« search calendars« DIMACS/MACS Workshop on Usable, Efficient, and Formally Verified Secure Computation

« EasyUC: Using EasyCrypt to Mechanize Proofs of Universally Composable Security

EasyUC: Using EasyCrypt to Mechanize Proofs of Universally Composable Security

March 14, 2019, 9:35 AM - 10:15 AM


Barrister's Hall - first floor

Boston University Law School

765 Commonwealth Avenue

Boston, MA 02215

Alley Stoughton, Boston University

We show how one can use the EasyCrypt proof assistant to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework.  This allows, for the first time, the mechanization of the entire sequence of steps needed for proving simulation-based security in a modular way:

(*) specifying the real protocol and desired ideal functionality;

(*) constructing a simulator and demonstrating its validity, possibly via reduction to hard computational problems;

(*) invoking the universal composition operation and demonstrating that it indeed preserves security.

We work with a variant of UC security in which real protocols, ideal functionalities, adversaries, simulators and environments are represented by modules in the EasyCrypt programming language (as opposed to interactive Turing machines). We formalize a UC message routing system based on hierarchical addresses, and employ an interface module that firewalls the environment from a real protocol/ideal functionality and adversary/simulator.

We illustrate our approach on a recently completed case study involving one-time-pad encryption, where the key comes from Diffie-Hellman key-exchange. We conclude by surveying the lessons learned from our case study, and pointing the way toward future work.

Joint work with Ran Canetti and Mayank Varia.