Paper 2021/397

SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq

Carmine Abate and Philipp G. Haselwarter and Exequiel Rivas and Antoine Van Muylder and Théo Winterhalter and Nikolaj Sidorenco and Catalin Hritcu and Kenji Maillard and Bas Spitters

Abstract

State-separating proofs (SSP) is a recent methodology for structuring game-based cryptographic proofs in a modular way. While very promising, this methodology was previously not fully formalized and came with little tool support. We address this by introducing SSProve, the first general verification framework for machine-checked state-separating proofs. SSProve combines high-level modular proofs about composed protocols, as proposed in SSP, with a probabilistic relational program logic for formalizing the lower-level details, which together enable constructing fully machine-checked cryptographic proofs in the Coq proof assistant. Moreover, SSProve is itself formalized in Coq, including the algebraic laws of SSP, the soundness of the program logic, and the connection between these two verification styles. To illustrate the formal SSP methodology we prove security of ElGamal and PRF-based encryption. We also validate the SSProve approach by conducting two extended case studies. First, we formalize a security proof of the KEM-DEM public key encryption scheme. Second, we formalize security of the sigma-protocol zero-knowledge construction and the associated construction of commitment schemes. We then instantiate the proof and give concrete security bounds for Schnorr's protocol.

Note: This version is an improved and longer version of the CSF 2021 publication. Its main additions are the KEM-DEM and Sigma-protocols case studies.