Crypto 2024
Formally Verifying Kyber:
Episode V: Machine-checked IND-CCA security and correctness of ML-KEM in EasyCrypt
README
Header
This is the artifact for the following IACR CRYPTO 2024 publication.
Title:
Formally Verifying Kyber Episode V: Machine-checked IND-CCA security
and correctness of ML-KEM in EasyCrypt
Authors:
- José Bacelar Almeida (University of Minho and INESC TEC) jba@di.uminho.pt
- Santiago Arranz Olmos (MPI-SP) santiago.arranz-olmos@mpi-sp.org
- Manuel Barbosa (University of Porto (FCUP) & INESC TEC & MPI-SP) mbb@fc.up.pt
- Gilles Barthe (MPI-SP & IMDEA Software Institute) gilles.barthe@mpi-sp.org
- Francois Dupressoir (University of Bristol) f.dupressoir@bristol.ac.uk
- Benjamin Gregoire (Université Côte d’Azur, Inria, France) benjamin.gregoire@inria.fr
- Vincent Laporte (Université de Lorraine, CNRS, Inria, LORIA, F-54000 Nancy, France) vincent.laporte@inria.fr
- Jean-Christophe Léchenet (Université Côte d’Azur, Inria, France) jean-christophe.lechenet@inria.fr
- Cameron Low (U. Bristol) cameron.low.2018@bristol.ac.uk
- Tiago Oliveira (SandboxAQ) tiago.oliveira@sandboxquantum.com
- Hugo Pacheco (University of Porto (FCUP) and INESC TEC) hpacheco@fc.up.pt
- Miguel Quaresma (MPI-SP) miguel.quaresma@mpi-sp.org
- Peter Schwabe (MPI-SP & Radboud University) peter@cryptojedi.org
- Pierre-Yves Strub (PQShield SAS) pierre-yves.strub@pqshield.com
Abstract:
We present a formally verified proof of the correctness and IND-CCA
security of ML-KEM, the Kyber-based Key Encapsulation Mechanism (KEM)
undergoing standardization by NIST. The proof is machine-checked in
EasyCrypt and it includes:
1) A formalization of the correctness (decryption failure probability)
and IND-CPA security of the Kyber base public-key encryption scheme,
following Bos et al. at Euro S&P 2018;
2) A formalization of the relevant variant of the Fujisaki- Okamoto
transform in the Random Oracle Model (ROM), which follows closely
(but not exactly) Hofheinz, Hövelmanns and Kiltz at TCC 2017;
3) A proof that the IND-CCA security of the ML-KEM specification and
its correctness as a KEM follows from the previous results;
4) Two formally verified implementations of ML-KEM written in Jasmin
that are provably constant-time, functionally equivalent to the ML-KEM
specification and, for this reason, inherit the provable security
guarantees established in the previous points. The top-level theorems
give self-contained concrete bounds for the correctness and security
of ML-KEM down to (a variant of) Module-LWE. We discuss how they are
built modularly by leveraging various EasyCrypt features.
Contents
The artifact is structered as follows:
code/jasmin/mlkem_ref: reference implementation of ML-KEMcode/jasmin/mlkem_ref/extraction: EasyCrypt model of Jasmin reference implementationcode/jasmin/mlkem_ref/test: Testing and benchmarking code for the reference implementationcode/jasmin/mlkem_avx2: avx2 implementation of ML-KEMcode/jasmin/mlkem_avx2/extraction: EasyCrypt model of Jasmin avx2 implementationcode/jasmin/mlkem_avx2/test: Testing and benchmarking code for the avx2 implementationcrypto-specs/mk-kem: EasyCrypt specification of ML-KEMproof/security: Security proof (abstract)proof/correctness: Correctness of reference implementationproof/correctness/avx2: Correctness of avx2 implementationproof/spec: Instantiation of security proof for ML-KEM speceasycrypt: a modified version of the Easycrypt proof assistant (which includes the contributions
from this paper)
Locations of theorems in paper:
Section 4: K-PKE correctness and IND-CPA security
The following theorems state the proved security and correctness properties
for the PKE underlying ML-KEM. They can be instantiated with any parameter set.
- IND-CPA security:
proof/security/MLWE_PKE_Hash.ecline 560 (lemma main_theorem) - Correctness:
proof/security/MLWE_PKE_Hash.ecline 846 (lemma correctness_theorem)
Section 5: Formalizing the FO Transform used in ML-KEM
The following theorems state the proved security and correctness properties
for the Fujisaki-Okamoto transformation used in ML-KEM.
They can be instantiated with any parameter set.
- Theorem 1 (correctness):
proof/security/FO_TT.ecline 684 (lemma correctness) - Theorem 1 (security):
proof/security/FO_TT.ecline 1897 (lemma conclusion) - Theorem 2:
proof/security/FO_TT.ecline 2054 (lemma conclusion_cpa) - Auxilliary lemma relating OW security to IND security mentioned in the proof of Theorem 2:
proof/security/PKE_ROM.ecline 473 (lemma ow_ind) - Theorem 3 (correctness):
proof/security/FO_UU.ecline 146 (lemma correctness) - Theorem 3 (security):
proof/security/FO_UU.ecline 1476 (lemma conclusion_cpa) - Theorem 4 (correctness):
proof/security/MLWE_PKE_Hash.ecline 881 (lemma correctness) - Theorem 4 (security):
proof/security/MLWE_PKE_Hash.ecline 928 (lemma conclusion)
Section 6: Main result: Security of ML-KEM
The following theorems show that the general results above apply to the ML-KEM-768 specification.
- Theorem 5 (correctness):
proof/security/FO_MLKEM.ecline 203 (lemma correctness_fo_k) - Theorem 5 (security):
proof/security/FO_MLKEM.ecline 529 (lemma conclusion_fo_mlkem) - Theorem 6 (correctness):
proof/spec/MLKEMSecurity.ecline 1818 (lemma mlkem_spec_correctness) - Theorem 6 (security):
proof/spec/MLKEMSecurity.ecline 1666 (lemma mlkem_spec_security)
Section 7:
The following theorems show that the ML-KEM-768 specification is functionally equivalent to the two
Jasmin implementations, which means that these implementations inherit the security properties
of the specification.
- Functional correctness of reference implementation:
proof/correctness/MLKEM_KEM.ec(lemmas mlkem_kem_correct_kg, mlkem_kem_correct_enc and mlkem_kem_correct_dec) - Functional correctness of avx2 implementation:
proof/correctness/avx2/MLKEM_KEM_avx2.ec(lemmas mlkem_kem_correct_kg, mlkem_kem_correct_enc and mlkem_kem_correct_dec)
Checking the EasyCrypt's formal proofs
Easycrypt is an automated proof assistant for constructing and
verifying game-based cryptographic proofs.
Installing EasyCrypt
Easycrypt can be installed using one of two ways:
- using the provided Dockerfile, or
- manually; via the OPAM package manager.
We strongly suggest using the Docker image file.
Using Docker
This artifact contains a Dockerfile which sets up a container with
Easycrypt along with the contents of the artifact.For information on
the installation of Docker see https://docs.docker.com/get-docker/.
To setup Easycrypt using Docker, run:
docker build -t episode_v .
You can then run the Docker image with:
docker run -it episode_v
make check
make test
make bench
make example
The previous commands do the following:
* make check extracts from Jasmin to EasyCrypt and checks the proofs.
* make test executes the available tests for both implementations, reference and avx2
* make bench executes the available benchmarks
* make example builds two example executables that show how the these implementations can be integrated in other libraries. The relevant files are in directories ./code/jasmin/mlkem_ref/example/ and ./code/jasmin/mlkem_avx2/example/: in there, you can find an api.h header file; an example.c file; and Makefile. Running make on the directores builds the corresponding jkem.s file (the formally verified assembly code) and an executable named example, which prints an example execution trace to the terminal. The main Makefile just runs make in said directories.
Remarks: please note that running benchmarks inside a container
will impact the running time.
Using Nix & OPAM (manual mode)
For information on the installation of the Nix package manager see
https://nixos.org/download.
Via Nix & OPAM (inside the artifact directory):
# 1. If you do not have opam configured already:
## On Debian and derivatives
apt install opam gcc clang
## On Mac:
brew install opam
## Then, on all platforms:
# 2. Install EasyCrypt
cd easycrypt
make nix-build
install -D result/bin/easycrypt /usr/local/bin/
install -D result/bin/why3 /usr/local/bin/
opam install -y opam-depext
# 3. Install external provers for EasyCrypt
opam init --disable-sandboxing
## Alt-Ergo
opam pin add -n alt-ergo 2.5.3
opam depext -y alt-ergo.2.5.3
opam install -y alt-ergo.2.5.3
## Z3
opam depext -y z3.4.8.17
opam install -y z3.4.8.17
eval $(opam env)
## CVC4
### On Debian and derivatives
apt install cvc4
### On macOS (intel)
brew tap cvc4/cvc4
brew install cvc4/cvc4/cvc4
### On macOS (Silicon), you have to download it directly from
### https://cvc4.github.io/
### at version 1/8
###
### You have to download the x64 version and configure Rosetta 2
### to make it executable on macOS Silicon
# 4. Configure EasyCrypt
# (you have to run it each time you add/change an external prover)
easycrypt why3config
Checking the proofs
Requirements: install Easycrypt
The proof directory contains the correctness and equivalence proofs,
which can be checked by running make checkec from this directory.