Title : 
Certified Synthesis of Efficient Batch Verifiers
         
        
            Author : 
Akinyele, Joseph A. ; Barthe, Gilles ; Gregoire, Benjamin ; Schmidt, Benedikt ; Strub, Pierre-Yves
         
        
            Author_Institution : 
Johns Hopkins Univ. & Zeutro LLC, Baltimore, MD, USA
         
        
        
        
        
        
            Abstract : 
Many algorithms admit very efficient batch versions that compute simultaneously the output of the algorithms on a set of inputs. Batch algorithms are widely used in cryptography, especially in the setting of pairing-based computations, where they deliver significant speed-ups. AutoBatch is an automated tool that computes highly optimized batch verification algorithms for pairing-based signature schemes. Thanks to finely tuned heuristics, AutoBatch is able to rediscover efficient batch verifiers for several signature schemes of interest, and in some cases to output batch verifiers that outperform the best known verifiers from the literature. However, AutoBatch only provides weak guarantees (in the form of a LaTeX proof) of the correctness of the batch algorithms it outputs. In this paper, we verify the correctness and security of these algorithms using the EasyCrypt framework. To achieve this goal, we define a domain-specific language to describe verification algorithms based on pairings and provide an efficient algorithm for checking (approximate) observational equivalence between expressions of this language. By translating the output of AutoBatch to this language and applying our verification procedure, we obtain machine-checked correctness proofs of the batch verifiers. Moreover, we formalize notions of security for batch verifiers and we provide a generic proof in EasyCrypt that batch verifiers satisfy a security property called screening, provided they are correct and the original signature is unforgeable against chosen-message attacks. We apply our techniques to several well-known pairing-based signature schemes from the literature, and to Groth-Sahai zero-knowledge proofs.
         
        
            Keywords : 
cryptography; digital signatures; formal verification; specification languages; theorem proving; AutoBatch; EasyCrypt framework; Groth-Sahai zero-knowledge proofs; LaTeX correctness proof; automated tool; batch versions; certified synthesis; correctness verification; cryptography; domain-specific language; generic proof; machine-checked correctness proofs; message attacks; observational equivalence checking; optimized batch verification algorithms; pairing-based computations; pairing-based signature schemes; screening; security property; Approximation algorithms; Equations; Optimization; Probabilistic logic; Public key; certified proofs; cryptographic design; cryptography; signature schemes;
         
        
        
        
            Conference_Titel : 
Computer Security Foundations Symposium (CSF), 2014 IEEE 27th
         
        
            Conference_Location : 
Vienna
         
        
        
            DOI : 
10.1109/CSF.2014.19