SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq

Carmine Abate; Philipp G. Haselwarter; Exequiel Rivas; Antoine Van Muylder; Théo Winterhalter; Nikolaj Sidorenco; Catalin Hritcu; Kenji Maillard; Bas Spitters

Cryptology ePrint Archive: Report 2021/397

SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq

Carmine Abate and Philipp G. Haselwarter and Exequiel Rivas and Antoine Van Muylder and Théo Winterhalter and Nikolaj Sidorenco and Catalin Hritcu and Kenji Maillard and Bas Spitters

Abstract: State-separating proofs (SSP) is a recent methodology for structuring game-based cryptographic proofs in a modular way. While very promising, this methodology was previously not fully formalized and came with little tool support. We address this by introducing SSProve, the first general verification framework for machine-checked state-separating proofs. SSProve combines high-level modular proofs about composed protocols, as proposed in SSP, with a probabilistic relational program logic for formalizing the lower-level details, which together enable constructing fully machine-checked cryptographic proofs in the Coq proof assistant. Moreover, SSProve is itself formalized in Coq, including the algebraic laws of SSP, the soundness of the program logic, and the connection between these two verification styles. To illustrate the formal SSP methodology we prove security of ElGamal and PRF-based encryption. We also validate the SSProve approach by conducting two extended case studies. First, we formalize a security proof of the KEM-DEM public key encryption scheme. Second, we formalize security of the sigma-protocol zero-knowledge construction and the associated construction of commitment schemes. We then instantiate the proof and give concrete security bounds for Schnorr's protocol.

Category / Keywords: foundations / formal verification, modular cryptographic proofs, state-separating proofs, Coq

Original Publication (with major differences): CSF 2021 (34th IEEE Computer Security Foundations Symposium)

Date: received 24 Mar 2021, last revised 29 Oct 2021

Contact author: catalin hritcu at gmail com, theo winterhalter at gmail com

Available format(s): PDF | BibTeX Citation

Note: This version is an improved and longer version of the CSF 2021 publication. Its main additions are the KEM-DEM and Sigma-protocols case studies.

Version: 20211029:182410 (All versions of this report)

Short URL: ia.cr/2021/397

[ Cryptology ePrint archive ]