## Section: New Results

### Formal study of cryptography

#### Certicrypt

Participants : Gilles Barthe, Yassine Lakhnech [University of Grenoble] , Benjamin GrĂ©goire, Sylvain Heraud, Santiago Zanella.

CertiCrypt is a general framework to certify the security of cryptographic primitives in the Coq proof assistant.

We have extended Certicrypt with new techniques allowing to complete the formal proof IND-CCA security of the OAEP padding schemes. The first technique is a logic for bounding the probability of an event in a game. The second technique clarifies the eager/lazy sampling methodology using a logic for swapping program statements. This work was published in [8] .

We completed a machine-checked proof of the security of OAEP (a widely used public-key encryption scheme based on trapdoor permutations) security against adaptive chosen ciphertext attacks under the assumption that the underlying permutation is partial-domain one-way.

We studied Zero-knowledge proofs, which are widely applicable in cryptography, concentrating on -protocols, for which we provide the first compehensive formalization in [9] .

We started work on formalizing a recent proof by Icart and Coron concerning the study of hash function using elliptic curves. This work re-uses our work on Certycript and our previous work on elliptic curves.

##### Easycrypt

Participants : Gilles Barthe [IMDEA] , Benjamin GrĂ©goire, Sylvain Heraud, Anne Pacalet, Santiago Zanella.

Based on our experience with Certicrypt, we have started the development of the tool Easycrypt. The goal of this work is to provide a friendly tool easily usable by cryptographers without knowledge of formal proof assistants. The idea is to use the techniques formally proved in Certycrypt and to call SMT-provers instead of using Coq. We have applied Easycrypt on a variety of academic examples and one bigger example: the proof of IND-CCA security of the Cramer-Shoup cryptosystem.

The drawback of this tool is that it provide less guarantees on the correctness of the proof than Certicrypt. To fill this gap we have started the generation of Coq file allowing to check the validity of Easycrypt proofs.