Automated Reasoning for Cryptographic Protocols with Computationally Complete Symbolic Attacker

CRYPTOVAMPIRE is the first fully automated verification tool for the Computationally Complete Symbolic Attacker (CCSA) model, enabling efficient symbolic analysis of cryptographic protocols with strong computational guarantees.

The paper introduces CRYPTOVAMPIRE, a novel automated verification tool for cryptographic protocols based on the Computationally Complete Symbolic Attacker (CCSA) model. The key contributions are: A first-order formalization of the CCSA model that enables effective subterm reasoning within saturation-based first-order theorem proving. This overcomes the challenges of the higher-order BC Logic used in previous work. A soundness result showing that if a protocol is proven secure in CRYPTOVAMPIRE's first-order encoding, then it is also secure in the original BC Logic. Dedicated reasoning procedures and heuristics within CRYPTOVAMPIRE that leverage the state-of-the-art VAMPIRE first-order automated theorem prover, leading to significant performance improvements. An experimental evaluation demonstrating CRYPTOVAMPIRE's effectiveness as a standalone verifier as well as its usefulness in automating parts of the interactive SQUIRREL proof assistant. Overall, CRYPTOVAMPIRE provides the first fully automated verification approach for the CCSA model, bridging the gap between the ease of symbolic analysis and the strong cryptographic guarantees of the computational model.

Probρ(Lη(φ) ≠ 1) = negl(η) C ⊨|t| iff for all trace T we have CM ⊨bc [t]T

"Cryptographic protocols are the software interfaces used by the components of our digital world to communicate securely with one another. Unfortunately, designing such protocols is notoriously difficult and error-prone." "Formal methods have proved to be a very successful tool to guarantee properties of protocols and recently accompanied the design of protocol standards like TLS 1.3 [4], WireGuard [5], or 5G-AKA [6]."