3 research outputs found
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
Revealing Encryption for Partial Ordering
We generalize the cryptographic notion of Order Revealing Encryption (ORE) to arbitrary functions and we present a construction that allows to determine the (partial) ordering of two vectors i.e., given E(x) and E(y) it is possible to learn whether x is less than or equal to y, y is less than or equal to x or whether x and y are incomparable. This is the first non-trivial example of a Revealing Encryption (RE) scheme with output larger than one bit, and which does not rely on cryptographic obfuscation or multilinear maps
A High-Assurance Evaluator for Machine-Checked Secure Multiparty Computation
Secure Multiparty Computation (MPC) enables a group of
distrusting parties to jointly compute a function using private
inputs. MPC guarantees correctness of computation and confidentiality
of inputs if no more than a threshold of the parties are corrupted.
Proactive MPC (PMPC) addresses the stronger threat model of a
mobile adversary that controls a changing set of parties (but
only up to at any instant), and may eventually corrupt all parties over a long time.
This paper takes a first stab at developing high-assurance
implementations of (P)MPC. We formalize in EasyCrypt, a tool-assisted
framework for building high-confidence cryptographic proofs, several
abstract and reusable variations of secret sharing and of (P)MPC protocols
building on them. Using those, we prove a series of abstract theorems for the
proactive setting. We implement and perform computer-checked security
proofs of concrete instantiations of the required (abstract) protocols in
EasyCrypt.
We also develop a new tool-chain to extract
high-assurance executable implementations of protocols formalized and
verified in EasyCrypt. Our tool-chain uses Why as an intermediate tool, and enables us
to extract executable code from our (P)MPC
formalizations. We conduct an evaluation of the extracted executables by
comparing their performance to performance of manually implemented versions using
Python-based Charm framework for prototyping
cryptographic schemes. We argue that the small overhead of our
high-assurance executables is a reasonable price to pay for the
increased confidence about their correctness and security