computer aided security proofs for the working
play

Computer-aided security proofs for the working cryptographer Gilles - PowerPoint PPT Presentation

Jan 14, 2024 •185 likes •630 views

Computer-aided security proofs for the working cryptographer Gilles Barthe Benjamin Grgoire Sylvain Heraud Santiago Zanella Bguelin CRYPTO11, August 15 2011 Monday, August 15, 2011 1 A plea for

  1. Computer-aided security proofs for the working cryptographer Gilles Barthe Benjamin Grégoire Sylvain Heraud Santiago Zanella Béguelin CRYPTO’11, August 15 2011 Monday, August 15, 2011 1

  2. A plea for computer-aided cryptographic proofs A plausible approach to computer-aided cryptographic proofs. Halevi, 2005 Code-Based Game-Playing Proofs and the Security of Triple Encryption. Bellare and Rogaway, 2004-2006 Monday, August 15, 2011 2

  3. A plea for computer-aided cryptographic proofs A plausible approach to computer-aided cryptographic proofs. Halevi, 2005 Code-Based Game-Playing Proofs and the Security of Triple Encryption. Bellare and Rogaway, 2004-2006 A problem with security proofs Do we have a problem with cryptographic proofs? Yes, we do [...] We generate more proofs than we carefully verify (and as a consequence some of our published proofs are incorrect)—Halevi, 2005 In our opinion, many proofs in cryptography have become essentially unverifiable. Our field may be approaching a crisis of rigor—Bellare and Rogaway, 2004-2006 Monday, August 15, 2011 2

  4. A plea for computer-aided cryptographic proofs A plausible approach to computer-aided cryptographic proofs. Halevi, 2005 Code-Based Game-Playing Proofs and the Security of Triple Encryption. Bellare and Rogaway, 2004-2006 A problem with security proofs : a plausible solution I advocate creating an automated tool to help us [...] writing and checking [...] our proofs—Halevi, 2005 The possibility for tools [to help write and verify proofs] has always been one of our motivations, and one of the reasons why we focused on code-based games—Bellare and Rogaway, 2004-2006 Monday, August 15, 2011 2

  5. A primer on computer-aided proofs Monday, August 15, 2011 3

  6. A primer on computer-aided proofs Monday, August 15, 2011 3

  7. A primer on computer-aided proofs Lemma : ∀ r : R , ∃ n : N .r < n Monday, August 15, 2011 3

  8. A primer on computer-aided proofs Lemma : ∀ r : R , ∃ n : N .r < n Proof . intros r ; exists ( ⌈ r ⌉ + 1) . destruct ( nceil spec r ) as ( , H ); exact H. Qed . Monday, August 15, 2011 3

  9. A primer on computer-aided proofs Manual review Lemma : ∀ r : R , ∃ n : N .r < n Proof . intros r ; exists ( ⌈ r ⌉ + 1) . destruct ( nceil spec r ) as ( , H ); exact H. Qed . Monday, August 15, 2011 3

  10. A primer on computer-aided proofs Manual review Lemma : ∀ r : R , ∃ n : N .r < n Proof . intros r ; exists ( ⌈ r ⌉ + 1) . destruct ( nceil spec r ) as ( , H ); exact H. Qed . Automated checking Monday, August 15, 2011 3

  11. A primer on computer-aided proofs Correctness from Manual review Lemma : ∀ r : R , ∃ n : N .r < n first principles Proof . intros r ; exists ( ⌈ r ⌉ + 1) . destruct ( nceil spec r ) as ( , H ); exact H. Qed . Automated checking Monday, August 15, 2011 3

  12. A primer on computer-aided proofs Correctness from Manual review Lemma : ∀ r : R , ∃ n : N .r < n first principles Proof . intros r ; exists ( ⌈ r ⌉ + 1) . destruct ( nceil spec r ) as ( , H ); exact H. Qed . Automated checking 4 colour C seL4 Kepler theorem compiler HyperV conjecture Monday, August 15, 2011 3

  13. A primer on computer-aided proofs Correctness from Manual review Lemma : ∀ r : R , ∃ n : N .r < n first principles Proof . intros r ; exists ( ⌈ r ⌉ + 1) . destruct ( nceil spec r ) as ( , H ); exact H. Qed . Automated checking Monday, August 15, 2011 3

  14. CertiCrypt Formal framework for security proofs: • Code-based game-based technique • Independently verifiable proofs • Applied to FDH, OAEP, Sigma-Protocols, IBE Monday, August 15, 2011 4

  15. CertiCrypt Formal framework for security proofs: • Code-based game-based technique • Independently verifiable proofs • Applied to FDH, OAEP, Sigma-Protocols, IBE High level of Coq expertise and a lot of time Monday, August 15, 2011 4

  16. CertiCrypt Formal framework for security proofs: • Code-based game-based technique • Independently verifiable proofs • Applied to FDH, OAEP, Sigma-Protocols, IBE High level of Coq expertise and a lot of time Exploit state-of-the-art program verification tools! Monday, August 15, 2011 4

  17. From CertiCrypt to EasyCrypt Formal framework for security proofs: • Code-based game-based technique • Independently verifiable proofs • Applied to FDH, OAEP, Sigma-Protocols, IBE High level of Coq expertise and a lot of time Exploit state-of-the-art program verification tools! Computer-assisted security proofs • With moderate effort • Using off-the-shelf tools Simplify Monday, August 15, 2011 4

  18. The essence of game-based proofs Monday, August 15, 2011 5

  19. The essence of game-based proofs Monday, August 15, 2011 5

  20. The essence of game-based proofs Monday, August 15, 2011 5

  21. The essence of game-based proofs Monday, August 15, 2011 5

  22. The essence of game-based proofs Monday, August 15, 2011 5

  23. The essence of game-based proofs Monday, August 15, 2011 5

  24. The essence of game-based proofs Monday, August 15, 2011 5

  25. The essence of game-based proofs Monday, August 15, 2011 5

  26. The essence of game-based proofs Monday, August 15, 2011 5

  27. The essence of game-based proofs Monday, August 15, 2011 5

  28. The essence of game-based proofs Monday, August 15, 2011 5

  29. Automated verification of proof sketches Monday, August 15, 2011 6

  30. Automated verification of proof sketches Inline Monday, August 15, 2011 6

  31. Automated verification of proof sketches Inline Eager Sampling Monday, August 15, 2011 6

  32. Automated verification of proof sketches Inline Eager Sampling Relational invariant Monday, August 15, 2011 6

  33. Automated verification of proof sketches Inline Eager Sampling Witness Relational invariant Monday, August 15, 2011 6

  34. Automated verification of proof sketches Inline Check VC Eager Sampling Witness Relational invariant Monday, August 15, 2011 6

  35. Automated verification of proof sketches Simplify Inline Check VC Eager Sampling Witness Relational invariant Monday, August 15, 2011 6

  36. Automated verification of proof sketches equiv Fact1 : INDCPA.Main ~ G1.Main : {true} ==> ={res} inline KG, Enc; derandomize; auto inv ={L,LA}; pop{2} 1; repeat rnd; trivial;; save;; Simplify Inline Check VC Eager Sampling Witness Relational invariant Monday, August 15, 2011 6

  37. Automated verification of proof sketches equiv Fact1 : INDCPA.Main ~ G1.Main : {true} ==> ={res} inline KG, Enc; derandomize; auto inv ={L,LA}; pop{2} 1; repeat rnd; trivial;; save;; Simplify Monday, August 15, 2011 6

  38. Automated verification of proof sketches equiv Fact1 : INDCPA.Main ~ G1.Main : {true} ==> ={res} inline KG, Enc; derandomize; auto inv ={L,LA}; pop{2} 1; repeat rnd; trivial;; save;; claim Pr1 : INDCPA.Main[res] == G1.Main[res] using Fact1;; Simplify Monday, August 15, 2011 6

  39. Automated verification of proof sketches equiv Fact1 : INDCPA.Main ~ G1.Main : {true} ==> ={res} inline KG, Enc; derandomize; auto inv ={L,LA}; pop{2} 1; repeat rnd; trivial;; save;; claim Pr1 : INDCPA.Main[res] == G1.Main[res] using Fact1;; Simplify Bridging steps Lazy sampling Code motion Algebraic equivs Failure events Reduction steps Monday, August 15, 2011 6

  40. Automated verification of proof sketches equiv Fact1 : INDCPA.Main ~ G1.Main : {true} ==> ={res} inline KG, Enc; derandomize; auto inv ={L,LA}; pop{2} 1; repeat rnd; trivial;; save;; claim Pr1 : INDCPA.Main[res] == G1.Main[res] using Fact1;; Simplify Bridging steps Lazy sampling Code motion Algebraic equivs Failure events Reduction steps Monday, August 15, 2011 6

  41. Case studies Cramer-Shoup encryption system: 10 games, 1650 lines of EasyCrypt, ~100 lines of Coq CertiCrypt EasyCrypt ElGamal 565 190 Hashed ElGamal 1255 243 Full-Domain Hash 2035 509 Cramer-Shoup n/a 1637 OAEP 11162 n/a Significant reduction in: • script size (from × 2 to ÷5 wrt sequence of games) • development time (~10 times faster) • learning time Monday, August 15, 2011 7

  42. Perspectives Computer-assisted security proofs • Can be built with moderate effort • Using off-the-shelf tools • Producing independently verifiable evidence • Work for challenging example: Cramer-Shoup encryption Monday, August 15, 2011 8

  43. Perspectives Computer-assisted security proofs • Can be built with moderate effort • Using off-the-shelf tools • Producing independently verifiable evidence • Work for challenging example: Cramer-Shoup encryption • Distribute (http://certicrypt.gforge.inria.fr/) • Improve and extend • More examples: SHA3, differential privacy Monday, August 15, 2011 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Challenges with provable security Building or verifying reductionist proofs is hard Proofs are long and error-prone Rely on unstated and unverified

921 views • 78 slides
Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute, Spain Computer-aided cryptography Develop tool-assisted methodologies for helping the design, analysis, and implementation of cryptographic

533 views • 26 slides
Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute,

Computer-aided cryptographic proofs Gilles Barthe MPI-SP , Germany IMDEA Software Institute, Spain Computer-aided cryptography Develop tool-assisted methodologies for helping the design, analysis, and implementation of cryptographic

451 views • 43 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Modern

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Modern

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain Modern cryptography Shannon 49 Mathematical proof of security Perfect secrecy is impossible Diffie &amp; Hellman 76 Computational

1.01k views • 98 slides
Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain May 1, 2017

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain May 1, 2017

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain May 1, 2017 S. Halevi: A plausible approach to computer-aided cryptographic proofs M. Bellare and P. Rogaway: Code-Based Game-Playing Proofs and the

619 views • 31 slides
Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July

Computer-aided cryptographic proofs Gilles Barthe IMDEA Software Institute, Madrid, Spain July 18, 2014 Motivation Cryptography is a small but important part of security Proofs are a small but important part of cryptography Hard to

402 views • 17 slides
Computer-aided cryptographic proofs Gilles Barthe &amp; Yassine Lakhnech IMDEA Software

Computer-aided cryptographic proofs Gilles Barthe &amp; Yassine Lakhnech IMDEA Software

Computer-aided cryptographic proofs Gilles Barthe &amp; Yassine Lakhnech IMDEA Software Institute, Madrid, Spain Universit Joseph Fourier &amp; CNRS, Grenoble, France Based on joint work with J.M. Crespo, F. Dupressoir, B. Grgoire, C. Kunz,

746 views • 52 slides
Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1,

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1,

Computer-aided cryptography Gilles Barthe IMDEA Software Institute, Madrid, Spain December 1, 2015 Introduction Two models of cryptography: Computational: strong guarantees but complex proofs Symbolic: automated proofs but weak

1.42k views • 26 slides
Computer-aided cryptographic proofs and designs Gilles Barthe (IMDEA, Spain) Benjamin Grgoire

Computer-aided cryptographic proofs and designs Gilles Barthe (IMDEA, Spain) Benjamin Grgoire

Computer-aided cryptographic proofs and designs Gilles Barthe (IMDEA, Spain) Benjamin Grgoire (INRIA Sophia Antipolis, France) Juan Manuel Crespo (IMDEA, Spain) Francois Dupressoir (IMDEA, Spain) Csar Kunz (IMDEA/U. Politecnica Madrid,

815 views • 44 slides
Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth

Welcome to PROOFS! PROOFS: Security Proofs for Embedded Systems Introduction to the fifth workshop Introduction to the workshop PROOFS: Security Proofs for Embedded Systems UCSB August 20, 2016 5th edition of PROOFS PROOFS 2012:

311 views • 7 slides
Integrated computer-aided working-fluid design and thermoeconomic ORC system optimisation MT

Integrated computer-aided working-fluid design and thermoeconomic ORC system optimisation MT

IV International Seminar on ORC Power Systems 13 15th September, 2017, Milan, Italy Integrated computer-aided working-fluid design and thermoeconomic ORC system optimisation MT White, OA Oyewunmi, MA Chatzopoulou, AM Pantaleo, AJ Haslam and

270 views • 25 slides
Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr

Computer-Aided Privacy Proofs C esar Kunz Joint work with Gilles Barthe, Benjamin Gr egoire, Santiago Zanella-B eguelin 2012.07.10 Provable Privacy Workshop 2012 Privacy for Statistical Databases Privacy for Statistical Databases

721 views • 23 slides
Computer Aided Many sorts of computer assisted/aided Learning learning From PowerPoint

Computer Aided Many sorts of computer assisted/aided Learning learning From PowerPoint

Topics Computer Aided Many sorts of computer assisted/aided Learning learning From PowerPoint presentations to educational Computer Literacy 1 Lecture 14 websites and more Moodle an active e-learning platform 21/10/08 CAL and

99 views • 6 slides
Computer Aided Security : Cryptographic Primitives, Voting protocols, and Wireless Sensor

Computer Aided Security : Cryptographic Primitives, Voting protocols, and Wireless Sensor

Computer Aided Security: Cryptographic Primitives, Voting protocols, and Wireless Sensor Networks Computer Aided Security : Cryptographic Primitives, Voting protocols, and Wireless Sensor Networks Pascal Lafourcade November 6, 2012

624 views • 44 slides
Security Verification with F* Cdric Fournet Catalin Hritcu Aseem Rastogi *the Everest

Security Verification with F* Cdric Fournet Catalin Hritcu Aseem Rastogi *the Everest

Computer-Aided Security Proofs, Aarhus, Oct 9 13 2017 Security Verification with F* Cdric Fournet Catalin Hritcu Aseem Rastogi *the Everest VERified End-to-end Secure Transport Everest*: Verified Drop-in Replacements for TLS/HTTPS

464 views • 34 slides
Why and What is the National 3D CAE Software Computer Aided Engineering Computer Aided

Why and What is the National 3D CAE Software Computer Aided Engineering Computer Aided

Why and What is the National 3D CAE Software Computer Aided Engineering Computer Aided Design Somboon Otarawanna ( ) CAD/CAE Lab (

659 views • 28 slides
Open Social Student Modeling: Visualizing Student Models with Parallel IntrospectiveViews Sharon,

Open Social Student Modeling: Visualizing Student Models with Parallel IntrospectiveViews Sharon,

Open Social Student Modeling: Visualizing Student Models with Parallel IntrospectiveViews Sharon, I-Han Hsiao 1 , Fedor Bakalov 2 , Peter Brusilovsky 1 and Birgitta Knig-Ries 2 1 University of Pittsburgh &amp; 2 University of Jena 2011.07.14

372 views • 26 slides
Convolutional Knowledge Tracing: Modeling Individualization in Student Learning Proces Shuanghong

Convolutional Knowledge Tracing: Modeling Individualization in Student Learning Proces Shuanghong

Convolutional Knowledge Tracing: Modeling Individualization in Student Learning Proces Shuanghong Shen, Qi Liu, Enhong Chen, Han Wu, Zhenya Huang, Weihao Zhao, Yu Su, Haiping Ma, Shijin Wang SIGIR 2020 Anhui Province Key Lab. of Big Data

246 views • 13 slides
Automated Test Data Generation on the Analyses of Feature Models A Metamorphic Testing Approach

Automated Test Data Generation on the Analyses of Feature Models A Metamorphic Testing Approach

Automated Test Data Generation on the Analyses of Feature Models A Metamorphic Testing Approach Sergio Segura 1 , Robert M. Hierons 2 , David Benavides 1 and Antonio Ruiz-Corts 1 1 Department of Computer Languages and Systems, Univesity of

330 views • 28 slides
CASRE Com puter Aided Softw are Reliability Estim ation Agenda Introduction to CASRE How

CASRE Com puter Aided Softw are Reliability Estim ation Agenda Introduction to CASRE How

CASRE Com puter Aided Softw are Reliability Estim ation Agenda Introduction to CASRE How to use CASRE Demo Whats CASRE? Computer Aided Software Reliability Estimation Software reliability measurement tool, easy to

552 views • 33 slides
Wenda Chen Institute for Infocomm Research, A*STAR, Singapore and Nanyang Technological

Wenda Chen Institute for Infocomm Research, A*STAR, Singapore and Nanyang Technological

Wenda Chen Institute for Infocomm Research, A*STAR, Singapore and Nanyang Technological University, Singapore NTU project: Computer Assisted Language Learning System in Singapore English I 2 R project: Statistical analysis of the

399 views • 22 slides
Immediate Adaptation to User Corrections in Post-Editing SMT Patrick Simianer, Sariya Karimova,

Immediate Adaptation to User Corrections in Post-Editing SMT Patrick Simianer, Sariya Karimova,

Immediate Adaptation to User Corrections in Post-Editing SMT Patrick Simianer, Sariya Karimova, Stefan Riezler Heidelberg University, Germany Oct 28, 2016 iMT 2016 : AMTA 2016 Workshop on Interacting with Machine Translation TOC Motivation

518 views • 33 slides
Lecture Notes on CASE-Tools: Together Christoph Vilsmeier Technische Universitt Mnchen

Lecture Notes on CASE-Tools: Together Christoph Vilsmeier Technische Universitt Mnchen

Software Engeneering Lecture Notes on CASE-Tools: Together Christoph Vilsmeier Technische Universitt Mnchen Institut fr Informatik 2 (based on slides from Gnter Teubner) Friday, 10 th Nov. 2000 Christoph Vilsmeier Component based

976 views • 16 slides
Introduction Appreciate Software Engineering: Build complex software systems in the

Introduction Appreciate Software Engineering: Build complex software systems in the

Objectives Introduction Appreciate Software Engineering: Build complex software systems in the Chapter 1 context of frequent change Understand how to produce a high quality software system within the allowed time deal

411 views • 5 slides

More recommend