In this section, we describe several equivalences on processes that approxi-mate testing equivalence. In particular, in Section 5.2.3, we define barbed congruence, which is a stronger relation than testing equivalence but is some-times easier to prove directly.
5.2.1 Strong bisimilarity
We first recall the definition of strong bisimulation [Mil95b]. IfRis a relation on closed processes, we define the relation Ron closed agents:
P R Q iff P RQ
(x)P R (x)Q iff P[M/x]RQ[M/x] for all closedM (ν~n)hMiP R (ν ~m)hMiQ iff m~ is a permutation of~nand P RQ Astrong simulation is a binary relationS ⊆Proc×Proc such that ifP S Q andP −→α Athen there existsB withQ−→α B andAS B. A relationS is a strong bisimulation if and only if bothS and its converse S−1 are strong simulations.
Strong bisimilarity, written∼s, is the greatest strong bisimulation, name-ly the union of all strong bisimulations. Strong bisimilarity is a rather fine-grained equivalence for the spi calculus. For instance, it discriminates between the processes (νK)ch{M}Ki and (νK)ch{M0}Ki, which we would wish to equate as we explained in Section 3.1. Still, strong bisimilarity is often useful in justifying particular steps of our proofs.
5.2.2 Barbed equivalence
Intuitively, one way of weakening strong bisimilarity is to ignore what mes-sages are sent on what channels, and to record only what channels are used.
This informal idea leads to the concepts defined here and in Section 5.2.3.
Abarbed simulationis a binary relationS ⊆Proc×Procsuch thatP S Q implies:
(1) for each barb β, ifP ↓β then Q↓β, and
(2) if P →P0 then there exists Q0 such that Q→Q0 andP0 ≡S≡Q0 where P0 ≡S≡ Q0 means that there exist P00 and Q00 such that P0 ≡ P00, P00SQ00, andQ00≡Q0. Abarbed bisimulation is a relationS such that both S and S−1 are barbed simulations.
Barbed equivalence, written ∼•, is the greatest barbed bisimulation. We prove the following basic facts about barbed equivalence in Appendix D:
Proposition 5
(1) Barbed equivalence is reflexive, transitive, and symmetric.
(2) Structural equivalence implies barbed equivalence.
(3) Strong bisimilarity implies barbed equivalence.
(4) Barbed equivalence is preserved by restriction.
It follows from these facts, in particular, that ifP ∼• Q and P → P0 then there existsQ0 such that Q→Q0 and P0 ∼• Q0.
In order to establish a barbed equivalence, it is often convenient to use Milner’s standard technique of “bisimulation up to” [Mil89, MPW92]. A barbed simulation up to ∼• is a binary relation S ⊆ Proc×Proc such that P S Qimplies:
(1) for each barbβ, ifP ↓β then Q↓β, and
(2) ifP →P0 then there exists Q0 such that Q→Q0 andP0 ∼S• ∼• Q0 where P0 ∼S• ∼• Q0 means that there exist P00 and Q00 such that P0 ∼• P00, P00S Q00, andQ00∼• Q0. Abarbed bisimulation up to ∼• is a relationS such that bothS and S−1 are barbed simulations up to∼•.
More generally, a barbed simulation up to ∼• and restriction is a binary relationS ⊆Proc×Proc such that P S Qimplies:
(1) for each barbβ, ifP ↓β then Q↓β, and
(2) ifP →P0 then there existsQ0 such thatQ→Q0, and there existP00, Q00, and names~nsuch thatP0∼• (ν~n)P00,Q0 ∼• (ν~n)Q00, andP00S Q00.
Abarbed bisimulation up to∼• and restriction is a relationS such that both S and S−1 are barbed simulations up to∼• and restriction.
Proposition 6 If S is a barbed bisimulation up to ∼• and restriction, then S ⊆∼•. A fortiori, if S is a barbed bisimulation up to ∼•, then S ⊆∼•. The proof of this proposition is in Appendix D.
Barbed equivalence is still only a stepping stone. One reason for this is that there are processes that are barbed equivalent but not strongly bisimilar or testing equivalent, such as mhni.mhni.0 and mhni.0, which have the barb m and no reactions. Moreover, barbed equivalence is far from being a congruence: it is not even closed under composition, as can be seen by comparing (mhni.mhni.0)|(m(x).0) and (mhni.0)|(m(x).0).
5.2.3 Barbed congruence
Barbed congruence, written∼, is the relation onProc obtained by strength-ening barbed equivalence as follows:
P ∼Q =∆ ∀R∈Proc(P |R∼• P |R)
Unlike barbed equivalence, barbed congruence implies testing equiva-lence. Therefore, whenever one wishes to prove a testing equivalence (for instance, a secrecy equation), it suffices to prove a barbed congruence. We establish the following properties of barbed congruence in Appendix D:
Proposition 7
(1) Barbed congruence is reflexive, transitive, and symmetric.
(2) Barbed congruence is a congruence on closed processes.
(3) Structural equivalence implies barbed congruence.
(4) Strong bisimilarity implies barbed congruence.
(5) Barbed congruence implies testing equivalence.
The converses of the implications in parts (3), (4), and (5) do not hold, as we show next.
That barbed congruence does not imply structural equivalence should be fairly evident. We prove it by first establishing a general property of barbed congruence. Let us say that a closed processP is stuck if and only if there is noαand A such that P −→α A. In other words, P is stuck if and only if it has no reactions and no barbs.
Proposition 8 If P is stuck then P ∼0.
Proof Assuming that P is stuck, we need to show that P | R ∼• 0 | R for any closed processR. This holds because any barb or reaction ofP |R
must be due toR alone. 2
This proposition implies, for example:
case M of {x}K in P ∼
( P[N/x] ifM ={N}K for someN
0 otherwise
since case M of {x}K in P is stuck unless M is a ciphertext encrypted withK. Since none of the rules of structural equivalence allows us to derive case M of {x}K in P ≡ 0, barbed congruence does not imply structural equivalence.
Second, barbed congruence does not imply strong bisimilarity. For in-stance, the processes (νK)ch{M}Ki and (νK)ch{M0}Ki are not strongly bisimilar, but they are barbed congruent (as we prove in Section 5.3).
Third, testing equivalence does not imply barbed congruence. Setting τ.P = (νm)(m∆ h∗i | m(x).P) for m /∈ fn(P), x /∈ fv(P), we obtain the testing equivalence P ' τ.P. (We prove this equivalence in Appendix D.) On the other hand, P ∼ τ.P does not hold in general. Moreover, barbed congruence is more sensitive to the branching structure of processes than testing equivalence.