Cryptology ePrint Archive: Report 2022/401

A Logic and an Interactive Prover for the Computational Post-Quantum Security of Protocols

Cas Cremers and Caroline Fontaine and Charlie Jacomme

Abstract: We provide the first mechanized post-quantum sound security protocol proofs. We achieve this by developing PQ-BC, a computational first-order logic that is sound with respect to quantum attackers, and corresponding mechanization support in the form of the PQ-Squirrel prover. Our work builds on the classical BC logic [Bana,Comon,CCS14] and its mechanization in the Squirrel prover [BDJKM,S&P21]. Our development of PQ-BC requires making the BC logic sound for a single interactive quantum attacker. We implement the PQ-Squirrel prover by modifying Squirrel , relying on the soundness results of PQ-BC and enforcing a set of syntactic conditions; additionally, we provide new tactics for the logic that extend the tool’s scope. Using PQ-Squirrel , we perform several case studies, thereby giving the first mechanical proofs of their computational post- quantum security. These include two generic constructions of KEM based key exchange, two sub-protocols from IKEv1 and IKEv2, and a proposed post-quantum variant of Signal’s X3DH protocol. Additionally, we use PQ-Squirrel to prove that several classical Squirrel case-studies are already post-quantum sound. We provide the sources of PQ-Squirrel and all our models for reproducibility, as well as a long version of this paper with full details.

Category / Keywords: foundations / Security Protocols, Post Quantum, Formal Methods, Observational Equivalence, Computational Security, Interactive Prover.

Original Publication (with major differences): S&P 2022

Date: received 28 Mar 2022

Contact author: charlie jacomme at cispa de

Available format(s): PDF | BibTeX Citation

Version: 20220328:144840 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]