CryptoVampire: Automated Reasoning for the Complete Symbolic Attacker Cryptographic Model
share
Cryptographic protocols are extremely hard to design and prove correct, as witnessed by the ever-growing list of attacks even on protocol standards. Using the symbolic model of cryptography, protocols are proven correct against an idealized cryptographic model, which abstracts away from the algebraic properties of cryptographic schemes and thus misses attacks. On the other hand, existing computational models of cryptography only support interactive proofs and/or are limited to stateless protocols. A promising approach is given by the computationally complete symbolic attacker (CCSA) model, formalized in the BC logic, which aims at bridging and getting the best of the two worlds, obtaining cryptographic guarantees by symbolic protocol analysis. While machine-checked security proofs are provided in this domain, such efforts require expert knowledge both in the cryptographic space as well as on the reasoning side. In this paper, we present the CryptoVampire framework, providing the first fully automated setting for deriving proofs of trace properties in the BC logic. CryptoVampire brings a first-order formalization of protocol properties, by proposing tailored handling of subterm relations. In addition, CryptoVampire implements specialized reasoning techniques, saturation algorithms, and heuristics, allowing the direct integration of CryptoVampire within the landscape of automated theorem proving. Our experimental results showcase the effectiveness of CryptoVampire, providing also automation support for existing approaches in the area.
READ FULL TEXT