12,961 research outputs found
State Separation for Code-Based Game-Playing Proofs
The security analysis of real-world protocols involves reduction steps that are conceptually simple but still have to account for many protocol complications found in standards and implementations. Taking inspiration from universal composability, abstract cryptography, process algebras, and type-based verification frameworks, we propose a method to simplify large reductions, avoid mistakes in carrying them out, and obtain concise security statements.
Our method decomposes monolithic games into collections of stateful *packages* representing collections of oracles that call one another using well-defined interfaces. Every component scheme yields a pair of a real and an ideal package. In security proofs, we then successively replace each real package with its ideal counterpart, treating the other packages as the reduction. We build this reduction by applying a number of algebraic operations on packages justified by their state separation. Our method handles reductions that emulate the game perfectly, and leaves more complex arguments to existing game-based proof techniques such as the code-based analysis suggested by Bellare and Rogaway. It also facilitates computer-aided proofs, inasmuch as the perfect reductions steps can be automatically discharged by proof assistants.
We illustrate our method on two generic composition proofs: (1) a proof of self-composition using a hybrid argument; and (2) the composition of keying and keyed components. For concreteness, we apply them to the KEM-DEM proof of hybrid-encryption by Cramer and Shoup and to the composition of forward-secure game-based key exchange protocols with symmetric-key protocols
Verified Correctness and Security of mbedTLS HMAC-DRBG
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A),
and we have proved its cryptographic security--that its output is
pseudorandom--using a hybrid game-based proof. We have also proved that the
mbedTLS implementation (C program) correctly implements this functional
specification. That proof composes with an existing C compiler correctness
proof to guarantee, end-to-end, that the machine language program gives strong
pseudorandomness. All proofs (hybrid games, C program verification, compiler,
and their composition) are machine-checked in the Coq proof assistant. Our
proofs are modular: the hybrid game proof holds on any implementation of
HMAC-DRBG that satisfies our functional specification. Therefore, our
functional specification can serve as a high-assurance reference.Comment: Appearing in CCS '1
The AutoProof Verifier: Usability by Non-Experts and on Standard Code
Formal verification tools are often developed by experts for experts; as a
result, their usability by programmers with little formal methods experience
may be severely limited. In this paper, we discuss this general phenomenon with
reference to AutoProof: a tool that can verify the full functional correctness
of object-oriented software. In particular, we present our experiences of using
AutoProof in two contrasting contexts representative of non-expert usage.
First, we discuss its usability by students in a graduate course on software
verification, who were tasked with verifying implementations of various sorting
algorithms. Second, we evaluate its usability in verifying code developed for
programming assignments of an undergraduate course. The first scenario
represents usability by serious non-experts; the second represents usability on
"standard code", developed without full functional verification in mind. We
report our experiences and lessons learnt, from which we derive some general
suggestions for furthering the development of verification tools with respect
to improving their usability.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
Minimal Proof Search for Modal Logic K Model Checking
Most modal logics such as S5, LTL, or ATL are extensions of Modal Logic K.
While the model checking problems for LTL and to a lesser extent ATL have been
very active research areas for the past decades, the model checking problem for
the more basic Multi-agent Modal Logic K (MMLK) has important applications as a
formal framework for perfect information multi-player games on its own.
We present Minimal Proof Search (MPS), an effort number based algorithm
solving the model checking problem for MMLK. We prove two important properties
for MPS beyond its correctness. The (dis)proof exhibited by MPS is of minimal
cost for a general definition of cost, and MPS is an optimal algorithm for
finding (dis)proofs of minimal cost. Optimality means that any comparable
algorithm either needs to explore a bigger or equal state space than MPS, or is
not guaranteed to find a (dis)proof of minimal cost on every input.
As such, our work relates to A* and AO* in heuristic search, to Proof Number
Search and DFPN+ in two-player games, and to counterexample minimization in
software model checking.Comment: Extended version of the JELIA 2012 paper with the same titl
A Continuation Method for Nash Equilibria in Structured Games
Structured game representations have recently attracted interest as models
for multi-agent artificial intelligence scenarios, with rational behavior most
commonly characterized by Nash equilibria. This paper presents efficient, exact
algorithms for computing Nash equilibria in structured game representations,
including both graphical games and multi-agent influence diagrams (MAIDs). The
algorithms are derived from a continuation method for normal-form and
extensive-form games due to Govindan and Wilson; they follow a trajectory
through a space of perturbed games and their equilibria, exploiting game
structure through fast computation of the Jacobian of the payoff function. They
are theoretically guaranteed to find at least one equilibrium of the game, and
may find more. Our approach provides the first efficient algorithm for
computing exact equilibria in graphical games with arbitrary topology, and the
first algorithm to exploit fine-grained structural properties of MAIDs.
Experimental results are presented demonstrating the effectiveness of the
algorithms and comparing them to predecessors. The running time of the
graphical game algorithm is similar to, and often better than, the running time
of previous approximate algorithms. The algorithm for MAIDs can effectively
solve games that are much larger than those solvable by previous methods
- …