Automated Cryptographic Analysis of the Pedersen Commitment Scheme

  title={Automated Cryptographic Analysis of the Pedersen Commitment Scheme},
  author={Roberto Metere and Changyu Dong},
Aiming for strong security assurance, recently there has been an increasing interest in formal verification of cryptographic constructions. This paper presents a mechanised formal verification of the popular Pedersen commitment protocol, proving its security properties of correctness, perfect hiding, and computational binding. To formally verify the protocol, we extended the theory of EasyCrypt, a framework which allows for reasoning in the computational model, to support the discrete logarithm… 
Formalising Σ-Protocols and Commitment Schemes using CryptHOL
This work presents a formalised theory of two fundamental two party cryptographic primitives: Σ-protocols and Commitment Schemes and uses CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples.
Formal security analysis of MPC-in-the-head zero-knowledge protocols
To enable a modular security proof, a new security notion for the MPC protocols used in MPC-in-the-head zero-knowledge protocols is developed which allows us to recast existing security proofs in a black-box fashion which the authors believe to be of independent interest.
Formalising $\varSigma$-Protocols and Commitment Schemes Using CryptHOL
This work presents a formalised theory of two fundamental two party cryptographic primitives: VarSigma -protocols and Commitment Schemes and uses CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples.
An Improved Range Proof with Base-3 Construction
This study extends Mao's range proof to base-3 with a modified OR-proof, and derives the number of computations in modulo exponentiations and the cost of the numbers of integers exchanged between parties for the base-u construction.
Towards a formally verified implementation of the MimbleWimble cryptocurrency protocol
This paper outlines the basis of a model-driven verification approach to address the certification of the correctness of a particular implementation of the protocolimbleWimble.
On the Formalisation of Σ-Protocols and Commitment Schemes
This work provides the first formal analysis in a proof assistant of such a relationship and in doing so formalise \(\varSigma \)-protocols and commitment schemes and provide proofs of security for well known instantiations of both primitives.
PPE Circuits: Formal Definition to Software Automation
A formalization of PPE circuits, a provably-correct algorithm for searching for a PPE circuit given a description of the trusted and untrusted elements to be verified, and a new open-source software tool called AutoCircuitPPE that realizes this algorithm.
A Formal Analysis of the Mimblewimble Cryptocurrency Protocol
An idealized model is proposed that is key in the described verification process, and sufficient conditions are identified and precisely state sufficient conditions for the authors' model to ensure the verification of relevant security properties of MW.
PPE Circuits for Rational Polynomials
This work presents a solution for automatically generating a verification algorithm with novel support for rational polynomials in the exponents of pairing systems, called PPE Circuits (introduced in [HVW20]).
Applied Cryptography and Network Security Workshops: ACNS 2020 Satellite Workshops, AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA, Rome, Italy, October 19–22, 2020, Proceedings
This work outlines the basis of a model-driven verification approach to address the certification of the correctness of an implementation of theimbleWimble protocol.


Computer-Aided Security Proofs for the Working Cryptographer
It is argued that EasyCrypt is a plausible candidate for adoption by working cryptographers and its application to security proofs of the Cramer-Shoup and Hashed ElGamal cryptosystems is illustrated.
A Machine-Checked Formalization of Sigma-Protocols
A first machine-checked formalization of a comprehensive theory of Σ-protocols is presented, which includes basic definitions, relations between different security properties that appear in the literature, and general composability theorems.
Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties
A general approach for the symbolic analysis of security protocols that use Diffie-Hellman exponentiation to achieve advanced security properties using a novel constraint-solving algorithm that supports both falsification and verification, even in the presence of an unbounded number of protocol sessions.
EasyCrypt: A Tutorial
Machine-checked frameworks that support the construction and automated verification of cryptographic systems are developed to reason directly in the computational model commonly used by cryptographers to deliver rigorous and detailed mathematical proofs.
A Method for Automatic Cryptographic Protocol Verification
We present an automatic, terminating method for verifying confidentiality properties, and to a lesser extent freshness properties of cryptographic protocols. It is based on a safe abstract
Verified Computational Differential Privacy with Applications to Smart Metering
A significantly enhanced version of EasyCrypt is reported on that accommodates a richer, user-extensible language of probabilistic expressions and supports reasoning about approximate forms of program equivalence, that notably include approximate and computational differential privacy.
Formal certification of code-based cryptographic proofs
This work presents Certicrypt, a framework that enables the machine-checked construction and verification of code-based proofs, built upon the general-purpose proof assistant Coq, and draws on many areas, including probability, complexity, algebra, and semantics of programming languages.
Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs
We embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow us to reason
Automated Unbounded Analysis of Cryptographic Constructions in the Generic Group Model
A new method to automatically prove security statements in the Generic Group Model as they occur in actual papers is developed, and a Master Theorem is proved that relates the security of the construction to the existence of a solution for the associated logical formulas.
An efficient cryptographic protocol verifier based on prolog rules
  • B. Blanchet
  • Computer Science, Mathematics
    Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001.
  • 2001
A new automatic cryptographic protocol verifier based on a simple representation of the protocol by Prolog rules, and on a new efficient algorithm that determines whether a fact can be proved from these rules or not, which proves secrecy properties of the protocols.