Overview        Download        Documentation        Contact        People        Publications

Overview

As cryptographic proofs have become essentially unverifiable, cryptographers have argued in favor of computer-aided proofs. CertiCrypt/EasyCrypt is a toolset that assists the construction and verification of cryptographic proofs; it supports common patterns of reasoning in cryptography, and has been used successfully to prove the security of many examples, including encryption schemes, signature schemes, zero-knowledge protocols and hash functions. Recently, CertiCrypt was extended to reason about differentially private computations.

CertiCrypt/EasyCrypt takes a language-based approach to cryptography: the security of a cryptographic scheme and the cryptographic assumptions upon which its security relies are expressed by means of probabilistic programs, called games; in a similar way, adversarial models are specified in terms of complexity classes, e.g. probabilistic polynomial-time programs. This code-centric view leads to statements that are amenable to formalization and tool-assisted verification. CertiCrypt instruments a rich set of verification techniques for probabilistic programs, including equational theories of observational equivalence, relational Hoare logic, data-flow analysis-based program transformations, and game-based techniques such as eager/lazy sampling and failure events.

The toolset has two main components:

Both components can be used independently. Moreover, an experimental proof-producing mechanism compiles EasyCrypt scripts into verifiable proofs in the CertiCrypt framework.

Download

A release of EasyCrypt is under preparation. Please contact the authors for a pre-release.

Documentation

User guide (under preparation)

Contact

Subscribe to the mailing list for the announcements. User mailing list

People

The CertiCrypt/EasyCrypt project is joint between IMDEA Software Institute and INRIA Sophia-Antipolis Méditerranée. Former members:

Publications

Peer-Reviewed Conferences

  1. M. Backes, G. Barthe, M. Berg, B. Grégoire, C. Kunz, M. Skoruppa, and S. Zanella Béguelin. Verified security of Merkle-Damgård. In 24th IEEE Computer Security Foundations Symposium - CSF 2012. To appear.
    [ BibTeX | PDF ]
  2. G. Barthe, B. Grégoire, S. Heraud, F. Olmedo, S. Zanella Béguelin. Verified Indifferentiable Hashing into Elliptic Curves. In . 1st International Conference on Principles of Security and Trust, volume 7215 of Lecture Notes in Computer Science, pages 209-228, Springer, 2012.
    [ BibTeX | PDF ]
  3. G. Barthe, B. Köpf, F. Olmedo, S. Zanella Béguelin. Probabilistic Reasoning for Differential Privacy. In 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages - POPL 2012. ACM, 2012.
    [ BibTeX | PDF ]
  4. G. Barthe, F. Olmedo, S. Zanella Béguelin. Verifiable Security of Boneh-Franklin Identity-Based Encryption. In 5th International Conference on Provable Security - ProvSec 2011, volume 6980 of Lecture Notes in Computer Science, pages 68-83, Springer, 2011.
    [ BibTeX | PDF ]
  5. G. Barthe, B. Grégoire, S. Heraud, S. Zanella Béguelin. Computer-Aided Security Proofs for the Working Cryptographer. In Advances in Cryptology - CRYPTO 2011, volume 6841 of Lecture Notes in Computer Science, pages 71-90, Springer, 2011.
    Best Paper Award
    [ BibTeX | PDF | URL ]
  6. G. Barthe, B. Grégoire, S. Zanella Béguelin, Y. Lakhnech. Beyond Provable Security. Verifiable IND-CCA Security of OAEP. In Topics in Cryptology - CT-RSA 2011, volume 6558 of Lecture Notes in Computer Science, pages 180-196, Springer, 2011.
    [ BibTeX | PDF | URL ]
  7. G. Barthe, D. Hedin, S. Zanella Béguelin, B. Grégoire, S. Heraud. A Machine-Checked Formalization of Sigma-Protocols. In Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, pages 246-260, IEEE Computer Society, 2010.
    [ BibTeX | PDF | URL | Slides ]
  8. G. Barthe, B. Grégoire, S. Zanella Béguelin. Programming language techniques for cryptographic proofs. In Proceedings of the 1st International Conference on Interactive Theorem Proving, ITP 2010, volume 5491 of Lecture Notes in Computer Science, pages 115-130, Springer, 2010.
    [ BibTeX | PDF | URL | Slides ]
  9. S. Zanella Béguelin, G. Barthe, B. Grégoire, F. Olmedo. Formally certifying the security of digital signature schemes. In Proceedings of the 30th IEEE Symposium on Security and Privacy, S&P 2009, pages 237-250, IEEE Computer Society, 2009.
    [ BibTeX | PDF | URL | Slides ]
  10. G. Barthe, B. Grégoire, S. Zanella Béguelin. Formal certification of code-based cryptographic proofs. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2009, pages 90-101, ACM, 2009.
    [ BibTeX | PDF | URL | Slides ]

Invited Papers

  1. G. Barthe, B. Grégoire, S. Heraud, S. Zanella Béguelin. Formal certification of ElGamal encryption. A gentle introduction to CertiCrypt. In Proceedings of the 5th International Workshop on Formal Aspects in Security and Trust, FAST 2008, volume 5491 of Lecture Notes in Computer Science, pages 1-19, Springer, 2009.
    [ BibTeX | PDF | URL ]

Theses

  1. S. Zanella Béguelin. Formal Certification of Game-Based Cryptographic Proofs. École Nationale Supérieure des Mines de Paris, 2010.
    (2011 EAPLS Best Dissertation Award)
    [ BibTeX | PDF | Slides ]

Acknowledgments

This work was partially funded by INRIA-Microsoft Research Joint Centre, the French ANR project SCALP, the European Project FP7-229599 AMAROUT, Spanish project TIN2009-14599 DESAFIOS 10, Madrid Regional project S2009TIC-1465 PROMETIDOS.