Formal Proof of Provable Security by Game-Playing in a Proof Assistant

  • Reynald Affeldt
  • Miki Tanaka
  • Nicolas Marti
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)


Game-playing is an approach to write security proofs that are easy to verify. In this approach, security definitions and intractable problems are written as programs called games and reductionist security proofs are sequences of game transformations. This bias towards programming languages suggests the implementation of a tool based on compiler techniques (syntactic program transformations) to build security proofs, but it also raises the question of the soundness of such a tool. In this paper, we advocate the formalization of game-playing in a proof assistant as a tool to build security proofs. In a proof assistant, starting from just the formal definition of a probabilistic programming language, all the properties required in game-based security proofs can be proved internally as lemmas whose soundness is ensured by proof theory. Concretely, we show how to formalize the game-playing framework of Bellare and Rogaway in the Coq proof assistant, how to prove formally reusable lemmas such as the fundamental lemma of game-playing, and how to use them to formally prove the PRP/PRF Switching Lemma.


Formal Proof Block Cipher Random Oracle Logical Predicate Proof Theory 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The LogiCal Project, INRIA. The Coq proof assistant,
  2. 2.
    Thompson, S.: Type Theory and Functional Programming. Addison-Wesley, Reading (1991)zbMATHGoogle Scholar
  3. 3.
    Winskel, G.: The Formal Semantics of Programming Languages. MIT Press, Cambridge (1993)zbMATHGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random Oracle are Practical: A Paradigm for Designing Efficient Protocols. In: CCS 1993. 1st ACM Conference on Computer and Communications Security, pp. 62–73. ACM Press, New YorkGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: The Exact Security of Digital Signatures—How to Sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  6. 6.
    Shoup, V.: Sequence of Games: A Tool for Taming Complexity in Security Proofs. Manuscript (2004) (Revised 2006), available at
  7. 7.
    Bellare, M., Rogaway, P.: Code-Based Game-Playing Proofs and the Security of Triple Encryption. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Pointcheval, D.: Provable Security for Public Key Schemes. In: Contemporary Cryptology, Advanced Courses in Mathematics CRM Barcelona, pp. 133–189. Birkhäuser Publishers (2005)Google Scholar
  9. 9.
    Halevi, S.: A plausible approach to computer-aided cryptographic proofs. Cryptology ePrint Archive: Report (2005)/181Google Scholar
  10. 10.
    Tarento, S.: Machine-Checked Security Proofs of Cryptographic Signature Schemes. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 140–158. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Marti, N., Affeldt, R., Yonezawa, A.: Formal Verification of the Heap Manager of an Operating System using Separation Logic. In: Liu, Z., He, J. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 400–419. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Corin, R., den Hartog, J.: A Probabilistic Hoare-style Logic for Game-Based Cryptographic Proofs. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 252–263. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  13. 13.
    Blanchet, B., Pointcheval, D.: Automated Security Proofs with Sequences of Games. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 537–554. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Affeldt, R., Marti, N.: An Approach to Formal Verification of Arithmetic Functions in Assembly. In: 11th Annual Asian Computing Science Conference (ASIAN 2006), Focusing on Secure Software and Related Issues, Lecture Notes in Computer Science. Springer, Heidelberg (to appear, 2007)Google Scholar
  15. 15.
    Nowak, D.: A Framework for Game-Based Security Proofs. Cryptology ePrint Archive: Report (2007)/199Google Scholar
  16. 16.
    Affeldt, R., Tanaka, M., Marti, N.: Formal Proof of Provable Security by Game-playing in a Proof Assistant. Coq scripts, available at

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Reynald Affeldt
    • 1
  • Miki Tanaka
    • 2
  • Nicolas Marti
    • 3
  1. 1.Research Center for Information Security, National Institute of Advanced Industrial Science and Technology 
  2. 2.Information Security Research Center, National Institute of Information and Communications Technology 
  3. 3.Department of Computer Science, University of Tokyo 

Personalised recommendations