EasyUC: using EasyCrypt to mechanize proofs of universally composable security

We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.Accepted manuscrip

An implicit algorithm for validated enclosures of the solutions to variational equations for ODEs

We propose a new algorithm for computing validated bounds for the solutions to the first order variational equations associated to ODEs. These validated solutions are the kernel of numerics computer-assisted proofs in dynamical systems literature. The method uses a high-order Taylor method as a predictor step and an implicit method based on the Hermite-Obreshkov interpolation as a corrector step. The proposed algorithm is an improvement of the $C^1$-Lohner algorithm proposed by Zgliczy\'nski and it provides sharper bounds. As an application of the algorithm, we give a computer-assisted proof of the existence of an attractor set in the R\"ossler system, and we show that the attractor contains an invariant and uniformly hyperbolic subset on which the dynamics is chaotic, that is, conjugated to subshift of finite type with positive topological entropy.Comment: 33 pages, 11 figure

The Epistemology of Simulation, Computation and Dynamics in Economics Ennobling Synergies, Enfeebling 'Perfection'

Lehtinen and Kuorikoski ([73]) question, provocatively, whether, in the context of Computing the Perfect Model, economists avoid - even positively abhor - reliance on simulation. We disagree with the mildly qualified affirmative answer given by them, whilst agreeing with some of the issues they raise. However there are many economic theoretic, mathematical (primarily recursion theoretic and constructive) - and even some philosophical and epistemological - infelicities in their descriptions, definitions and analysis. These are pointed out, and corrected; for, if not, the issues they raise may be submerged and subverted by emphasis just on the unfortunate, but essential, errors and misrepresentationsSimulation, Computation, Computable, Analysis, Dynamics, Proof, Algorithm

Formalizing Size-Optimal Sorting Networks: Extracting a Certified Proof Checker

Since the proof of the four color theorem in 1976, computer-generated proofs have become a reality in mathematics and computer science. During the last decade, we have seen formal proofs using verified proof assistants being used to verify the validity of such proofs. In this paper, we describe a formalized theory of size-optimal sorting networks. From this formalization we extract a certified checker that successfully verifies computer-generated proofs of optimality on up to 8 inputs. The checker relies on an untrusted oracle to shortcut the search for witnesses on more than 1.6 million NP-complete subproblems.Comment: IMADA-preprint-c