Composition Theorems for CryptoVerif and Application to TLS 1.3

Author: Bruno Blanchet

Paper Information

Title:Composition Theorems for CryptoVerif and Application to TLS 1.3
Authors:Bruno Blanchet
Proceedings:CSF CSF Proceedings
Editors: Stephen Chong, Stephanie Delaune and Deepak Garg
Keywords:composition, security protocols, formal verification, computational model, TLS

ABSTRACT. We present composition theorems for security protocols, to compose a key exchange protocol and a symmetric-key protocol that uses the exchanged key. Our results rely on the computational model of cryptography and are stated in the framework of the tool CryptoVerif. They support key exchange protocols that guarantee injective or non-injective authentication. They also allow random oracles shared between the composed protocols. To our knowledge, they are the first composition theorems for key exchange stated for a computational protocol verification tool, and also the first to allow such flexibility.

As a case study, we apply our composition theorems to a proof of TLS 1.3 Draft-18. This work fills a gap in a previous paper that informally claims a compositional proof of TLS 1.3, without formally justifying it.

Talk:Jul 09 11:30 (Session 47A: Security protocols I)