CryptHOL: Game-Based Proofs in Higher-Order Logic

Basin, David; Lochbihler, Andreas; Sefidgar, S. Reza

doi:10.1007/s00145-019-09341-z

Cited by 33 publications

(58 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section we briefly introduce the Isabelle notion we use throughout and then highlight and discuss some important aspects of CryptHOL. For more detail on CryptHOL see [6]. The full formalisation is available at [14].…”

Section: Crypthol and Isabelle Backgroundmentioning

confidence: 99%

“…CryptHOL [6] is a framework for reasoning about cryptography in the computational model that is embedded inside the Isabelle/HOL theorem prover. It allows the prover to write probabilistic programs and reason about them.…”

Section: Cryptholmentioning

confidence: 99%

“…CryptHOL [6], formalised in Isabelle, has been used in the game-based setting [16], as well as the simulation-based paradigm [7]. Isabelle is a foundational framework that relies on a set of accepted consistent axioms [10,13] and thus provides a high guarantee of correctness in proofs.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

On the Formalisation of $$\varSigma $$ -Protocols and Commitment Schemes

Butler

Aspinall

Gascón

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

There is a fundamental relationship between Σ-protocols and commitment schemes whereby the former can be used to construct the latter. In this work we provide the first formal analysis in a proof assistant of such a relationship and in doing so formalise Σ-protocols and commitment schemes and provide proofs of security for well known instantiations of both primitives.Every definition and every theorem presented in this paper has been checked mechanically by the Isabelle/HOL proof assistant.

show abstract

Section: Crypthol and Isabelle Backgroundmentioning

confidence: 99%

Section: Cryptholmentioning

confidence: 99%

See 1 more Smart Citation

On the Formalisation of $$\varSigma $$ -Protocols and Commitment Schemes

Butler

Aspinall

Gascón

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…The set of all free variables in a program c is denoted fv (c) and consists of the classical variables fv (e) for all expressions e occurring in c, the classical variables x in subterms x ← e, x $ ← e, 11 This formalization is more suitable for modeling expressions in a formal logical system (and thus for implementing in a theorem prover such as Isabelle or Coq). In this paper, we nevertheless write expressions as formulas with free variables because this leads to more readable formulas.…”

Section: Syntax Of Programsmentioning

confidence: 99%

Quantum relational Hoare logic

Unruh

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We present a logic for reasoning about pairs of interactive quantum programs -quantum relational Hoare logic (qRHL). This logic follows the spirit of probabilistic relational Hoare logic (Barthe et al. 2009) and allows us to formulate how the outputs of two quantum programs relate given the relationship of their inputs. Probabilistic RHL was used extensively for computer-verified security proofs of classical cryptographic protocols. Since pRHL is not suitable for analyzing quantum cryptography, we present qRHL as a replacement, suitable for the security analysis of post-quantum cryptography and quantum protocols. The design of qRHL poses some challenges unique to the quantum setting, e.g., the definition of equality on quantum registers. Finally, we implemented a tool for verifying proofs in qRHL and developed several example security proofs in it.

show abstract

“…Formalisation of cryptography is a maturing area of research; the EasyCrypt framework [2] has captured proofs of low-lying cryptographic primitives [34] as well as MPC [29] and Universal Composibility [17]. Moreover CryptHOL [6] has also considered fundamental primitives [6,13] and MPC protocols [11,12] as well as Constructive Cryptography [33]. Other tools for reasoning about cryptographic proofs in the context of our work include FCF [36], which provides a shallow embedding in Coq for reasoning about cryptography and CertiCrypt [1], a deep embedding in Coq in which the first (and only, before this work) formalisation of Σ-protocols was made [5].…”

Section: Introductionmentioning

confidence: 99%

Formalising $$\varSigma $$-Protocols and Commitment Schemes Using CryptHOL

Butler

Lochbihler²,

Aspinall

et al. 2020

J Autom Reasoning

View full text Add to dashboard Cite

Machine-checked proofs of security are important to increase the rigour of provable security. In this work we present a formalised theory of two fundamental two party cryptographic primitives: $$\varSigma $$ Σ -protocols and Commitment Schemes. $$\varSigma $$ Σ -protocols allow a prover to convince a verifier that they possess some knowledge without leaking information about the knowledge. Commitment schemes allow a committer to commit to a message and keep it secret until revealing it at a later time. We use CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples namely; the Schnorr, Chaum-Pedersen and Okamoto $$\varSigma $$ Σ -protocols as well as a construction that allows for compound (AND and OR) $$\varSigma $$ Σ -protocols and the Pedersen and Rivest commitment schemes. A highlight of the work is a formalisation of the construction of commitment schemes from $$\varSigma $$ Σ -protocols (Damgard in Lecture notes, 2002). We formalise this proof at an abstract level using the modularity available in Isabelle/HOL and CryptHOL. This way, the proofs of the instantiations come for free.

show abstract

CryptHOL: Game-Based Proofs in Higher-Order Logic

Cited by 33 publications

References 60 publications

On the Formalisation of $$\varSigma $$ -Protocols and Commitment Schemes

On the Formalisation of $$\varSigma $$ -Protocols and Commitment Schemes

Quantum relational Hoare logic

Formalising $$\varSigma $$-Protocols and Commitment Schemes Using CryptHOL

Contact Info

Product

Resources

About