The formal specification of privacy goals in symbolic protocol models has proved to be not quite trivial so far. The most widely used approach in formal methods is based on the static equivalence of frames in the applied pi-calculus, basically asking whether or not the intruder is able to distinguish two given worlds. But then a subtle question emerges: How can we be sure that we have specified all pairs of worlds to properly reflect our intuitive privacy goal? To address this problem, we introduce in this article a novel and declarative way to specify privacy goals, called (α, β)-privacy. This new approach is based on specifying two formulae α and β in first-order logic with Herbrand universes, where α reflects the intentionally released information and β includes the actual cryptographic (“technical”) messages the intruder can see. Then (α, β)-privacy means that the intruder cannot derive any “nontechnical” statement from β that he cannot derive from α already. We describe by a variety of examples how this notion can be used in practice. Even though (α, β)-privacy does not directly contain a notion of distinguishing between worlds, there is a close relationship to static equivalence of frames that we investigate formally. This allows us to justify (and criticize) the specifications that are currently used in verification tools and obtain a decision procedure for a large fragment of (α, β)-privacy.

中文翻译：

---

Alpha-Beta 隐私

到目前为止，符号协议模型中隐私目标的正式规范已被证明不是很简单。形式方法中最广泛使用的方法是基于应用 pi 演算中帧的静态等价性，基本上是询问入侵者是否能够区分两个给定的世界。但随后出现了一个微妙的问题：我们如何确定我们已经指定了所有世界对以正确反映我们直观的隐私目标？为了解决这个问题，我们在本文中介绍了一种新颖的声明式方法来指定隐私目标，称为 (α, β)-privacy。这种新方法基于在 Herbrand 宇宙的一阶逻辑中指定两个公式 α 和 β，其中 α 反映有意发布的信息，β 包括入侵者可以看到的实际密码（“技术”）消息。那么 (α, β)-隐私意味着入侵者不能从 β 推导出任何他已经不能从 α 推导出的“非技术性”陈述。我们通过各种例子描述了如何在实践中使用这个概念。尽管 (α, β)-privacy 不直接包含区分世界的概念，但与我们正式研究的帧的静态等价有着密切的关系。这使我们能够证明（和批评）目前在验证工具中使用的规范，并获得一个大片段（α，β）隐私的决策程序。我们正式研究的框架的静态等效性有密切的关系。这使我们能够证明（和批评）目前在验证工具中使用的规范，并获得一个大片段（α，β）隐私的决策程序。我们正式研究的框架的静态等效性有密切的关系。这使我们能够证明（和批评）目前在验证工具中使用的规范，并获得一个大片段（α，β）隐私的决策程序。