Deploy Tamarin Prover to Europe — David Basin 🇨🇭 (ETH Zurich) + Cas Cremers 🇳🇱 (CISPA 🇩🇪), the Cryptographic Protocol Verifier Behind TLS 1.3 and 5G, on EU Infrastructure in 2026

In 2016, two years before the IETF published RFC 8446, a team at ETH Zurich had already formally proved that TLS 1.3 was secure — against all possible adversaries, for all possible execution sequences, in a cryptographic model that captured the Dolev-Yao attacker's full capabilities. The tool they used was Tamarin Prover. The result directly influenced the final TLS 1.3 specification: the proof found a composability issue in an earlier draft, and the IETF working group incorporated the fix before the standard was published. Every HTTPS connection made today from EU citizens to EU services operates on a protocol whose security was formally verified with a European tool.

TLS 1.3 was not Tamarin's only landmark result. In 2019, the tool was used to formally verify the 5G Authentication and Key Agreement (AKA) protocol — the cryptographic handshake that authenticates every 5G device to every 5G network on the planet. The verification found a privacy flaw in the draft 3GPP specification: an adversary could track a device's home network without knowing its identity. The finding was disclosed to 3GPP, accepted, and fixed before the 5G standard was finalised. Every EU 5G network — from Deutsche Telekom 🇩🇪 to Orange 🇫🇷 to Vodafone 🇩🇪 to Telecom Italia 🇮🇹 — runs authentication protocols whose security properties were formally proved by a tool originating at ETH Zurich and CISPA.

David Basin, Cas Cremers, and the European Origin of Tamarin

Tamarin Prover was developed primarily at ETH Zurich 🇨🇭, the Swiss Federal Institute of Technology in Zurich — the institution that also produced the Viper verification infrastructure, the VeriFast separation logic verifier, and the seL4 formally verified microkernel's Isabelle proof infrastructure.

David Basin directs the Information Security group at ETH Zurich's Department of Computer Science. American by birth (University of Edinburgh PhD, 1989), Basin has been a professor at ETH Zurich since 2003, where he has built one of Europe's premier security research groups. His work on Tamarin, model-based security testing, and access control foundations has shaped the European academic security landscape for two decades. As a Swiss EU resident and ETH professor, Basin's research operates under Swiss and EU law — GDPR-compliant, Swiss Federal Act on Data Protection (FADP 2023) compliant, no US Cloud Act exposure.

Cas Cremers 🇳🇱 is Dutch — educated at Eindhoven University of Technology (TU/e 🇳🇱) and Oxford, and now leading the Cryptographic Protocol Analysis group at CISPA — Helmholtz Center for Information Security in Saarbrücken 🇩🇪. CISPA is a German national research institution funded by the Helmholtz Association (Germany's largest scientific research organization, entirely publicly funded under German federal law) and the Saarland state government. CISPA is the EU's largest dedicated cybersecurity research centre, with no US corporate or governmental dependency.

Cremers led the 5G AKA verification work — the most consequential formal verification result in telecommunications in decades. His CISPA group continues to use Tamarin for formal verification of new protocol standards including WPA3 Wi-Fi, Noise Protocol Framework (used by WireGuard VPN, WhatsApp), and EUDI Wallet protocols under the EU Digital Identity framework.

Simon Meier 🇩🇪 (ETH Zurich, PhD 2013) co-designed Tamarin's operational semantics and constraint-solving backend. Benedikt Schmidt (ETH Zurich) worked on equational theory handling and the Tamarin rewriting rules for Diffie-Hellman groups. Both are German/European researchers whose contributions are institutionally anchored at ETH Zurich.

The Tamarin Prover was first presented at IEEE S&P 2012 (IEEE Symposium on Security and Privacy, the premier security conference) and CSF 2012 (Computer Security Foundations Symposium). Since then it has become the standard tool for provable-security protocol verification in European academic and industrial settings.

How Tamarin Prover Works

Multiset Rewriting for Protocol Modeling

Tamarin models cryptographic protocols as multiset rewriting systems — a mathematical framework where the global state of a protocol execution is a multiset (bag) of facts, and protocol actions are rewriting rules that consume facts from the state and produce new ones.

A Tamarin protocol consists of:

Facts: atomic propositions about the global state. There are two kinds:

• Linear facts (prefixed ! or unrestricted): consumed exactly once when a rule fires (representing messages in transit, one-time-use secrets)
• Persistent facts (!Ltk(A, k) — long-term keys that persist): remain in state after rules use them

Rules: transitions with left-hand side (what is consumed), an action (what is observed/logged), and right-hand side (what is produced). A rule fires when all its premises are present in the current state:

rule Register_pk:
  [ Fr(~ltkA) ]          // generate fresh long-term key
  --[ RegKey($A, ~ltkA) ]-->  // action: record the registration
  [ !Ltk($A, ~ltkA)          // persistent: A's long-term key
  , !Pk($A, pk(~ltkA))       // persistent: A's public key
  , Out(pk(~ltkA)) ]         // send public key to network

rule DH_Key_Exchange:
  [ !Ltk($I, ltkI)        // initiator's long-term key
  , !Pk($R, pkR)          // responder's public key
  , Fr(~ekI) ]            // fresh ephemeral key
  --[ Running($I, $R, <'init', dh(~ekI, pkR)>) ]-->
  [ St_Init($I, $R, ~ekI)
  , Out(<$I, pk(~ekI)>) ] // send ephemeral public key

This models the system at the level of message exchange: Out(m) puts message m on the network (where the adversary can read and manipulate it), In(m) receives a message (which the adversary may have crafted).

The Dolev-Yao Adversary

Tamarin's adversary model is symbolic Dolev-Yao: the attacker can read all messages on the network, replay messages, craft new messages from known components, and deliver messages to any agent. What the attacker cannot do is break cryptographic primitives: they cannot invert a hash, decrypt without the key, or forge a signature.

Tamarin models this with built-in adversary rules:

rule DY_Fresh:   [ Fr(~m) ] --> [ Out(~m) ]  // adversary generates fresh value
rule DY_Send:    [ Out(m) ] --> [ In(m) ]     // adversary delivers message
rule DY_Forward: [ In(m) ]  --> [ Out(m) ]   // adversary forwards message

Combined with the network abstraction (all messages go via Out/In), this means any message sent in any execution can be observed and modified by the adversary. The protocol is modeled as if running over a fully adversary-controlled network — a stronger adversary model than most testing frameworks can approximate.

Equational Theories for Cryptographic Operations

The power of Tamarin over purely symbolic tools lies in its support for equational theories — algebraic laws that the adversary can use to manipulate cryptographic values.

For Diffie-Hellman groups:

exp(exp(g, x), y) = exp(exp(g, y), x)   // DH commutativity
exp(g, 0)         = g                   // identity
exp(g, x+y)       = exp(g,x) * exp(g,y) // exponent distribution

These laws mean: the adversary can compute DH(g^x, y) = DH(g^y, x) — the standard DH property. This is essential for modeling TLS 1.3 and 5G AKA, which both use elliptic-curve Diffie-Hellman. ProVerif cannot handle DH algebraic properties natively; Tamarin can.

For exclusive-or (XOR):

x XOR x = 0      // self-cancellation
x XOR 0 = x      // identity
x XOR y = y XOR x // commutativity

5G AKA uses XOR to conceal the SUPI (Subscriber Permanent Identifier) — the privacy flaw Cremers discovered involved the XOR masking not providing unlinkability under active adversaries. Tamarin's XOR theory was essential to discovering this.

Security Properties as Temporal Logic Formulas

Protocol properties are specified as lemmas — first-order temporal logic formulas over the trace of the protocol execution (the sequence of actions logged by rule firing):

// Secrecy: the session key ~k is never known to the adversary
lemma secrecy:
  "All k #i. Secret(k)@i ==> not Ex #j. K(k)@j"

// Authentication: if responder completed session with initiator,
// then initiator actually ran the session
lemma authentication:
  "All I R t #i.
     Commit(I, R, t)@i
     ==>
     (Ex #j. Running(I, R, t)@j & j < i)"

// Perfect Forward Secrecy: compromise of long-term keys after
// session completion does not compromise session keys
lemma pfs:
  "All k #i #j. Secret(k)@i & Corrupt(k)@j & i < j
     ==> not Ex #l. K(k)@l & l < j"

Tamarin verifies these lemmas by searching for all possible execution traces — trying to find a trace that violates the property. If no such trace exists, the lemma holds for all executions. For termination of the search, Tamarin uses a constraint-solving approach: it maintains a set of constraint systems (representing partial protocol executions with gaps to be filled) and applies constraint-solving rules to either close them (no violation) or extend them (potential violation found).

Tamarin's Constraint Solving

Tamarin's verifier is sound and complete for a large class of protocols (essentially, protocols with a bounded number of fresh values and without unbounded recursion). It operates as a proof search: starting from the negation of the property to prove, it tries to construct a failing execution. If all branches of the search tree lead to contradiction (the adversary cannot construct the necessary messages, or the trace would need to go backward in time), the property holds.

For undecidable cases (protocols with unbounded sessions or complex state), Tamarin falls back to interactive proof construction: the user provides lemma-based hints (auxiliary invariants) that help the constraint solver terminate. The TLS 1.3 proof, for example, required several auxiliary lemmas about intermediate states.

Landmark Protocol Verifications

TLS 1.3 (RFC 8446) — 2016

The Tamarin model of TLS 1.3 by Cremers, Dowling, Hale, Paterson, and Warinschi (IEEE S&P 2017) covered:

• All four TLS 1.3 handshake modes: 1-RTT full handshake, 0-RTT early data, PSK-only, PSK+(EC)DHE
• Mutual authentication: server-only (standard) and client authentication
• Session resumption and pre-shared keys
• 9 security properties: server authentication, client authentication, mutual authentication, key secrecy, forward secrecy for session keys, forward secrecy for early data, uniqueness, channel binding, post-handshake authentication
• All under adversary models including: passive adversary, active adversary, forward-secrecy adversary (long-term key compromise after session)

The verification found that combining session resumption with 0-RTT had a composability issue in early draft -18 of TLS 1.3. The IETF TLS working group incorporated the fix. RFC 8446 (August 2018) is the TLS 1.3 standard; it is provably secure for 9 properties by machine-checked Tamarin proof.

Every EU financial institution, every EU government portal, every EU healthcare system, every EU SaaS application using HTTPS over TLS 1.3 is using a protocol whose security was formally verified by a European tool.

5G AKA — Subscriber Privacy Flaw Discovery (2019)

The 5G AKA (Authentication and Key Agreement) protocol in 3GPP TS 33.501 is the handshake that authenticates mobile devices to 5G networks. It uses the SUPI (Subscriber Permanent Identifier, essentially the IMSI/phone number) and an asymmetric encryption scheme to protect subscriber identity: the device encrypts its SUPI with the home network's public key to create a SUCI (Subscription Concealed Identifier), preventing IMSI catchers from tracking users on 5G.

Cremers, Dehnel-Wild, and Lukert (IEEE S&P 2019) verified 5G AKA in Tamarin with equational theories for XOR and asymmetric encryption, and discovered:

The privacy flaw: An active adversary (a rogue base station) who could intercept authentication exchanges could determine whether two different connections originated from the same SUPI — effectively re-linking connections to a device identity — without ever learning the SUPI itself. This violated the unlinkability property that 5G AKA was designed to provide.

The flaw arose because the SUPI counter (the sequence number AMF, used to prevent replay attacks) was not encrypted under the home network's public key in early drafts. An adversary could observe the counter increment and use it to correlate sessions.

The 3GPP security working group (SA3) accepted the finding and introduced a fix in the version incorporated into TS 33.501 Release 15. All EU 5G networks deployed since 2020 implement the fixed protocol. CISPA's Tamarin verification was the mechanism by which a flaw in the most widely deployed new authentication protocol in history was found and corrected before deployment.

Signal Protocol, WireGuard, and EUDI Wallet

Signal Protocol (Cohn-Gordon et al., verified at Oxford and ETH Zurich in Tamarin) — the Double Ratchet algorithm underlying Signal, WhatsApp, and Facebook Messenger. Tamarin proved: forward secrecy, break-in recovery (after a session key compromise, future messages remain secure), authentication.

WireGuard VPN (Donenfeld, 2016, with formal analysis by Lipp, Blanchet, Bhargavan) — WireGuard's Noise-based handshake verified using a combination of Tamarin and ProVerif. WireGuard is now in the Linux kernel and used by millions of EU enterprises.

EUDI Wallet (EU Digital Identity Wallet, eIDAS 2.0) — the EU Digital Identity framework mandating that all EU member states provide digital identity wallets to citizens by 2026. The protocols underlying the EUDI Wallet (OpenID4VCI for credential issuance, OpenID4VP for presentation) are being formally verified using Tamarin at multiple EU research institutions. Basin's group at ETH Zurich and Cremers' group at CISPA are directly involved in this verification effort — Tamarin is contributing to the security of EU digital identity infrastructure at a national scale.

Regulatory Compliance and EU Standards

EU CRA 2027 (Cyber Resilience Act): CRA Article 13 requires products with digital elements to be free from known exploitable vulnerabilities. For network-connected products implementing cryptographic protocols (TLS, OAuth, WPA3, 5G), Tamarin verification provides machine-checked evidence that the protocol implementation is secure against all adversaries in the Dolev-Yao model — eliminating entire classes of CWE-290 (Authentication Bypass by Capture-replay), CWE-330 (Use of Insufficiently Random Values), and CWE-295 (Improper Certificate Validation) from formally verified implementations.

NIS2 (EU Network and Information Security Directive 2): Essential service operators and critical infrastructure under NIS2 Art. 21 must implement cryptographic protocol security. For 5G operators (Deutsche Telekom 🇩🇪, Orange 🇫🇷, Vodafone 🇩🇪, Telia 🇸🇪, etc.), the 5G AKA protocol underlying subscriber authentication has been formally verified by Tamarin — the NIS2 security measure is backed by machine-checked proof.

eIDAS 2.0 / EUDI Wallet: The EU Digital Identity Wallet Regulation (eIDAS 2.0, Regulation (EU) 2024/1183) requires strong authentication and identity assertion protocols. EUDI Wallet protocols are being verified using Tamarin. Deploying Tamarin verification infrastructure on EU-sovereign servers keeps protocol specifications, security models, and verification artefacts within EU jurisdiction — required for EUDI Wallet technical governance.

GDPR Art. 32 (Security of Processing): GDPR Art. 32 requires "appropriate technical measures to ensure a level of security appropriate to the risk" including "encryption of personal data." For systems processing personal data over cryptographic protocols (HTTPS/TLS, encrypted APIs, secure messaging), Tamarin verification that the protocol provides the claimed security properties constitutes machine-checked evidence that the encryption is technically adequate under Art. 32.

DORA (EU Digital Operational Resilience Act): Financial institutions under DORA must demonstrate ICT security. Tamarin verification of TLS 1.3 and API authentication protocols provides audit-ready evidence for DORA Art. 9 ICT risk management.

ISO/IEC 27001 and ETSI TS 33.501: 5G operators and critical infrastructure deploying certified protocols can reference Tamarin verification results as evidence in ISO/IEC 27001 security management documentation and 3GPP TS 33.501 compliance assessments.

Why EU Infrastructure for Tamarin Verification

Tamarin verification processes the complete formal model of a cryptographic protocol — including the security properties it is intended to satisfy and (for undecidable cases) the auxiliary invariants provided by security engineers. For EU organisations, this material is both intellectually sensitive and potentially subject to export control (cryptographic specifications may fall under EU dual-use regulation):

GDPR Art. 46 and Schrems II: Protocol specifications, security models, and formal proofs transferred to US cloud providers are accessible under the US Cloud Act (2018). Cryptographic protocol specifications may include details of EU national identity systems (EUDI Wallet), EU financial protocols (DORA-covered systems), or EU telecommunications infrastructure (5G AKA). US cloud providers cannot contract away their CLOUD Act obligations; EU residency eliminates this risk.

eIDAS 2.0 data governance: EUDI Wallet protocol specifications verified with Tamarin are sovereign EU data — they describe the authentication protocols of EU digital identity infrastructure. Running verification infrastructure on EU-sovereign servers keeps these specifications under EU law.

NIS2 supply chain security: For critical infrastructure operators using Tamarin as part of their protocol security assurance, the verification tool infrastructure itself is a component of the security supply chain under NIS2 Art. 21(2)(d).

sota.io provides EU-sovereign PaaS — German infrastructure, GDPR-compliant by default, managed PostgreSQL for storing verification results, and automated deployments.

# Deploy Tamarin on sota.io
sota deploy --name tamarin-verifier --region eu-central

# Dockerfile for Tamarin (with Haskell Stack)
FROM haskell:9.4
RUN apt-get update && apt-get install -y \
    graphviz libmaude-dev maude
RUN cabal update && cabal install tamarin-prover
WORKDIR /workspace
COPY protocols/ .

# Verify a protocol model
CMD ["tamarin-prover", "--prove", "tls13_model.spthy"]

# Run Tamarin on a protocol file
tamarin-prover tls13.spthy --prove=secrecy --prove=authentication

# Interactive mode for complex protocols
tamarin-prover interactive tls13.spthy
# Opens browser at localhost:3001 for interactive proof

Tamarin verification on German infrastructure. CRA 2027, NIS2, GDPR Art. 32, DORA, eIDAS 2.0 compliance. sota.io free tier — no credit card.

See Also

• Deploy ProVerif to Europe → — cryptographic protocol verifier, Bruno Blanchet 🇫🇷 (INRIA Paris 🇫🇷), TLS 1.3 + 5G + Signal verified
• Deploy UPPAAL to Europe → — timed automata model checker, Aalborg University 🇩🇰 + Uppsala University 🇸🇪, real-time safety verification
• Deploy Java PathFinder to Europe → — JVM model checker, Klaus Havelund 🇩🇰 (DLR Oberpfaffenhofen 🇩🇪), NASA Deep Space 1
• Deploy Storm to Europe → — probabilistic model checker, Joost-Pieter Katoen 🇩🇪 (RWTH Aachen 🇩🇪), EU AI Act Art. 9
• Deploy CBMC to Europe → — C/C++ bounded model checker, Daniel Kroening 🇩🇪 (Oxford 🇬🇧), AWS s2n-tls, Toyota ISO 26262