Formalizing Constructive Cryptography using CryptHOL

Lochbihler, Andreas; Sefidgar, S. Reza; Basin, David; Maurer, Ueli

doi:10.1109/csf.2019.00018

Cited by 17 publications

(13 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most gamebased security definitions do not provide out-of-the-box composition guarantees, so simulation-based definitions are the preferred choice for analyzing large cryptographic systems, with universal composability (UC) being the gold-standard-UC definitions guarantee secure composition in arbitrary contexts [9]. Work on developing machine-checked UC proofs is relatively nascent [75]- [77], but is an important and natural next step for computational tools.…”

Section: E Computational Security: Discussionmentioning

confidence: 99%

SoK: Computer-Aided Cryptography

Barbosa

Barthe

Bhargavan

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Computer-aided cryptography is an active area of research that develops and applies formal, machine-checkable approaches to the design, analysis, and implementation of cryptography. We present a cross-cutting systematization of the computer-aided cryptography literature, focusing on three main areas: (i) design-level security (both symbolic security and computational security), (ii) functional correctness and efficiency, and (iii) implementation-level security (with a focus on digital side-channel resistance). In each area, we first clarify the role of computer-aided cryptography-how it can help and what the caveats are-in addressing current challenges. We next present a taxonomy of state-of-the-art tools, comparing their accuracy, scope, trustworthiness, and usability. Then, we highlight their main achievements, trade-offs, and research challenges. After covering the three main areas, we present two case studies. First, we study efforts in combining tools focused on different areas to consolidate the guarantees they can provide. Second, we distill the lessons learned from the computer-aided cryptography community's involvement in the TLS 1.3 standardization effort. Finally, we conclude with recommendations to paper authors, tool developers, and standardization bodies moving forward.

show abstract

Section: E Computational Security: Discussionmentioning

confidence: 99%

SoK: Computer-Aided Cryptography

Barbosa

Barthe

Bhargavan

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…There are a number of tools that can be used for reduction based cryptographic proofs such as CertiCrypt [4], CryptHOL [6], EasyCrypt [3] and FCF [36]. These tools were all initially designed for game-based cryptographic proofs however some have been used for simulationbased proofs too; in [11,12,14,29] standalone MPC protocols were considered whereas more recent work [17,33] considers composibility in the form of Constructive Cryptography and Universal Composibility respectively.…”

Section: Rivest Commitment Schemementioning

confidence: 99%

“…Formalisation of cryptography is a maturing area of research; the EasyCrypt framework [2] has captured proofs of low-lying cryptographic primitives [34] as well as MPC [29] and Universal Composibility [17]. Moreover CryptHOL [6] has also considered fundamental primitives [6,13] and MPC protocols [11,12] as well as Constructive Cryptography [33]. Other tools for reasoning about cryptographic proofs in the context of our work include FCF [36], which provides a shallow embedding in Coq for reasoning about cryptography and CertiCrypt [1], a deep embedding in Coq in which the first (and only, before this work) formalisation of Σ-protocols was made [5].…”

Section: Introductionmentioning

confidence: 99%

Formalising $$\varSigma $$-Protocols and Commitment Schemes Using CryptHOL

Butler

Lochbihler²,

Aspinall

et al. 2020

J Autom Reasoning

View full text Add to dashboard Cite

Machine-checked proofs of security are important to increase the rigour of provable security. In this work we present a formalised theory of two fundamental two party cryptographic primitives: $$\varSigma $$ Σ -protocols and Commitment Schemes. $$\varSigma $$ Σ -protocols allow a prover to convince a verifier that they possess some knowledge without leaking information about the knowledge. Commitment schemes allow a committer to commit to a message and keep it secret until revealing it at a later time. We use CryptHOL (Lochbihler in Archive of formal proofs, 2017) to formalise both primitives and prove secure multiple examples namely; the Schnorr, Chaum-Pedersen and Okamoto $$\varSigma $$ Σ -protocols as well as a construction that allows for compound (AND and OR) $$\varSigma $$ Σ -protocols and the Pedersen and Rivest commitment schemes. A highlight of the work is a formalisation of the construction of commitment schemes from $$\varSigma $$ Σ -protocols (Damgard in Lecture notes, 2002). We formalise this proof at an abstract level using the modularity available in Isabelle/HOL and CryptHOL. This way, the proofs of the instantiations come for free.

show abstract

“…This will also be important for us when we want to prove that the system remains secure when we instantiate our lottery functionality with an implementation that has been proved to be secure in isolation. Fortunately, such modular/composible frameworks are being developed more formally [CSV19,LSBM19]. However, only very simple protocols have been proven secure using these, due to the complexity of the frameworks themselves.…”

Section: Related Workmentioning

confidence: 99%

Formalizing Nakamoto-Style Proof of Stake

Thomsen¹,

Spitters²

2020

Preprint

View full text Add to dashboard Cite

Fault-tolerant distributed systems move the trust in a single party to a majority of parties participating in the protocol. This makes blockchain based crypto-currencies possible: they allow parties to agree on a total order of transactions without a trusted third party. To trust a distributed system, the security of the protocol and the correctness of the implementation must be indisputable.We present the first machine checked proof that guarantees both safety and liveness for a consensus algorithm. We verify a Proof of Stake (PoS) Nakamoto-style blockchain (NSB) protocol, using the foundational proof assistant Coq. In particular, we consider a PoS NSB in a synchronous network with a static set of corrupted parties. We define execution semantics for this setting and prove chain growth, chain quality, and common prefix which together implies both safety and liveness.

show abstract

Formalizing Constructive Cryptography using CryptHOL

Cited by 17 publications

References 30 publications

SoK: Computer-Aided Cryptography

SoK: Computer-Aided Cryptography

Formalising $$\varSigma $$-Protocols and Commitment Schemes Using CryptHOL

Formalizing Nakamoto-Style Proof of Stake

Contact Info

Product

Resources

About