EasyUC: Using easycrypt to mechanize proofs of universally composable security

Ran Canetti, Alley Stoughton, Mayank Varia

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: ∗ Specifying a protocol and the desired ideal functionality; ∗ Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; ∗ Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.

Original languageEnglish
Title of host publicationProceedings - 2019 IEEE 32nd Computer Security Foundations Symposium, CSF 2019
PublisherIEEE Computer Society
Number of pages17
ISBN (Electronic)9781728114064
StatePublished - Jun 2019
Externally publishedYes
Event32nd IEEE Computer Security Foundations Symposium, CSF 2019 - Hoboken, United States
Duration: 25 Jun 201928 Jun 2019

Publication series

NameProceedings - IEEE Computer Security Foundations Symposium
ISSN (Print)1940-1434


Conference32nd IEEE Computer Security Foundations Symposium, CSF 2019
Country/TerritoryUnited States


FundersFunder number
National Science Foundation1801564, 1414119
Tel Aviv University


    • Computer aided cryptography
    • EasyCrypt
    • Formal verification
    • Universal composability


    Dive into the research topics of 'EasyUC: Using easycrypt to mechanize proofs of universally composable security'. Together they form a unique fingerprint.

    Cite this