Computer-Aided Security Proofs for the Working Cryptographer

@inproceedings{Barthe2011ComputerAidedSP,
  title={Computer-Aided Security Proofs for the Working Cryptographer},
  author={Gilles Barthe and Benjamin Gr{\'e}goire and Sylvain Heraud and Santiago Zanella B{\'e}guelin},
  booktitle={CRYPTO},
  year={2011}
}
We present EasyCrypt, an automated tool for elaborating security proofs of cryptographic systems from proof sketches-compact, formal representations of the essence of a proof as a sequence of games and hints. Proof sketches are checked automatically using off-the-shelf SMT solvers and automated theorem provers, and then compiled into verifiable proofs in the CertiCrypt framework. The tool supports most common reasoning patterns and is significantly easier to use than its predecessors. We argue… 
View via Publisher
link.springer.com
249 Citations
Highly Influential Citations
28
Background Citations
78
Methods Citations
105
Results Citations
2

249 Citations

Citation Type

Citation Type

Formalizing Constructive Cryptography using CryptHOL
TLDR
This paper extends CryptHOL, a framework for game-based proofs, with an abstract model of Random Systems and provides proof rules for their equality and composition, and formalizes security as a special kind of system construction in which a complex system is built from simpler ones.
EasyPQC: Verifying Post-Quantum Cryptography
TLDR
It is proved that a natural extension of the EasyCrypt core logics permits capturing a wide class of post-quantum cryptography proofs, settling a question raised by (Unruh, POPL 2019).
Automated Cryptographic Analysis of the Pedersen Commitment Scheme
TLDR
This paper presents a mechanised formal verification of the popular Pedersen commitment protocol, proving its security properties of correctness, perfect hiding, and computational binding.
Fully automated analysis of padding-based encryption in the computational model
TLDR
This paper presents proof systems for analyzing the chosen-plaintext and chosen-ciphertext security of public-key encryption schemes built from trapdoor permutations and hash functions in the random oracle model, and develops a toolset that bundles together fully automated proof and attack finding algorithms.
Verified security of redundancy-free encryption from Rabin and RSA
TLDR
This paper uses EasyCrypt to prove in the Random Oracle Model the IND-CCA security of a redundancy-free public-key encryption scheme based on trapdoor one-way permutations, and proves that the Rabin function and RSA with short exponent enjoy these properties, and thus can be used to instantiate the construction to obtain efficient encryption schemes.
Automatically Verified Mechanized Proof of One-Encryption Key Exchange
  • B. Blanchet
  • Computer Science, Mathematics
    2012 IEEE 25th Computer Security Foundations Symposium
  • 2012
TLDR
A mechanized proof of the password-based protocol One-Encryption Key Exchange using the computationally-sound protocol prover Crypto Verif, and improves over the standard computation of probabilities when Shoup's lemma is used, which allows it to improve the bound given in a previous manual proof of OEKE.
Automated Analysis and Synthesis of Padding-Based Encryption Schemes
TLDR
Algorithms to search for proofs of security against chosen-plaintext and chosen-ciphertext attacks in the random oracle model and a calculator that computes the security level and efficiency of provably secure schemes that use RSA as trapdoor permutation are provided.
Automation in Computer-Aided Cryptography: Proofs, Attacks and Designs
TLDR
Both frameworks adhere to the gamebased approach to provable security, but revisit its realization from a formal verification pespective, using a probabilistic programming language pWHILE for expressing cryptographic constructions, security properties, and computational assumptions, and a Probabilistic relational Hoare logic pRHL for justifying reasonings in cryptographic proofs.
Mechanizing Game-Based Proofs of Security Protocols
  • B. Blanchet
  • Computer Science, Mathematics
    Software Safety and Security
  • 2012
TLDR
The automatic protocol verifier CryptoVerif is presented; it does not rely on the Dolev-Yao model, but on the computational model, and provides an explicit formula for the probability of success of an attack against the protocol, as a function of the probabilities of breaking each primitive and of the number of sessions.
Automated Proofs of Pairing-Based Cryptography
TLDR
A new tool is implemented, called AutoG&P, which supports extremely compact, and often fully automated, proofs of cryptographic constructions based on (bilinear or multilinear) Diffie-Hellman assumptions, and is implemented to illustrate the strengths of the logic.
...
...

References

SHOWING 1-10 OF 42 REFERENCES
A Computationally Sound Mechanized Prover for Security Protocols
  • B. Blanchet
  • Computer Science, Mathematics
    IEEE Transactions on Dependable and Secure Computing
  • 2008
TLDR
This work presents a new mechanized prover for secrecy properties of security protocols that provides a generic method for specifying security properties of the cryptographic primitives, which can handle shared-key and public-key encryption, signatures, message authentication codes, and hash functions.
Formally Certifying the Security of Digital Signature Schemes
We present two machine-checked proofs of the existentialunforgeability under adaptive chosen-message attacks of the FullDomain Hash signature scheme. These proofs formalize the originalargument of
Formal Certification of ElGamal Encryption
TLDR
This article focuses on a simple but illustrative example, namely the semantic security of the Hashed ElGamal encryption scheme in both, the standard and the random oracle model.
Automated Security Proofs with Sequences of Games
TLDR
This paper presents the first automatic technique for proving not only protocols but also primitives in the exact security computational model, and illustrates the use of the new tool with the proof of a quite famous asymmetric primitive: unforgeability under chosen-message attacks of the Full-Domain Hash signature scheme under the (trapdoor)-one-wayness of some permutations.
Formal certification of code-based cryptographic proofs
TLDR
This work presents Certicrypt, a framework that enables the machine-checked construction and verification of code-based proofs, built upon the general-purpose proof assistant Coq, and draws on many areas, including probability, complexity, algebra, and semantics of programming languages.
Formal Certification of ElGamal Encryption A Gentle Introduction to CertiCrypt
TLDR
This article focuses on a simple but illustrative example, namely the semantic security of the Hashed ElGamal encryption scheme in both, the standard and the random oracle model.
A Machine-Checked Formalization of Sigma-Protocols
TLDR
A first machine-checked formalization of a comprehensive theory of Σ-protocols is presented, which includes basic definitions, relations between different security properties that appear in the literature, and general composability theorems.
Beyond Provable Security Verifiable IND-CCA Security of OAEP
TLDR
A machine-checked proof of OAEP's security against adaptive chosenciphertext attacks under the assumption that the underlying permutation is partial-domain one-way is presented.
Towards automated proofs for asymmetric encryption schemes in the random oracle model
TLDR
An automated procedure for analyzing generic asymmetric encryption schemes in the random oracle model is presented and it has been applied to several examples of encryption schemes among which the construction of Bellare-Rogaway 1993, of Pointcheval at PKC'2000 and REACT.
Computationally sound mechanized proofs for basic and public-key Kerberos
We present a computationally sound mechanized analysis of Kerberos 5, both with and without its public-key extension PKINIT. We prove authentication and key secrecy properties using the prover
...
...