Mechanized Proofs of Adversarial Complexity and Application to Universal Composability
Authors: 
Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Pierre-Yves StrubAuthors Info & Claims
Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Pierre-Yves StrubAuthors Info & ClaimsArticle No.: 41, Pages 1 - 34
Abstract
In this work, we enhance the EasyCrypt proof assistant to reason about the computational complexity of adversaries. The key technical tool is a Hoare logic for reasoning about computational complexity (execution time and oracle calls) of adversarial computations. Our Hoare logic is built on top of the module system used by EasyCrypt for modeling adversaries. We prove that our logic is sound w.r.t. the semantics of EasyCrypt programs—we also provide full semantics for the EasyCrypt module system, which was lacking previously.
We showcase (for the first time in EasyCrypt and in other computer-aided cryptographic tools) how our approach can express precise relationships between the probability of adversarial success and their execution time. In particular, we can quantify existentially over adversaries in a complexity class and express general composition statements in simulation-based frameworks. Moreover, such statements can be composed to derive standard concrete security bounds for cryptographic constructions whose security is proved in a modular way. As a main benefit of our approach, we revisit security proofs of some well-known cryptographic constructions and present a new formalization of universal composability.
References
[1]
Elvira Albert, Puri Arenas, Samir Genaim, Miguel Gómez-Zamalloa, German Puebla, D. Ramírez, G. Román, and Damiano Zanardini. 2009. Termination and cost analysis with COSTA and its user interfaces. Electr. Notes Theor. Comput. Sci. 258, 1 (2009), 109–121.
[2]
José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Matthew Campagna, Ernie Cohen, Benjamin Grégoire, Vitor Pereira, Bernardo Portela, Pierre-Yves Strub, and Serdar Tasiran. 2019. A machine-checked proof of security for AWS key management service. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS’19). ACM, New York, NY, 63–78.
[3]
José Bacelar Almeida, Cecile Baritel-Ruet, Manuel Barbosa, Gilles Barthe, François Dupressoir, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Alley Stoughton, and Pierre-Yves Strub. 2019. Machine-checked proofs for cryptographic standards: Indifferentiability of sponge and secure high-assurance implementations of SHA-3. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS’19). ACM, New York, NY, 1607–1622.
[4]
Patrick Baillot, Gilles Barthe, and Ugo Dal Lago. 2015. Implicit computational complexity of subrecursive definitions and applications to cryptographic proofs. In Logic for Programming, Artificial Intelligence, and Reasoning. Lecture Notes in Computer Science, Vol. 9450. Springer, 203–218.
[5]
Manuel Barbosa, Gilles Barthe, Karthikeyan Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, and Bryan Parno. 2021. SoK: Computer-aided cryptography. In Proceedings of the 2021 IEEE Symposium on Security and Privacy (SP’21). IEEE, Los Alamitos, CA, 777–795.
[6]
Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, and Pierre-Yves Strub. 2021. Mechanized proofs of adversarial complexity and application to universal composability. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS’21). ACM, New York, NY, 2541–2563.
[7]
Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, and Pierre-Yves Strub. 2023. Mechanized Proofs of Adversarial Complexity and Application to Universal Composability. Retrieved April 12, 2023 from https://hal.inria.fr/hal-04048217.
[8]
Gilles Barthe, Marion Daubignard, Bruce M. Kapron, and Yassine Lakhnech. 2010. Computational indistinguishability logic. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS’10). ACM, New York, NY, 375–386.
[9]
Gilles Barthe, François Dupressoir, Benjamin Grégoire, César Kunz, Benedikt Schmidt, and Pierre-Yves Strub. 2013. EasyCrypt: A tutorial. In Foundations of Security Analysis and Design VII. Lecture Notes in Computer Science, Vol. 8604. Springer, 146–166.
[10]
Gilles Barthe, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2016. A program logic for union bounds. In 43rd International Colloquium on Automata, Languages, and Programming (ICALP 2016), Ioannis Chatzigiannakis, Michael Mitzenmacher, Yuval Rabani, and Davide Sangiorgi (Eds.). Leibniz International Proceedings in Informatics, Vol. 55. Schloss Dagstuhl–Leibniz-Zentrum für Informatik, Dagstuhl, Germany, Article 107, 15 pages.
[11]
Gilles Barthe, Benjamin Grégoire, and Santiago Zanella Béguelin. 2009. Formal certification of code-based cryptographic proofs. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’09). ACM, New York, NY, 90–101.
[12]
Gilles Barthe, Benjamin Grégoire, Sylvain Heraud, and Santiago Zanella Béguelin. 2011. Computer-aided security proofs for the working cryptographer. In Advances in Cryptology—CRYPTO 2011. Lecture Notes in Computer Science, Vol. 6841. Springer, 71–90.
[13]
David A. Basin, Andreas Lochbihler, and S. Reza Sefidgar. 2020. CryptHOL: Game-based proofs in higher-order logic. J. Cryptology 33, 2 (2020), 494–566.
[14]
Mihir Bellare and Phillip Rogaway. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS’93). ACM, New York, NY, 62–73.
[15]
Bruno Blanchet. 2006. A computationally sound mechanized prover for security protocols. In Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P’06). IEEE, Los Alamitos, CA, 140–154.
[16]
Marc Brockschmidt, Fabian Emmes, Stephan Falke, Carsten Fuhs, and Jürgen Giesl. 2014. Alternating runtime and size complexity analysis of integer programs. In Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, Vol. 8413. Springer, 140–155.
[17]
Chris Brzuska, Antoine Delignat-Lavaud, Cédric Fournet, Konrad Kohbrok, and Markulf Kohlweiss. 2018. State separation for code-based game-playing proofs. In Advances in Cryptology—ASIACRYPT 2018. Lecture Notes in Computer Science, Vol. 11274. Springer, 222–249.
[18]
Ran Canetti. 2000. Universally Composable Security: A New Paradigm for Cryptographic Protocols. Report 2000/067. Cryptology ePrint Archive. https://eprint.iacr.org/2000/067.
[19]
Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science (FOCS’01). IEEE, Los Alamitos, CA, 136–145.
[20]
Ran Canetti. 2001. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Annual Symposium on Foundations of Computer Science(FOCS’01). IEEE, Los Alamitos, CA, 136–145.
[21]
Ran Canetti, Asaf Cohen, and Yehuda Lindell. 2015. A simpler variant of universally composable security for standard multiparty computation. In Advances in Cryptology—CRYPTO 2015. Lecture Notes in Computer Science, Vol. 9216. Springer, 3–22.
[22]
Ran Canetti, Alley Stoughton, and Mayank Varia. 2019. EasyUC: Using easycrypt to mechanize proofs of universally composable security. In Proceedings of the 32nd IEEE Computer Security Foundations Symposium (CSF’19). IEEE, Los Alamitos, CA, 167–183.
[23]
Ugo Dal Lago and Marco Gaboardi. 2011. Linear dependent types and relative completeness. In Proceedings of the 2011 IEEE 26th Annual Symposium on Logic in Computer Science (LICS’11). 133–142.
[24]
The EasyCrypt Development Team. 2021. Source Code of Our EasyCrypt. Retrieved April 12, 2023 from https://github.com/EasyCrypt/easycrypt.
[25]
Oded Goldreich. 2010. On expected probabilistic polynomial-time adversaries: A suggestion for restricted definitions and their benefits. J. Cryptology 23, 1 (2010), 1–36.
[26]
Sumit Gulwani, Krishna K. Mehra, and Trishul Chilimbi. 2009. SPEED: Precise and efficient static estimation of program computational complexity. In Proceedings of the 36th Annual Symposium on Principles of Programming Languages (POPL’09). 127–139.
[27]
Helene Haagh, Aleksandr Karbyshev, Sabine Oechsner, Bas Spitters, and Pierre-Yves Strub. 2018. Computer-aided proofs for multiparty computation with active security. In Proceedings of the 31st IEEE Computer Security Foundations Symposium (CSF’18). IEEE, Los Alamitos, CA, 119–131.
[28]
Shai Halevi. 2005. A Plausible Approach to Computer-Aided Cryptographic Proofs. Paper 2005/181. IACR Cryptology ePrint Archive. http://eprint.iacr.org/2005/181.
[29]
Marcel Hark, Benjamin Lucien Kaminski, Jürgen Giesl, and Joost-Pieter Katoen. 2020. Aiming low is harder: Induction for lower bounds in probabilistic program verification. Proc. ACM Program. Lang. 4, POPL (2020), Article 37, 28 pages.
[30]
Jan Hoffmann. 2011. Types with Potential: Polynomial Resource Bounds via Automatic Amortized Analysis. Ph. D. Dissertation. Ludwig-Maximilians-Universiät München.
[31]
Benjamin Lucien Kaminski, Joost-Pieter Katoen, Christoph Matheja, and Federico Olmedo. 2016. Weakest precondition reasoning for expected run-times of probabilistic programs. In Programming Languages and Systems. Lecture Note in Computer Science, Vol. 9632. Springer, 364–389.
[32]
Dexter Kozen. 1985. A probabilistic PDL. J. Comput. Syst. Sci. 30, 2 (1985), 162–178.
[33]
Xavier Leroy. 1995. Applicative functors and fully transparent higher-order modules. In Proceedings of the 22nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’95). ACM, New York, NY, 142–153.
[34]
Kevin Liao, Matthew A. Hammer, and Andrew Miller. 2019. ILC: A calculus for composable, computational cryptography. In Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’19). ACM, New York, NY, 640–654.
[35]
Carroll Morgan, Annabelle McIver, and Karen Seidel. 1996. Probabilistic predicate transformers. ACM Trans. Program. Lang. Syst. 18, 3 (1996), 325–353.
[36]
Van Chan Ngo, Quentin Carbonneaux, and Jan Hoffmann. 2018. Bounded expectations: Resource analysis for probabilistic programs. In Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’18). ACM, New York, NY, 496–512.
[37]
Hanne Riis Nielson. 1987. A Hoare-like proof system for analysing the computation time of programs. Sci. Comput. Program. 9, 2 (1987), 107–136.
[38]
Adam Petcher and Greg Morrisett. 2015. A mechanized proof of security for searchable symmetric encryption. In Proceedings of the IEEE 28th Computer Security Foundations Symposium (CSF’15). IEEE, Los Alamitos, CA, 481–494.
[39]
Ivan Radicek, Gilles Barthe, Marco Gaboardi, Deepak Garg, and Florian Zuleger. 2018. Monadic refinements for relational cost analysis. Proc. ACM Program. Lang. 2, POPL (2018), Article 36, 32 pages.
[40]
Mike Rosulek. 2020. The Joy of Cryptography. Retrieved April 12, 2023 from https://joyofcryptography.com.
[41]
Asankhaya Sharma, Shengyi Wang, Andreea Costea, Aquinas Hobor, and Wei-Ngan Chin. 2015. Certified reasoning with infinity. In FM 2015: Formal Methods. Lecture Notes in Computer Science, Vol. 9109. Springer, 496–513.
Index Terms
- Mechanized Proofs of Adversarial Complexity and Application to Universal Composability
Recommendations
Mechanized Proofs of Adversarial Complexity and Application to Universal Composability
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications SecurityIn this paper we enhance the EasyCrypt proof assistant to reason about computational complexity of adversaries. The key technical tool is a Hoare logic for reasoning about computational complexity (execution time and oracle calls) of adversarial ...
Mechanized Network Origin and Path Authenticity Proofs
CCS '14: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications SecurityA secure routing infrastructure is vital for secure and reliable Internet services. Source authentication and path validation are two fundamental primitives for building a more secure and reliable Internet. Although several protocols have been proposed ...
Comments
Information & Contributors
Information
Published In
August 2023
640 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 19 July 2023
Online AM: 31 March 2023
Accepted: 13 March 2023
Received: 22 August 2022
Published in TOPS Volume 26, Issue 3
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
- French National Research Agency (ANR)
- National Funds through the FCT (Fundação para a Ciência e a Tecnologia)
- France 2030 program managed by the French National Research Agency
- Office of Naval Research (ONR)
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 128Total Downloads
- Downloads (Last 12 months)75
- Downloads (Last 6 weeks)5
Reflects downloads up to 09 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderFull Text
View this article in Full Text.
Full TextHTML Format
View this article in HTML Format.
HTML Format