Formal Proof of Provable Security by Game-Playing in a Proof Assistant

  • Reynald Affeldt
  • Miki Tanaka
  • Nicolas Marti
Conference paper

DOI: 10.1007/978-3-540-75670-5_10

Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)
Cite this paper as:
Affeldt R., Tanaka M., Marti N. (2007) Formal Proof of Provable Security by Game-Playing in a Proof Assistant. In: Susilo W., Liu J.K., Mu Y. (eds) Provable Security. ProvSec 2007. Lecture Notes in Computer Science, vol 4784. Springer, Berlin, Heidelberg

Abstract

Game-playing is an approach to write security proofs that are easy to verify. In this approach, security definitions and intractable problems are written as programs called games and reductionist security proofs are sequences of game transformations. This bias towards programming languages suggests the implementation of a tool based on compiler techniques (syntactic program transformations) to build security proofs, but it also raises the question of the soundness of such a tool. In this paper, we advocate the formalization of game-playing in a proof assistant as a tool to build security proofs. In a proof assistant, starting from just the formal definition of a probabilistic programming language, all the properties required in game-based security proofs can be proved internally as lemmas whose soundness is ensured by proof theory. Concretely, we show how to formalize the game-playing framework of Bellare and Rogaway in the Coq proof assistant, how to prove formally reusable lemmas such as the fundamental lemma of game-playing, and how to use them to formally prove the PRP/PRF Switching Lemma.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Reynald Affeldt
    • 1
  • Miki Tanaka
    • 2
  • Nicolas Marti
    • 3
  1. 1.Research Center for Information Security, National Institute of Advanced Industrial Science and Technology 
  2. 2.Information Security Research Center, National Institute of Information and Communications Technology 
  3. 3.Department of Computer Science, University of Tokyo 

Personalised recommendations