Probabilistic relational verification for cryptographic implementations

Authors:
Gilles Barthe;Cédric Fournet;Benjamin Grégoire;Pierre-Yves Strub;Nikhil Swamy;Santiago Zanella-Béguelin
Affiliations:
IMDEA Software Institute, Madrid, Spain;Microsoft Research, Cambridge, United Kingdom;Inria Sophia Antipolis - Méditerranée, Sophia Antipolis, France;IMDEA Software Institute, Madrid, Spain;Microsoft Research, Seattle, WA, USA;Microsoft Research, Cambridge, United Kingdom
Venue:
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Year:
2014

Citing 39
Cited 0

Stochastic lambda calculus and monads of probability distributions

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An indexed model of recursive types for foundational proof-carrying code

ACM Transactions on Programming Languages and Systems (TOPLAS)
Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing

CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Logics for probabilistic programming (Extended Abstract)

STOC '80 Proceedings of the twelfth annual ACM symposium on Theory of computing
Simple relational correctness proofs for static analyses and program transformations

Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)

Abstraction, Refinement And Proof For Probabilistic Systems (Monographs in Computer Science)
A probabilistic language based upon sampling functions

Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Private authentication

Theoretical Computer Science - Special issue: Foundations of wide area network computing
Probabilistic guarded commands mechanized in HOL

Theoretical Computer Science - Quantitative aspects of programming languages (QAPL 2004)
Reasoning about probabilistic sequential programs

Theoretical Computer Science
Ynot: dependent types for imperative programs

Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Formal certification of code-based cryptographic proofs

Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proofs of randomized algorithms in Coq

Science of Computer Programming
Embedded Probabilistic Programming

DSL '09 Proceedings of the IFIP TC 2 Working Conference on Domain-Specific Languages
Modular verification of security protocol code by typing

Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Z3: an efficient SMT solver

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Hyperproperties

Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Beyond provable security verifiable IND-CCA security of OAEP

CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Measure transformer semantics for Bayesian machine learning

ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Partiality, state and dependent types

TLCA'11 Proceedings of the 10th international conference on Typed lambda calculi and applications
Computer-aided security proofs for the working cryptographer

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Secure distributed programming with value-dependent types

Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
Privacy-preserving smart metering

Proceedings of the 10th annual ACM workshop on Privacy in the electronic society
Modular code-based cryptographic verification

Proceedings of the 18th ACM conference on Computer and communications security
Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols

CSF '11 Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium
Probabilistic relational reasoning for differential privacy

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Self-certification: bootstrapping certified typecheckers in F* with Coq

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A traceability attack against e-passports

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Continuity and robustness of programs

Communications of the ACM
Security protocol verification: symbolic and computational models

POST'12 Proceedings of the First international conference on Principles of Security and Trust
Language-based information-flow security

IEEE Journal on Selected Areas in Communications
A Framework for the Cryptographic Verification of Java-Like Programs

CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
From Computationally-proved Protocol Specifications to Implementations

ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
Computational verification of C protocol implementations by symbolic execution

Proceedings of the 2012 ACM conference on Computer and communications security
Verifying higher-order programs with the dijkstra monad

Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Implementing TLS with Verified Cryptographic Security

SP '13 Proceedings of the 2013 IEEE Symposium on Security and Privacy
Dependent types for enforcement of information flow and erasure policies in heterogeneous data structures

Proceedings of the 15th Symposium on Principles and Practice of Declarative Programming
Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Relational program logics have been used for mechanizing formal proofs of various cryptographic constructions. With an eye towards scaling these successes towards end-to-end security proofs for implementations of distributed systems, we present RF*, a relational extension of F*, a general-purpose higher-order stateful programming language with a verification system based on refinement types. The distinguishing feature of F* is a relational Hoare logic for a higher-order, stateful, probabilistic language. Through careful language design, we adapt the F* typechecker to generate both classic and relational verification conditions, and to automatically discharge their proofs using an SMT solver. Thus, we are able to benefit from the existing features of F*, including its abstraction facilities for modular reasoning about program fragments. We evaluate RF* experimentally by programming a series of cryptographic constructions and protocols, and by verifying their security properties, ranging from information flow to unlinkability, integrity, and privacy. Moreover, we validate the design of RF* by formalizing in Coq a core probabilistic λ calculus and a relational refinement type system and proving the soundness of the latter against a denotational semantics of the probabilistic lambda λ calculus.