This work addresses a critical limitation in existing formal methods—such as trace equivalence-based verification—for analyzing privacy properties like unlinkability, which often overlook concurrent and branching behaviors, thereby missing subtle attacks. To overcome this, the authors propose a novel semantic framework that integrates non-interleaving π-calculus with history-preserving bisimulation, introducing for the first time a history-sensitive mechanism into concurrent process models to precisely capture context dependencies during protocol execution. Building on this foundation, they develop a tailored modal logic enabling formal certification of unlinkability attacks. Experimental evaluation demonstrates that the approach consistently uncovers attacks missed by traditional trace equivalence across all tested protocols, significantly enhancing both the completeness and precision of privacy property verification.

An ever-increasing number of critical infrastructures rely heavily on the assumption that security protocols satisfy a wealth of requirements. Hence, the importance of certifying e.g., privacy properties using methods that are better at detecting attacks can hardly be overstated. This paper scrutinises the "unlinkability" privacy property using relations equating behaviours that cannot be distinguished by attackers. Starting from the observation that some reasonable design choice can lead to formalisms missing attacks, we draw attention to a classical concurrent semantics accounting for relationship between past events, and show that there are concurrency-aware semantics that can discover attacks on all protocols we consider.More precisely, we focus on protocols where trace equivalence is known to miss attacks that are observable using branching-time equivalences. We consider the impact of three dimensions: design decisions made by the programmer specifying an unlinkability problem (style), semantics respecting choices during execution (branching-time), and semantics sensitive to concurrency (non-interleaving), and discover that reasonable styles miss attacks unless we give attackers enough power to observe choices and concurrency. Our main contribution is to draw attention to how a popular concurrent semantics -- history-preserving bisimilarity -- when defined for the non-interleaving applied \(π\)-calculus, can discover attacks on all protocols we consider, regardless of the choice of style. Furthermore, we can describe all such attacks using a novel modal logic that is hence suitable to formally certify attacks on privacy properties.