SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq

State-separating proofs (SSP) is a recent methodology for structuring game-based cryptographic proofs in a modular way. While very promising, this methodology was previously not fully formalized and came with little tool support. We address this by introducing SSProve, the first general verification framework for machine-checked state-separating proofs. SSProve combines high-level modular proofs about composed protocols, as proposed in SSP, with a probabilistic relational program logic for formalizing the lower-level details, which together enable constructing fully machine-checked crypto proofs in the Coq proof assistant. Moreover, SSProve is itself formalized in Coq, including the algebraic laws of SSP, the soundness of the program logic, and the connection between these two verification styles.

[1]  Andrew Miller,et al.  ILC: a calculus for composable, computational cryptography , 2019, IACR Cryptol. ePrint Arch..

[2]  Benjamin Grégoire,et al.  Mechanized Proofs of Adversarial Complexity and Application to Universal Composability , 2021, IACR Cryptol. ePrint Arch..

[3]  Andrew W. Appel Verified Software Toolchain - (Invited Talk) , 2011, ESOP.

[4]  W. Marsden I and J , 2012 .

[5]  Paul Hudak,et al.  Monad transformers and modular interpreters , 1995, POPL '95.

[6]  Benjamin Grégoire,et al.  Automated Proofs of Pairing-Based Cryptography , 2015, CCS.

[7]  Richard Barnes,et al.  The Messaging Layer Security (MLS) Protocol , 2019 .

[8]  Benjamin Grégoire,et al.  EasyCrypt: A Tutorial , 2013, FOSAD.

[9]  Mike Rosulek,et al.  The Joy of Cryptography , 2017 .

[10]  Adam Chlipala,et al.  Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[11]  Benjamin Grégoire,et al.  Relational Reasoning via Probabilistic Coupling , 2015, LPAR.

[12]  Gordon D. Plotkin,et al.  Algebraic Operations and Generic Effects , 2003, Appl. Categorical Struct..

[13]  Exequiel Rivas,et al.  The next 700 relational program logics , 2019, Proc. ACM Program. Lang..

[14]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[15]  Benjamin Grégoire,et al.  Fully automated analysis of padding-based encryption in the computational model , 2013, CCS.

[16]  Andrew W. Appel,et al.  Verified Correctness and Security of mbedTLS HMAC-DRBG , 2017, CCS.

[17]  Nikhil Swamy,et al.  Implementing and Proving the TLS 1.3 Record Layer , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[18]  Robert Harper,et al.  Logical Relations as Types: Proof-Relevant Parametricity for Program Modules , 2020, J. ACM.

[19]  François Dupressoir,et al.  Bringing State-Separating Proofs to EasyCrypt A Security Proof for Cryptobox , 2022, 2022 IEEE 35th Computer Security Foundations Symposium (CSF).

[20]  Andrew W. Appel,et al.  Verified Correctness and Security of OpenSSL HMAC , 2015, USENIX Security Symposium.

[21]  Alfredo Pironti,et al.  Proving the TLS Handshake Secure (as it is) , 2014, IACR Cryptol. ePrint Arch..

[22]  Ueli Maurer,et al.  Abstract Cryptography , 2011, ICS.

[23]  Christine Paulin-Mohring,et al.  Proofs of randomized algorithms in Coq , 2006, Sci. Comput. Program..

[24]  Bruno Blanchet,et al.  A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Transactions on Dependable and Secure Computing.

[25]  Chung-Kil Hur,et al.  Interaction trees: representing recursive and impure programs in Coq , 2020, Proc. ACM Program. Lang..

[26]  Steve Zdancewic,et al.  Dijkstra monads forever: termination-sensitive specifications for interaction trees , 2021, Proc. ACM Program. Lang..

[27]  Cédric Fournet,et al.  State Separation for Code-Based Game-Playing Proofs , 2018, ASIACRYPT.

[28]  Claudio V. Russo,et al.  F-ing modules , 2010, TLDI '10.

[29]  Pierre-Yves Strub,et al.  A Machine-Checked Proof of Security for AWS Key Management Service , 2019, IACR Cryptol. ePrint Arch..

[30]  Ran Canetti,et al.  EasyUC: Using EasyCrypt to Mechanize Proofs of Universally Composable Security , 2019, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[31]  Gordon D. Plotkin,et al.  Handlers of Algebraic Effects , 2009, ESOP.

[32]  Elaine Shi,et al.  IPDL: A Simple Framework for Formally Verifying Distributed Cryptographic Protocols , 2021, IACR Cryptol. ePrint Arch..

[33]  Pierre-Yves Strub,et al.  Dependent types and multi-monadic effects in F* , 2016, POPL.

[34]  Andrew W. Appel,et al.  Verified Software Toolchain , 2012, NASA Formal Methods.

[35]  J. Gregory Morrisett,et al.  The Foundational Cryptography Framework , 2014, POST.

[36]  Benjamin Grégoire,et al.  Computer-Aided Security Proofs for the Working Cryptographer , 2011, CRYPTO.

[37]  Benjamin Grégoire,et al.  Formal certification of code-based cryptographic proofs , 2009, POPL '09.

[38]  Roman Fric,et al.  A Categorical Approach to Probability Theory , 2010, Stud Logica.

[39]  Mihir Bellare,et al.  Code-Based Game-Playing Proofs and the Security of Triple Encryption , 2004, IACR Cryptol. ePrint Arch..

[40]  Ueli Maurer,et al.  Formalizing Constructive Cryptography using CryptHOL , 2019, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[41]  ROBIN MILNER,et al.  Edinburgh Research Explorer A Calculus of Mobile Processes, I , 2003 .

[42]  Ran Canetti,et al.  Universally Composable Security , 2020, J. ACM.

[43]  Shai Halevi,et al.  A plausible approach to computer-aided cryptographic proofs , 2005, IACR Cryptol. ePrint Arch..

[44]  Philip Wadler,et al.  Comprehending monads , 1990, Mathematical Structures in Computer Science.

[45]  Ueli Maurer,et al.  Constructive Cryptography - A New Paradigm for Security Definitions and Proofs , 2011, TOSCA.

[46]  Eugenio Moggi,et al.  Computational lambda-calculus and monads , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[47]  Reynald Affeldt,et al.  Competing Inheritance Paths in Dependent Type Theory: A Case Study in Functional Analysis , 2020, IJCAR.

[48]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[49]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[50]  David A. Basin,et al.  CryptHOL: Game-Based Proofs in Higher-Order Logic , 2020, Journal of Cryptology.