Section: New Results

Proofs in cryptography

Participants : Gilles Barthe [IMDEA Software Institute] , Juan Manuel Crespo [IMDEA Software Institute] , Benjamin Grégoire, Sylvain Heraud [Prove&Run] , César Kunz [IMDEA Software Institute] , Yassine Lakhnech [University of Grenoble] , Pierre-Yves Strub [IMDEA Software Institute] , Santiago Zanella Béguelin [IMDEA Software Institute] .

We are continuing our work on providing a user-friendly tool for cryptographers who want to develop formal proofs of correctness, based on Certicrypt and SMT provers. There were invited talks at ITP, CPP, MPP, SAS, and JFLA. There was also an article in ERCIM news, whose contents is more oriented towards the open public. See also the web page http://easycrypt.gforge.inria.fr/ .

As an illustrative example, we proposed a machine-checked proof of a construction of a hash function based on elliptic curves, where the correctness proof uses the Random Oracle Model. The proof is based on an extension of CertiCrypt for reasoning about approximate forms of observational equivalence and uses mathematical results from group theory and elliptic curves.

Thanks to our language-based approach to describing cryptographic constructions and our automatic approach to proving them correct, we can now explore systematically the space of possible designs. Using this approach, we have been able to explore over 1.3 million schemes, including more than 100 variants of OAEP studied in the literature and to prove the correctness of 250,000 schemes for one kind of model and 17,000 for another kind.