Cryptology ePrint Archive: Report 2014/456

Verified Implementations for Secure and Verifiable Computation

José Bacelar Almeida and Manuel Barbosa and Gilles Barthe and Guillaume Davy and François Dupressoir and Benjamin Grégoire and Pierre-Yves Strub

Abstract: Formal verification of the security of software systems is gradually moving from the traditional focus on idealized models, to the more ambitious goal of producing verified implementations. This trend is also present in recent work targeting the verification of cryptographic software, but the reach of existing tools has so far been limited to cryptographic primitives, such as RSA-OAEP encryption, or standalone protocols, such as SSH. This paper presents a scalable approach to formally verifying implementations of higher-level cryptographic systems, directly in the computational model.

We consider circuit-based cloud-oriented cryptographic protocols for secure and verifiable computation over encrypted data. Our examples share as central component Yao's celebrated transformation of a boolean circuit into an equivalent garbled form that can be evaluated securely in an untrusted environment. We leverage the foundations of garbled circuits set forth by Bellare, Hoang, and Rogaway (CCS 2012, ASIACRYPT 2012) to build verified implementations of garbling schemes, a verified implementation of Yao's secure function evaluation protocol, and a verified (albeit partial) implementation of the verifiable computation protocol by Gennaro, Gentry, and Parno (CRYPTO 2010). The implementations are formally verified using EasyCrypt, a tool-assisted framework for building high-confidence cryptographic proofs, and critically rely on two novel features: a module and theory system that supports compositional reasoning, and a code extraction mechanism for generating implementations from formalizations.

Category / Keywords: implementation / Garbled Circuits, Secure Function Evaluation, Verifiable Computation, Verified Implementations, EasyCrypt

Date: received 13 Jun 2014

Contact author: mbb at di uminho pt

Available format(s): PDF | BibTeX Citation

Version: 20140615:111829 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]