Section: New Software and Platforms

CryptoVerif

Cryptographic protocol verifier in the computational model

Keywords: Security - Verification - Cryptographic protocol

Functional Description: CryptoVerif is an automatic protocol prover sound in the computational model. In this model, messages are bitstrings and the adversary is a polynomial-time probabilistic Turing machine. CryptoVerif can prove secrecy and correspondences, which include in particular authentication. It provides a generic mechanism for specifying the security assumptions on cryptographic primitives, which can handle in particular symmetric encryption, message authentication codes, public-key encryption, signatures, hash functions, and Diffie-Hellman key agreements. It also provides an explicit formula that gives the probability of breaking the protocol as a function of the probability of breaking each primitives, this is the exact security framework.

News Of The Year: Bruno Blanchet modified ProVerif and CryptoVerif to improve the compatibility between these two tools (see the section on ProVerif). This feature is released in CryptoVerif 2.00.

Bruno Blanchet implemented several extensions of CryptoVerif, in particular: 1) reworked the model of Diffie-Hellman key agreements, in particular to account for the absence of public key validation in popular Diffie-Hellman groups like Curve25519, which is used in many modern protocols, 2) support for the proof of indistinguishability between two games given by the user, 3) facilitate the interactive proofs. Program points, used for instance to insert case distinctions, can now be designated as the line that matches a regular expression, instead of using a number. This is much more stable in case the protocol model is slightly modified. Groups of variables can be designated as all variables that match a regular expression. These features are not released yet.

• Participants: Bruno Blanchet and David Cadé

• Contact: Bruno Blanchet

• Publications: Composition Theorems for CryptoVerif and Application to TLS 1.3 - Composition Theorems for CryptoVerif and Application to TLS 1.3 - Proved Implementations of Cryptographic Protocols in the Computational Model - Proved Generation of Implementations from Computationally Secure Protocol Specifications - Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate - Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate - Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols - Automated Verification for Secure Messaging Protocols and Their Implementations: A Symbolic and Computational Approach

• URL: http://cryptoverif.inria.fr/