Formalized Information-Theoretic Proofs of Privacy Using the HOL4 Theorem-Prover

  • Aaron R. Coble
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5134)


Below we present an information-theoretic method for proving the amount of information leaked by programs formalized using the HOL4 theorem-prover. The advantages of this approach are that the analysis is quantitative, and therefore capable of expressing partial leakage, and that proofs are performed using the HOL4 theorem-prover, and are therefore guaranteed to be logically and mathematically consistent with the formalization. The applicability of this methodology to proving privacy properties of Privacy Enhancing Technologies is demonstrated by proving the anonymity of the Dining Cryptographers protocol. To the best of the author’s knowledge, this is the first machine-verified proof of privacy of the Dining Cryptographers protocol for an unbounded number of participants and a quantitative metric for privacy.


Conditional Entropy Information Leakage Program Space High Order Logic Basic Arithmetic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bhargava, M., Palamidessi, C.: Probabilistic Anonymity, vol. 3653 (2005)Google Scholar
  2. 2.
    Blanchet, B.: A computationally sound mechanized prover for security protocols. In: IEEE Symposium on Security and Privacy, pp. 140–154 (May 2006)Google Scholar
  3. 3.
    Chatzikokolakis, K.: Probabilistic and Information-Theoretic Approaches to Anonymity. PhD thesis, Laboratoire d’Informatique (LIX), École Polytechnique, Paris (October 2007)Google Scholar
  4. 4.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. Journal of Cryptology 1(1), 65–75 (1988)zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative analysis of the leakage of confidential data. Electr. Notes Theor. Comput. Sci. 59(3) (2001)Google Scholar
  6. 6.
    Clark, D., Hunt, S., Malacaria, P.: Quantitative information flow, relations and polymorphic types. J. Log. Comput. 15(2), 181–199 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Danezis, G., Dingledine, R., Mathewson, N.: Mixminion: design of a type III anonymous remailer protocol. pp. 2–15 (2003)Google Scholar
  8. 8.
    Deng, Y., Palamidessi, C., Pang, J.: Weak probabilistic anonymity. In: Proceedings of SECCO 2005. Electronic Notes in Theoretical Computer Science (2005)Google Scholar
  9. 9.
    Denning, D.E.: A lattice model of secure information flow. Commun. ACM 19(5), 236–243 (1976)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)zbMATHGoogle Scholar
  11. 11.
    Dewdney, A.K.: Computer recreations: Of worms, viruses, and core war. Scientific American, 110 (March 1989)Google Scholar
  12. 12.
    Díaz, C., Seys, S., Claessens, J., Preneel, B.: Towards Measuring Anonymity, vol. 2482 (2003)Google Scholar
  13. 13.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)Google Scholar
  14. 14.
    Doob, J.L.: Measure Theory. Graduate Texts in Mathematics, vol. 143. Springer, Heidelberg (1991)Google Scholar
  15. 15.
    Goel, S., Robson, M., Polte, M., Sirer, E.G.: Herbivore: A Scalable and Efficient Protocol for Anonymous Communication. Technical Report 2003-1890, Cornell University, Ithaca, NY (February 2003)Google Scholar
  16. 16.
    Gordon, M.J.C.: From lcf to hol: a short history. In: Plotkin, G., Stirling, C.P., Tofte, M. (eds.) Proof, Language, and Interaction. MIT Press, Cambridge (2000)Google Scholar
  17. 17.
    Hasan, O., Tahar, S.: Verification of expectation properties for discrete random variables in hol. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 119–134. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Hurd, J.: Formal Verification of Probabilistic Algorithms. PhD thesis, University of Cambridge (2002)Google Scholar
  19. 19.
    Levine, B.N., Shields, C.: Hordes — A Multicast Based Protocol for Anonymity. Journal of Computer Security 10(3), 213–240 (2002)Google Scholar
  20. 20.
    Lowe, G.: Breaking and fixing the needham-schroder public-key protocol using fdr. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)Google Scholar
  21. 21.
    Malacaria, P.: Assessing security threats of looping constructs. In: POPL, pp. 225–235 (2007)Google Scholar
  22. 22.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)Google Scholar
  23. 23.
    Reiter, M.K., Rubin, A.D.: Crowds: Anonymity for web transactions. Technical Report 97-15, DIMACS (1997)Google Scholar
  24. 24.
    Rennhard, M., Plattner, B.: Introducing MorphMix: Peer-to-Peer based Anonymous Internet Usage with Collusion Detection. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA (November 2002)Google Scholar
  25. 25.
    Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 198–218. Springer, Heidelberg (1996)Google Scholar
  26. 26.
    Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Shannon, C.E.: A mathematical theory of communication. Bell System Technincal Journal (27), 379–423, 623–656 (1948)MathSciNetGoogle Scholar
  28. 28.
    Shmatikov, V.: Probabilistic model checking of an anonymity system. Schneider S.(ed.) Journal of Computer Security 12(3/4), 355–377 (2004)Google Scholar
  29. 29.
    Williams, D.: Probability with Martingales. Cambridge Mathematical Textbooks. Cambridge University Press, Cambridge (1991)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Aaron R. Coble
    • 1
  1. 1.University of Cambridge Computer LaboratoryCambridgeUK

Personalised recommendations