EasyPQC: Verifying Post-Quantum Cryptography

EasyCrypt is a formal verification tool used extensively for formalizing concrete security proofs of cryptographic constructions. However, the EasyCrypt formal logics consider only classical at- tackers, which means that post-quantum security proofs cannot be formalized and machine-checked with this tool. In this paper we prove that a natural extension of the EasyCrypt core logics permits capturing a wide class of post-quantum cryptography proofs, settling a question raised by (Unruh, POPL 2019). Leveraging our positive result, we implement EasyPQC, an extension of EasyCrypt for post-quantum security proofs, and use EasyPQC to verify post- quantum security of three classic constructions: PRF-based MAC, Full Domain Hash and GPV08 identity-based encryption.

[1]  T. Lindvall Lectures on the Coupling Method , 1992 .

[2]  Benjamin Grégoire,et al.  Mechanized Proofs of Adversarial Complexity and Application to Universal Composability , 2021, IACR Cryptol. ePrint Arch..

[3]  Gershon Wolansky,et al.  Optimal Transport , 2021 .

[4]  C. Villani Optimal Transport: Old and New , 2008 .

[5]  Jean-Sébastien Coron,et al.  On the Exact Security of Full Domain Hash , 2000, CRYPTO.

[6]  Bohua Zhan,et al.  Formal Verification of Quantum Algorithms Using Quantum Hoare Logic , 2019, CAV.

[7]  Benjamin Grégoire,et al.  EasyCrypt: A Tutorial , 2013, FOSAD.

[8]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[9]  Katrin Baumgartner Logic for Programming, Artificial Intelligence, and Reasoning , 2003, Lecture Notes in Computer Science.

[10]  Mingsheng Ying,et al.  Floyd--hoare logic for quantum programs , 2011, TOPL.

[11]  Robert Rand,et al.  Verification Logics for Quantum Programs , 2019, ArXiv.

[12]  Shih-Han Hung,et al.  Proving Quantum Programs Correct , 2020, ITP.

[13]  Yoshihiko Kakutani,et al.  A Logic for Formal Verification of Quantum Programs , 2009, ASIAN.

[14]  Dominique Unruh,et al.  Revocable Quantum Timed-Release Encryption , 2014, J. ACM.

[15]  Gilles Barthe,et al.  A Quantum Interpretation of Bunched Logic & Quantum Separation Logic , 2021, 2021 36th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[16]  Mark Zhandry,et al.  Revisiting Post-Quantum Fiat-Shamir , 2019, IACR Cryptol. ePrint Arch..

[17]  Elaine Shi,et al.  Symbolic Proofs for Lattice-Based Cryptography , 2018, IACR Cryptol. ePrint Arch..

[18]  Andris Ambainis,et al.  Quantum security proofs using semi-classical oracles , 2019, IACR Cryptol. ePrint Arch..

[19]  윤재량 2004 , 2019, The Winning Cars of the Indianapolis 500.

[20]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[21]  Mark Zhandry,et al.  How to Record Quantum Queries, and Applications to Quantum Indifferentiability , 2019, IACR Cryptol. ePrint Arch..

[22]  Mark Zhandry,et al.  Quantum-Secure Message Authentication Codes , 2013, IACR Cryptol. ePrint Arch..

[23]  Prakash Panangaden,et al.  Quantum weakest preconditions , 2005, Mathematical Structures in Computer Science.

[24]  David Baelde,et al.  An Interactive Prover for Protocol Verification in the Computational Model , 2021, 2021 IEEE Symposium on Security and Privacy (SP).

[25]  Rohit Chadha,et al.  Reasoning About Imperative Quantum Programs , 2006, MFPS.

[26]  Yuan Feng,et al.  Quantum Hoare logic with classical variables , 2020, ACM Transactions on Quantum Computing.

[27]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[28]  Dominique Unruh,et al.  Quantum Hoare Logic with Ghost Variables , 2019, 2019 34th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[29]  Kay Schwieger,et al.  Diagonal Couplings of Quantum Markov Chains , 2014 .

[30]  Li Zhou,et al.  Coupling Techniques for Reasoning about Quantum Programs , 2019, ArXiv.

[31]  Peter Selinger,et al.  Towards a quantum programming language , 2004, Mathematical Structures in Computer Science.

[32]  Mingsheng Ying,et al.  Reasoning about Parallel Quantum Programs , 2018, ArXiv.

[33]  Mingsheng Ying,et al.  Foundations of Quantum Programming , 2016 .

[34]  Lucca Hirschi,et al.  Symbolic Abstractions for Quantum Protocol Verification , 2019, ArXiv.

[35]  Fang Song,et al.  A Note on Quantum Security for Post-Quantum Cryptography , 2014, PQCrypto.

[36]  Mingsheng Ying,et al.  Strassen's theorem for quantum couplings , 2020, Theor. Comput. Sci..

[37]  Andreas J. Winter,et al.  Tight Uniform Continuity Bounds for Quantum Entropies: Conditional Entropy, Relative Entropy Distance and Energy Constraints , 2015, ArXiv.

[38]  Shih-Han Hung,et al.  A verified optimizer for Quantum circuits , 2019, Proc. ACM Program. Lang..

[39]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[40]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[41]  Kai-Min Chung,et al.  On the Compressed-Oracle Technique, and Post-Quantum Security of Proofs of Sequential Work , 2020, IACR Cryptol. ePrint Arch..

[42]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[43]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[44]  Serge Fehr,et al.  Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[45]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[46]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[47]  Dominique Unruh,et al.  Quantum Relational Hoare Logic with Expectations , 2019, ICALP.

[48]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[49]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[50]  Benjamin Grégoire,et al.  Relational Reasoning via Probabilistic Coupling , 2015, LPAR.

[51]  Jennifer Paykin,et al.  QWIRE Practice: Formal Verification of Quantum Circuits in Coq , 2018, QPL.

[52]  Yijun He,et al.  Certified Quantum Computation in Isabelle/HOL , 2020, Journal of Automated Reasoning.

[53]  Shaopeng Zhu,et al.  Quantitative robustness analysis of quantum programs , 2018, Proc. ACM Program. Lang..

[54]  Dominique Unruh,et al.  Local Variables and Quantum Relational Hoare Logic , 2020, ArXiv.

[55]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[56]  Michael Hamburg,et al.  Tighter proofs of CCA security in the quantum random oracle model , 2019, IACR Cryptol. ePrint Arch..

[57]  H. Thorisson Coupling, stationarity, and regeneration , 2000 .

[58]  A. Shamm Identity-based cryptosystems and signature schemes , 1985 .

[59]  Dominique Unruh,et al.  Quantum relational Hoare logic , 2018, Proc. ACM Program. Lang..

[60]  Bryan Parno,et al.  SoK: Computer-Aided Cryptography , 2021, 2021 IEEE Symposium on Security and Privacy (SP).