SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq

Abate, Carmine; Haselwarter, Philipp G.; Rivas, Exequiel; Muylder, Antoine Van; Winterhalter, Théo; Hriţcu, Cătălin; Maillard, Kenji; Spitters, Bas

doi:10.1109/csf51468.2021.00048

Cited by 17 publications

(8 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note that, due to this verification done by the contract, the contract is able to detect if a party misbehaves. However, we do not prove formally that incorrect proofs do not verify since this is a probabilistic statement better suited for tools like EasyCrypt or SSProve (Abate et al, 2021).…”

Section: Conflicts Of Interestmentioning

confidence: 87%

Extracting functional programs from Coq, in Coq

Annenkov¹,

Milo²,

Nielsen³

et al. 2022

J. Funct. Prog.

Self Cite

View full text Add to dashboard Cite

We implement extraction of Coq programs to functional languages based on MetaCoq’s certified erasure. We extend the MetaCoq erasure output language with typing information and use it as an intermediate representation, which we call ${\lambda^T_\square}$ . We complement the extraction functionality with a full pipeline that includes several standard transformations (e.g. eta-expansion and inlining) implemented in a proof-generating manner along with a verified optimisation pass removing unused arguments. We prove the pass correct wrt. a conventional call-by-value operational semantics of functional languages. From the optimised ${\lambda^T_\square}$ representation, we obtain code in two functional smart contract languages, Liquidity and CameLIGO, the functional language Elm, and a subset of the multi-paradigm language for systems programming Rust. Rust is currently gaining popularity as a language for smart contracts, and we demonstrate how our extraction can be used to extract smart contract code for the Concordium network. The development is done in the context of the ConCert framework that enables smart contract verification. We contribute with two verified real-world smart contracts (boardroom voting and escrow), which we use, among other examples, to exemplify the applicability of the pipeline. In addition, we develop a verified web application and extract it to fully functional Elm code. In total, this gives us a way to write dependently typed programs in Coq, verify, and then extract them to several target languages while retaining a small trusted computing base of only MetaCoq and the pretty-printers into these languages.

show abstract

Section: Conflicts Of Interestmentioning

confidence: 87%

Extracting functional programs from Coq, in Coq

Annenkov¹,

Milo²,

Nielsen³

et al. 2022

J. Funct. Prog.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Step (1) applies "the averaging technique" by representing 𝐴.init() as a family of distributions 𝐷 m 𝐴 . (𝐷 m 𝐴 denotes the distribution in the family corresponding to memory m.) We write 𝜇 1 (𝐷 m 𝐴 , n) for the probability that 𝐷 m 𝐴 assigns to memory configuraion n. Then 𝜇 1 (𝐷 m 𝐴 , n) is the probability of 𝐴.𝑖𝑛𝑖𝑡 () terminating in the memory state n given that it starts in the initial state m. The rest of the computations are run starting from memory configuration n.…”

Section: Proofmentioning

confidence: 99%

“…In particular, a program with variables of type "real" (which is uncountable) would not be rewindable in that sense. 1 A security proof using rewinding would then only apply to rewindable adversaries which is not a restriction from the cryptographic point of view. (Typically, cryptographic adversaries are assumed to operate on data that is representable in a computer.…”

Section: Rewindingmentioning

confidence: 99%

See 1 more Smart Citation

Reflection, rewinding, and coin-toss in EasyCrypt

Firsov

Unruh

2022

Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs

View full text Add to dashboard Cite

In this paper we derive a suite of lemmas which allows users to internally reflect EasyCrypt programs into distributions which correspond to their denotational semantics (probabilistic reflection). Based on this we develop techniques for reasoning about rewinding of adversaries in EasyCrypt. (A widely used technique in cryptology.) We use our reflection and rewindability results to prove the security of a coin-toss protocol.CCS Concepts: • Security and privacy → Logic and verification.

show abstract

“…In our mechanized formalization, the correctness and security guarantees provided by the underlying cryptographic primitives are baked into our semantics and notion of indistinguishability. There is a body of work about formally verified cryptography [Abate et al 2021;Barthe et al 2011Barthe et al , 2009, which could be integrated into our work in the future to provide a stronger formal guarantee. Some of these solutions have focused on verifying multiparty computation [Backes et al 2010;Haagh et al 2018].…”

Section: Related Workmentioning

confidence: 99%

Oblivious algebraic data types

Delaware

2022

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Secure computation allows multiple parties to compute joint functions over private data without leaking any sensitive data, typically using powerful cryptographic techniques. Writing secure applications using these techniques directly can be challenging, resulting in the development of several programming languages and compilers that aim to make secure computation accessible. Unfortunately, many of these languages either lack or have limited support for rich recursive data structures, like trees. In this paper, we propose a novel representation of structured data types, which we call oblivious algebraic data types, and a language for writing secure computations using them. This language combines dependent types with constructs for oblivious computation, and provides a security-type system which ensures that adversaries can learn nothing more than the result of a computation. Using this language, authors can write a single function over private data, and then easily build an equivalent secure computation according to a desired public view of their data.

show abstract

SSProve: A Foundational Framework for Modular Cryptographic Proofs in Coq

Cited by 17 publications

References 47 publications

Extracting functional programs from Coq, in Coq

Extracting functional programs from Coq, in Coq

Reflection, rewinding, and coin-toss in EasyCrypt

Oblivious algebraic data types

Contact Info

Product

Resources

About