Published November 15, 2021 | Version v1
Conference paper Metadata-only

Mechanized Proofs of Adversarial Complexity and Application to Universal Composability

Barbosa, Manuel
Barthe, Gilles
Grégoire, Benjamin
Koutsos, Adrien
Strub, Pierre-Yves
Others:
Faculdade de Ciências da Universidade do Porto (FCUP) ; Universidade do Porto = University of Porto
Institute for Systems and Computer Engineering, Technology and Science [Porto] (INESC TEC)
Max Planck Institute for Security and Privacy [Bochum] (MPI Security and Privacy)
Institute IMDEA Software [Madrid]
Sûreté du logiciel et Preuves Mathématiques Formalisées (STAMP) ; Inria Sophia Antipolis - Méditerranée (CRISAM) ; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)
Programming securely with cryptography (PROSECCO ) ; Inria de Paris ; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)
École polytechnique (X)

Description

In this paper we enhance the EasyCrypt proof assistant to reason about computational complexity of adversaries. The key technical tool is a Hoare logic for reasoning about computational complexity (execution time and oracle calls) of adversarial computations. Our Hoare logic is built on top of the module system used by EasyCrypt for modeling adversaries. We prove that our logic is sound w.r.t. the semantics of EasyCrypt programs-we also provide full semantics for the EasyCrypt module system, which was previously lacking. We showcase (for the first time in EasyCrypt and in other computer-aided cryptographic tools) how our approach can express precise relationships between the probability of adversarial success and their execution time. In particular, we can quantify existentially over adversaries in a complexity class, and express general composition statements in simulation-based frameworks. Moreover, such statements can be composed to derive standard concrete security bounds for cryptographic constructions whose security is proved in a modular way. As a main benefit of our approach, we revisit security proofs of some well-known cryptographic constructions and we present a new formalization of Universal Composability (UC).

Abstract

International audience

Additional details

Identifiers Origin repository
Created:
December 3, 2022
Modified:
November 30, 2023