3,126 research outputs found
Two Applications of Logic Programming to Coq
The logic programming paradigm provides a flexible setting for representing, manipulating, checking, and elaborating proof structures. This is particularly true when the logic programming language allows for bindings in terms and proofs. In this paper, we make use of two recent innovations at the intersection of logic programming and proof checking. One of these is the foundational proof certificate (FPC) framework which provides a flexible means of defining the semantics of a range of proof structures for classical and intuitionistic logic. A second innovation is the recently released Coq-Elpi plugin for Coq in which the Elpi implementation of ?Prolog can send and retrieve information to and from the Coq kernel. We illustrate the use of both this Coq plugin and FPCs with two example applications. First, we implement an FPC-driven sequent calculus for a fragment of the Calculus of Inductive Constructions and we package it into a tactic to perform property-based testing of inductive types corresponding to Horn clauses. Second, we implement in Elpi a proof checker for first-order intuitionistic logic and demonstrate how proof certificates can be supplied by external (to Coq) provers and then elaborated into the fully detailed proof terms that can be checked by the Coq kernel
Proofs for free - parametricity for dependent types
Reynolds' abstraction theorem shows how a typing judgement in System F can be translated into a relational statement (in second order predicate logic) about inhabitants of the type. We obtain a similar result for pure type systems: for any PTS used as a programming language, there is a PTS that can be used as a logic for parametricity. Types in the source PTS are translated to relations (expressed as types) in the target. Similarly, values of a given type are translated to proofs that the values satisfy the relational interpretation. We extend the result to inductive families. We also show that the assumption that every term satisfies the parametricity condition generated by its type is consistent with the generated logic
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
Fifty years of Hoare's Logic
We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin
Sheaf semantics of termination-insensitive noninterference
We propose a new sheaf semantics for secure information flow over a space of
abstract behaviors, based on synthetic domain theory: security classes are
open/closed partitions, types are sheaves, and redaction of sensitive
information corresponds to restricting a sheaf to a closed subspace. Our
security-aware computational model satisfies termination-insensitive
noninterference automatically, and therefore constitutes an intrinsic
alternative to state of the art extrinsic/relational models of noninterference.
Our semantics is the latest application of Sterling and Harper's recent
re-interpretation of phase distinctions and noninterference in programming
languages in terms of Artin gluing and topos-theoretic open/closed modalities.
Prior applications include parametricity for ML modules, the proof of
normalization for cubical type theory by Sterling and Angiuli, and the
cost-aware logical framework of Niu et al. In this paper we employ the phase
distinction perspective twice: first to reconstruct the syntax and semantics of
secure information flow as a lattice of phase distinctions between "higher" and
"lower" security, and second to verify the computational adequacy of our sheaf
semantics vis-\`a-vis an extension of Abadi et al.'s dependency core calculus
with a construct for declassifying termination channels.Comment: Extended version of FSCD '22 paper with full technical appendice
- …