Equational Reasoning for Verified Cryptographic Security
| dc.contributor.author | Gancher, Joshua | |
| dc.contributor.chair | Shi, Runting | |
| dc.contributor.committeeMember | Rooth, Mats | |
| dc.contributor.committeeMember | Morrisett, Greg | |
| dc.date.accessioned | 2022-01-24T18:08:15Z | |
| dc.date.available | 2022-01-24T18:08:15Z | |
| dc.date.issued | 2021-12 | |
| dc.description | 150 pages | |
| dc.description.abstract | Modern software systems today have increasingly complex security requirements – such as supporting privacy-preserving computations, or resistance against quantum attackers – that are fulfilled by advanced forms of cryptography. At the same time, these advanced forms of cryptography often have subtle security proofs that require careful auditing. To ensure security, it is thus crucial to formally verify the security of the underlying cryptography, and to do so in a manner that is approachable to cryptographers. This thesis explores the use of equational reasoning to conduct machine-checked security proofs. Equational reasoning is pervasive in cryptography, as it underlies the concepts of game-hopping hybrids and the simulation paradigm; thus, optimizing formal tools for equational reasoning delivers machine-checked proofs closer to their on-paper counterparts.We first present AutoLWE, a prover for cryptographic primitives that sup- ports reasoning about lattices. AutoLWE is built around deducibility, which (semi-) automatically applies hardness assumptions by partitioning the security game into an application of the hardness assumption with a context. Using AutoLWE, we deliver very short proofs of several representative constructions, including Public-Key Encryption, Identity-Based Encryption, and Inner Product Encryption. We then present IPDL, a simple calculus and equational logic for distributed, interactive cryptographic protocols in the computational model. The purpose of IPDL is to prove simulation results between real and idealized protocols in the style of Universal Composability (UC) [Can01]. IPDL does so by restricting its attention to straight-line protocols, a particularly simple but expressive subset of protocols. Using IPDL, we deliver short proofs of multiple case studies, including a semi-honest multiparty computation protocol over general circuits [GMW87], and an n-party coin toss protocol [Blu83]. | |
| dc.identifier.doi | https://doi.org/10.7298/dxv0-m259 | |
| dc.identifier.other | Gancher_cornellgrad_0058F_12775 | |
| dc.identifier.other | http://dissertations.umi.com/cornellgrad:12775 | |
| dc.identifier.uri | https://hdl.handle.net/1813/110901 | |
| dc.language.iso | en | |
| dc.rights | Attribution 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | |
| dc.subject | Cryptography | |
| dc.subject | Equational Reasoning | |
| dc.subject | Formal Methods | |
| dc.subject | Protocols | |
| dc.title | Equational Reasoning for Verified Cryptographic Security | |
| dc.type | dissertation or thesis | |
| dcterms.license | https://hdl.handle.net/1813/59810.2 | |
| thesis.degree.discipline | Computer Science | |
| thesis.degree.grantor | Cornell University | |
| thesis.degree.level | Doctor of Philosophy | |
| thesis.degree.name | Ph. D., Computer Science |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Gancher_cornellgrad_0058F_12775.pdf
- Size:
- 959.86 KB
- Format:
- Adobe Portable Document Format