Team cascade

Members
Overall Objectives
Scientific Foundations
Application Domains
Software
Contracts and Grants with Industry
Other Grants and Activities
Dissemination
Bibliography

Section: Software

CryptoVerif

Participant : Bruno Blanchet.

CryptoVerif (http://www.cryptoverif.ens.fr/ ) is an automatic protocol prover sound in the computational model. In this model, messages are bitstrings and the adversary is a polynomial-time probabilistic Turing machine. CryptoVerif can prove:

CryptoVerif provides a generic mechanism for specifying the security assumptions on cryptographic primitives, which can handle in particular symmetric encryption, message authentication codes, public-key encryption, signatures, hash functions, Diffie-Hellman key agreement.

The generated proofs are proofs by sequences of games, as used by cryptographers. These proofs are valid for a number of sessions polynomial in the security parameter, in the presence of an active adversary. CryptoVerif can also evaluate the probability of success of an attack against the protocol as a function of the probability of breaking each cryptographic primitive and of the number of sessions (exact security).

CryptoVerif is still at a rather early stage of development, but it has already been used for a study of Kerberos in the computational model. It is also used as a back-end for verifying implementations of protocols in F# at Microsoft Research Cambridge and at the joint INRIA-Microsoft research center.

CryptoVerif is freely available on the web, at http://www.cryptoverif.ens.fr/ , under the CeCILL-B license.


previous
next

Logo Inria