Modular Code-Based Cryptographic Verification
Type systems are effective tools for verifying the security of cryptographic programs.
They provide automation, modularity and scalability, and have been applied to large security protocols.
However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models.
Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks.
These models are more realistic, but they are harder to formalize and automate.
We present the first modular automated program verification method based on standard cryptographic assumptions.
We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces, using~F7, a refinement type checker coupled with Z3, an SMT-solver.
We develop a probabilistic variant of RCF, the core calculus of F7, and formalize its type safety in~Coq.
We develop typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties against chosen plaintext and chosen ciphertext attacks.
We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces.
We illustrate our method on a series of protocol implementations.
CCS'11 paper (.pdf);
Extended draft (.pdf);
F#/F7 files (.tar);
Coq/SSReflect proofs (.tar).
Related work on symbolic cryptographic verification