At the INRIA Sophia-Antipolis (France), a PhD position for three years
is available on a research project devoted to
Code-based techniques for proved provable cryptography
Starting date of this PhD position: as soon as possible.
No matter how carefully crafted cryptographic systems are, experience has shown that effective attacks can remain hidden for years. Thus, cryptographers increasingly advocate provable security, where new systems are published with a rigorous definition of their security goals and a mathematical proof that they meet their goals. While the adoption of provable security significantly enhances confidence in cryptosystems, the increasing complexity and diversity of the and diversity tends to increase, the community has become aware that the point has been reached where it is no longer viable to construct or verify cryptographic proofs by hand. Shoup [Shoup04] Bellare and Rogaway [BeRo04], and [Halevi05] advocate the construction of cryptographic proofs as sequences of probabilistic games as a natural solution for taming the complexity of the task. The basic idea of these works is to use a fully-specified programming language to code those games and to use language-based techniques (observational equivalence, program transformations) for manipulating and reasoning about them.
The objective of the thesis is to provide the necessary infrastructure to formalize game-based proofs, and to use the infrastructure to prove the correctness of cryptographic schemes and information flow type systems for languages with cryptographic primitives. During the first year of the thesis, the objective is to contribute to the formalization of a probabilistic programming language of games, to develop the machinery required for game-based proofs (e.g. reflective tactics that synthesize necessary conditions for guaranteeing observational equivalence) and to formalize a library of security properties expressed in a game-based setting. The objective of the second year is to develop tactics for the game transformations described in [BeRo04] (thus dealing with program optimizations, as well transformations specific to game-based proofs). In order to validate the applicability of the setting, the student shall simultaneously perform small-size case studies. At the end of the second year, a formalization of security proofs of selected cryptographic schemes should be complete. The objective of the third year is to extend these results to the verification of cryptographic protocols.
We also expect the student to be marginally involved in machine checking proofs of computational soundness of information flow type systems for languages with cryptographic primitives, since many of the libraries that will be developed by the student will also be useful for this purpose.
At the end of the thesis, the student will have a double expertise in cryptography and machine-checked proofs using the Coq proof assistant, and have published in conferences in cryptography, programming languages, and verification.
Candidates should preferrely have experience in using Coq or similar proof assistants. Background knowledge in cryptography is greatly appreciated but not required.
[Shoup04] V. Shoup. Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332. November 2004. [http://eprint.iacr.org/2004/332.pdf]
[BeRo04] M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. /Advances in Cryptology/ Eurocrypt 2006, LNCS 4004, Springer, pp. 409-426, 2006. [http://eprint.iacr.org/2004/331.pdf]
[Halevi05] S. Halevi. A plausible approach to computer-aided cryptographic proofs. Cryptology ePrint Archive, Report 2005/181. June 2005. [http://eprint.iacr.org/2005/181.pdf]
Information and application
For further information about these positions please contact either:
Gilles Barthe Gilles.Barthe@sophia.inria.fr
Benjamin Grégoire Benjamin.Gregoire@sophia.inria.fr