# Automated Cryptographic Analysis of the Pedersen Commitment Scheme

@inproceedings{Metere2017AutomatedCA, title={Automated Cryptographic Analysis of the Pedersen Commitment Scheme}, author={Roberto Metere and Changyu Dong}, booktitle={MMM-ACNS}, year={2017} }

Aiming for strong security assurance, recently there has been an increasing interest in formal verification of cryptographic constructions. This paper presents a mechanised formal verification of the popular Pedersen commitment protocol, proving its security properties of correctness, perfect hiding, and computational binding. To formally verify the protocol, we extended the theory of EasyCrypt, a framework which allows for reasoning in the computational model, to support the discrete logarithm…

## 16 Citations

Formalising Σ-Protocols and Commitment Schemes using CryptHOL

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2019

This work presents a formalised theory of two fundamental two party cryptographic primitives: Σ-protocols and Commitment Schemes and uses CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples.

Formal security analysis of MPC-in-the-head zero-knowledge protocols

- Computer Science, Mathematics2021 IEEE 34th Computer Security Foundations Symposium (CSF)
- 2021

To enable a modular security proof, a new security notion for the MPC protocols used in MPC-in-the-head zero-knowledge protocols is developed which allows us to recast existing security proofs in a black-box fashion which the authors believe to be of independent interest.

Formalising $\varSigma$-Protocols and Commitment Schemes Using CryptHOL

- Computer Science, MathematicsJ. Autom. Reason.
- 2021

This work presents a formalised theory of two fundamental two party cryptographic primitives: VarSigma -protocols and Commitment Schemes and uses CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples.

An Improved Range Proof with Base-3 Construction

- Computer Science, Mathematics2021 14th International Conference on Security of Information and Networks (SIN)
- 2021

This study extends Mao's range proof to base-3 with a modified OR-proof, and derives the number of computations in modulo exponentiations and the cost of the numbers of integers exchanged between parties for the base-u construction.

Towards a formally verified implementation of the MimbleWimble cryptocurrency protocol

- Computer Science, MathematicsACNS Workshops
- 2020

This paper outlines the basis of a model-driven verification approach to address the certification of the correctness of a particular implementation of the protocolimbleWimble.

On the Formalisation of Σ-Protocols and Commitment Schemes

- Computer Science, MathematicsPOST
- 2019

This work provides the first formal analysis in a proof assistant of such a relationship and in doing so formalise \(\varSigma \)-protocols and commitment schemes and provide proofs of security for well known instantiations of both primitives.

PPE Circuits: Formal Definition to Software Automation

- Computer ScienceCCS
- 2020

A formalization of PPE circuits, a provably-correct algorithm for searching for a PPE circuit given a description of the trusted and untrusted elements to be verified, and a new open-source software tool called AutoCircuitPPE that realizes this algorithm.

A Formal Analysis of the Mimblewimble Cryptocurrency Protocol

- Computer Science, MathematicsSensors
- 2021

An idealized model is proposed that is key in the described verification process, and sufficient conditions are identified and precisely state sufficient conditions for the authors' model to ensure the verification of relevant security properties of MW.

PPE Circuits for Rational Polynomials

- Computer ScienceCCS
- 2021

This work presents a solution for automatically generating a verification algorithm with novel support for rational polynomials in the exponents of pairing systems, called PPE Circuits (introduced in [HVW20]).

Applied Cryptography and Network Security Workshops: ACNS 2020 Satellite Workshops, AIBlock, AIHWS, AIoTS, Cloud S&P, SCI, SecMT, and SiMLA, Rome, Italy, October 19–22, 2020, Proceedings

- Computer Science, MathematicsACNS Workshops
- 2020

This work outlines the basis of a model-driven verification approach to address the certification of the correctness of an implementation of theimbleWimble protocol.

## References

SHOWING 1-10 OF 38 REFERENCES

Computer-Aided Security Proofs for the Working Cryptographer

- Computer Science, MathematicsCRYPTO
- 2011

It is argued that EasyCrypt is a plausible candidate for adoption by working cryptographers and its application to security proofs of the Cramer-Shoup and Hashed ElGamal cryptosystems is illustrated.

A Machine-Checked Formalization of Sigma-Protocols

- Computer Science, Mathematics2010 23rd IEEE Computer Security Foundations Symposium
- 2010

A first machine-checked formalization of a comprehensive theory of Σ-protocols is presented, which includes basic definitions, relations between different security properties that appear in the literature, and general composability theorems.

Automated Analysis of Diffie-Hellman Protocols and Advanced Security Properties

- Computer Science, Mathematics2012 IEEE 25th Computer Security Foundations Symposium
- 2012

A general approach for the symbolic analysis of security protocols that use Diffie-Hellman exponentiation to achieve advanced security properties using a novel constraint-solving algorithm that supports both falsification and verification, even in the presence of an unbounded number of protocol sessions.

EasyCrypt: A Tutorial

- Computer Science, MathematicsFOSAD
- 2013

Machine-checked frameworks that support the construction and automated verification of cryptographic systems are developed to reason directly in the computational model commonly used by cryptographers to deliver rigorous and detailed mathematical proofs.

A Method for Automatic Cryptographic Protocol Verification

- Computer Science, MathematicsIPDPS Workshops
- 2000

We present an automatic, terminating method for verifying confidentiality properties, and to a lesser extent freshness properties of cryptographic protocols. It is based on a safe abstract…

Verified Computational Differential Privacy with Applications to Smart Metering

- Computer Science, Mathematics2013 IEEE 26th Computer Security Foundations Symposium
- 2013

A significantly enhanced version of EasyCrypt is reported on that accommodates a richer, user-extensible language of probabilistic expressions and supports reasoning about approximate forms of program equivalence, that notably include approximate and computational differential privacy.

Formal certification of code-based cryptographic proofs

- Computer Science, MathematicsPOPL '09
- 2009

This work presents Certicrypt, a framework that enables the machine-checked construction and verification of code-based proofs, built upon the general-purpose proof assistant Coq, and draws on many areas, including probability, complexity, algebra, and semantics of programming languages.

Strong Invariants for the Efficient Construction of Machine-Checked Protocol Security Proofs

- Computer Science, Mathematics2010 23rd IEEE Computer Security Foundations Symposium
- 2010

We embed an operational semantics for security protocols in the interactive theorem prover Isabelle/HOL and derive two strong protocol-independent invariants. These invariants allow us to reason…

Automated Unbounded Analysis of Cryptographic Constructions in the Generic Group Model

- Computer Science, MathematicsEUROCRYPT
- 2016

A new method to automatically prove security statements in the Generic Group Model as they occur in actual papers is developed, and a Master Theorem is proved that relates the security of the construction to the existence of a solution for the associated logical formulas.

An efficient cryptographic protocol verifier based on prolog rules

- Computer Science, MathematicsProceedings. 14th IEEE Computer Security Foundations Workshop, 2001.
- 2001

A new automatic cryptographic protocol verifier based on a simple representation of the protocol by Prolog rules, and on a new efficient algorithm that determines whether a fact can be proved from these rules or not, which proves secrecy properties of the protocols.