Automatic Proofs of Privacy of Secure Multi-Party Computation Protocols Against Active Adversaries

We describe an automatic analysis to check secure multiparty computation protocols against privacy leaks. The analysis is sound --- a protocol that is deemed private does not leak anything about its private inputs, even if active attacks are performed against it. Privacy against active adversaries is an essential ingredient in constructions aiming to provide security (privacy + correctness) in adversarial models of intermediate (between passive and active) strength. Using our analysis we are able to show that the protocols used by the Sharemind secure multiparty computation platform are actively private

Verified security of redundancy-free encryption from Rabin and RSA

Verified security provides a firm foundation for cryptographic proofs by means of rigorous programming language techniques and verification methods. EasyCrypt is a framework that realizes the verified security paradigm and supports the machine-checked construction and verification of cryptographic proofs using state-of-the-art SMT solvers, automated theorem provers and interactive proof assistants. Previous experiments have shown that EasyCrypt is effective for a posteriori validation of cryptographic systems. In this paper, we report on the first application of verified security to a novel cryptographic construction, with strong security properties and interesting practical features. Specifically, we use EasyCrypt to prove the IND-CCA security of a redundancy-free public-key encryption scheme based on trapdoor one-way permutations. Somewhat surprisingly, we show that even with a zero-length redundancy, Boneh’s SAEP scheme (an OAEP-like construction with a single-round Feistel network rather than two) converts a trapdoor one-way permutation into an IND-CCA-secure scheme, provided the permutation satisfies two additional properties. We then prove that the Rabin function and RSA with short exponent enjoy these properties, and thus can be used to instantiate the construction we propose to obtain efficient encryption schemes. The reduction that justifies the security of our construction is tigh

Formal verification of cryptographic security proofs

Verifying cryptographic security proofs manually is inherently tedious and error-prone. The game-playing technique for cryptographic proofs advocates a modular proof design where cryptographic programs called games are transformed stepwise such that each step can be analyzed individually. This code-based approach has rendered the formal verification of such proofs using mechanized tools feasible. In the first part of this dissertation we present Verypto: a framework to formally verify game-based cryptographic security proofs in a machine-assisted manner. Verypto has been implemented in the Isabelle proof assistant and provides a formal language to specify the constructs occurring in typical cryptographic games, including probabilistic behavior, the usage of oracles, and polynomial-time programs. We have verified the correctness of several game transformations and demonstrate their applicability by verifying that the composition of 1-1 one-way functions is one-way and by verifying the IND-CPA security of the ElGamal encryption scheme. In a related project Barthe et al. developed the EasyCrypt toolset, which employs techniques from automated program verification to validate game transformations. In the second part of this dissertation we use EasyCrypt to verify the security of the Merkle-Damgård construction - a general design principle underlying many hash functions. In particular we verify its collision resistance and prove that it is indifferentiable from a random oracle.Kryptographische Sicherheitsbeweise manuell zu überprüfen ist mühsam und fehleranfällig. Spielbasierte Beweistechniken ermöglichen einen modularen Beweisaufbau, wobei kryptographische Programme - sog. Spiele - schrittweise so modifiziert werden, dass jeder Schritt einzeln überprüfbar ist. Dieser code-basierte Ansatz erlaubt die computergestützte Verifikation solcher Beweise. Im ersten Teil dieser Dissertation präsentieren wir Verypto: ein System zur computergestützten formalen Verifikation spielbasierter kryptographischer Sicherheitsbeweise. Auf Grundlage des Theorembeweisers Isabelle entwickelt, bietet Verypto eine formale Sprache, mit der sich kryptographische Eigenheiten wie probabilistisches Verhalten, Orakelzugriffe und polynomielle Laufzeit ausdrücken lassen. Wir beweisen die Korrektheit verschiedener Spieltransformationen und belegen deren Anwendbarkeit durch die Verifikation von Beispielen: Wir zeigen, dass Kompositionen von 1-1 Einwegfunktionen auch einweg sind und dass die ElGamal Verschlüsselung IND-CPA sicher ist. In einem ähnlichen Projekt entwickelten Barthe et al. das EasyCrypt System, welches Spieltransformationen mit Methoden der Programmanalyse validiert. Im zweiten Teil dieser Dissertation verwenden wir EasyCrypt und verifizieren die Sicherheit der Merkle-Damgård Konstruktion - ein Designprinzip, das vielen Hashfunktionen zugrunde liegt. Wir zeigen die Kollisionsresistenz der Konstruktion und verifizieren, dass sie sich wie ein Zufallsorakel verhält