New Software and Platforms
Bilateral Contracts and Grants with Industry
Partnerships and Cooperations
Bibliography
 PDF e-Pub

## Section: New Results

### Formal study of cryptography

Participants : Gilles Barthe [IMDEA] , Sonia Belaid [THALES and ENS] , François Dupressoir [IMDEA] , Pierre-Alain Fouque [Université de Rennes 1 and Institut universitaire de France] , Cédric Fournet [Microsoft Research] , Benjamin Grégoire [correspondant] , Benedikt Schmidt [IMDEA] , Pierre-Yves Strub [IMDEA] , Nikhil Swamy [Microsoft Research] , Mehdi Tibouchi [NTT Secure Platform Laboratories] , Santiago Zanella-Béguelin [Microsoft Research] , Jean-Christophe Zapalowicz [Inria] .

The goal of this work is to provide a friendly tool easily usable by cryptographers without knowledge of formal proof assistants. The idea is to use the techniques formally proved in Certycrypt and to call SMT-provers. We provide two differents tools EasyCrypt and ZooCrypt .

This year, we worked on the following topics:

• Relational program logics, as used in EasyCrypt, have been used for mechanizing formal proofs of various cryptographic constructions. In [15] , we present rF${}^{*}$, a relational extension of F${}^{*}$, a general-purpose higher-order stateful programming language with a verification system based on refinement types. The distinguishing feature of rF${}^{*}$ is a relational Hoare logic for a higher-order, stateful, probabilistic language.

• Fault Attacks are attacks in which an adversary with physical access to a cryptographic device, say a smartcard, tampers with the execution of an algorithm to retrieve secret material. In [13] we propose a new approach for finding fault attacks based on fault conditions. Using the method, we discover multiple fault attacks on RSA and ECDSA. Several of the attacks found by our tool are new. In [14] , we propose a new counter measure to make RSA-PSS provably secure against non-random faults. We also prove the result using EasyCrypt.

• Many algorithms, particularly in cryptography, admit very efficient batch versions that compute simultaneously the output of the algoritms on a set of inputs. AutoBatch is a tool that computes highly optimized batch verification algorithms for pairing based signature schemes. In [12] , we use EasyCrypt to formalise the methods used by AutoBatch and to automatically certify the result of the transformation performed by AutoBatch.

• We study the problem of automatically verifying higher-order masking countermeasures which is used to protect implementations where the attacker can observe intermediate computations (like in a smartcard). We propose an efficient method to check the correctness and the security of masked implementation. This work has been submitted to EuroCrypt 2015. We start the ANR BRUTUS on this subject.