complete) semantics by grounding meaning in program states rather than unobservable mental attitudes. The paper’s upshot: practical ACL conformance testing requires public, state-based semantics.

Key Ideas

Formal agent communication framework as a 2n+4 tuple.
Verifiability = decidability of semantic conformance from program text.
KQML and FIPA-97 semantics (SL modal logic) are not practically verifiable.
Grounding semantics in program states yields co-NP-complete verifiability.
Motivates social/public commitment-based ACL semantics.

Connections

KQML
FIPA-ACL
Speech Act Theory
Agent Communication Languages
Verifiable Semantics
Public Semantics
Commitment-based Semantics
Mental State
Mentalistic Semantics
BDI
CBCL - Safe Self-Extending Agent Communication — O’Connor 2026: a verifiable ACL grounded in DCFL grammars and Lean-checked safety invariants, answering Wooldridge’s challenge in the LLM-agent era.

Conceptual Contribution

Claim: An ACL standard is only useful if one can check whether an implementation respects it; existing ACLs (KQML, FIPA-97) whose semantics are given in multi-modal BDI logics are not practically verifiable, so ACL semantics should instead be grounded in program states.
Mechanism: Formalises an agent communication framework as a (2n+4)-tuple of agent programs, local states, communication language L_C, semantic language L_S, and interpretations; defines verifiability as decidability (in polynomial time) of whether an agent program respects a message’s semantic precondition; shows FIPA’s SL semantics undecidable; constructs two verifiable example frameworks (classical propositional logic, grounded propositional epistemic logic) with co-NP-complete verification.
Concepts introduced/used: Verifiable Semantics, Agent Communication Framework, Sincerity Condition, Grounded Semantics, Program Semantics, Model Checking, BDI Logic, Mentalistic Semantics
Stance: formal-semantic / critique
Relates to: Formal companion to ACL Rethinking Principles — Singh’s social-agency argument becomes Wooldridge’s verifiability theorem. Undermines the semantic ambitions of KQML Overview and FIPA-ACL; motivates commitment-based approaches such as Agent Communication And Institutional Reality and the program-grounded framework in Foundations Of Illocutionary Logic.

Tags

Speech Act Theory

Philosophy-of-language framework (Austin, Searle, Vanderveken) in which utterances perform actions (illocutionary acts) — the semantic backbone of most Agent Communication Languages.

Sources

Foundations Of Illocutionary Logic — Searle & Vanderveken
Three Models for the Description of Language — Chomsky, foundations
Agent Communication And Institutional Reality

Applied in

Lineage

graph TD
  A["Austin (1962)<br/>How to Do Things with Words"] --> A1[Locutionary]
  A --> A2[Illocutionary]
  A --> A3[Perlocutionary]
  A2 --> S["Searle (1969, 1975)<br/>Speech Acts · Taxonomy of Illocutionary Acts"]
  S --> S1[Assertives]
  S --> S2[Directives]
  S --> S3[Commissives]
  S --> S4[Expressives]
  S --> S5[Declarations]
  G["Grice (1975)<br/>Logic and Conversation"] -.cooperative principle.-> S
  S --> V["Searle & Vanderveken (1985)<br/>Foundations of Illocutionary Logic"]
  V --> M["McCarthy (1989)<br/>Elephant 2000"]
  V --> KQML[KQML performatives]
  V --> FIPA[FIPA-ACL performatives]
  M --> FIPA
  KQML --> ACL[[Agent Communication Languages]]
  FIPA --> ACL

Papers: How to Do Things with Words · Speech Acts - An Essay in the Philosophy of Language · A Taxonomy of Illocutionary Acts · Logic and Conversation · Foundations Of Illocutionary Logic · Elephant 2000 - A Programming Language Based on Speech Acts

Belief

In agent theory, the propositional content an agent treats as (probably) true. The B in BDI / Belief-Desire-Intention; the operand of the modal operator believes in BAN Logic and the BDI-logic family (Cohen & Levesque, Rao & Georgeff). Distinguished from knowledge (which classically requires truth) and from desire / goal. The unit of Belief Revision under the AGM postulates. In Mentalistic Semantics the meaning of an ACL message is given in terms of the belief updates it induces in sender and receiver — the locus of Singh’s critique that beliefs are unverifiable from message traces.

In this vault

ProVerif

A symbolic cryptographic-protocol verifier developed by Bruno Blanchet (2001–). Takes protocols specified in (a variant of) the applied π-calculus and verifies properties — secrecy, authentication, observational equivalence — under the Dolev-Yao threat model. Internally translates protocol + query into Horn clauses and applies resolution. Used in industrial analyses of TLS, Signal, JFK, and many other protocols. Companion to Tamarin (which uses multi-set rewriting and is more flexible but more interactive).

In this vault

Needham-Schroeder Protocol

The 1978 authentication protocol family of Needham & Schroeder. Symmetric-key version uses a trusted authentication server holding long-term keys for all principals; basis of Kerberos. Public-key version uses three messages and two nonces between the principals directly. Famous as the canonical case-study for cryptographic-protocol verification: Lowe (1995/1996) found a man-in-the-middle attack on the public-key version using FDR model-checking, 17 years after publication, with a one-line fix (include responder’s identity in message 2). The story launched the modern protocol-verification field.

In this vault

Dolev-Yao Model

The standard symbolic threat model for cryptographic-protocol analysis (Dolev & Yao 1983). The attacker controls the network entirely: it can intercept, drop, modify, and inject any message; it can compose and decompose terms it observes; but it cannot break cryptographic primitives — encryption is a perfect black box. Treats messages as terms in a free algebra modulo cryptographic equations rather than as bit strings. Both BAN Logic and Spi Calculus (and ProVerif / Tamarin) adopt the Dolev-Yao threat model.