Section: New Results

Formal study of cryptography

Certicrypt

Participants : Gilles Barthe, Benjamin Grégoire, Sylvain Heraud, Santiago Zanella.

CertiCrypt is a general framework to certify the security of cryptographic primitives in the Coq proof assistant.

We completed a machine-checked proof of the security of OAEP (a widely public-key encryption scheme based on trapdoor permutations) against adaptive chosen ciphertext attacks under the assumption that the underlying permutation is partial-domain one-way. This work has been described in a publication at the conference CT-RSA 2011 in San Francisco [12] .

Easycrypt

Participants : Gilles Barthe [IMDEA] , Benjamin Grégoire, Sylvain Heraud, Anne Pacalet, Santiago Zanella.

Based on our experience with Certicrypt, we started last year the development of the tool Easycrypt. The goal of this work is to provide a friendly tool easily usable by cryptographers without knowledge of formal proof assistants. The idea is to use the techniques formally proved in Certycrypt and to call SMT-provers instead of using Coq. We have applied Easycrypt on a variety of academic examples and one bigger example: the proof of IND-CCA security of the Cramer-Shoup cryptosystem. The drawback of this tool is that it provide less guarantees than Certicrypt for the correctness of the proof. To fill this gap we are now able to generate Coq files (based on Certicrypt) allowing to check the validity of Easycrypt proofs. This work has been described in a publication at the conference CRYPTO 2011 in Santa Barbara and has obtained the best paper Award [11] .