Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
BLANCHET Bruno
CryptoVerif
Commits
735bd12b
Commit
735bd12b
authored
Jun 12, 2019
by
BLANCHET Bruno
Browse files
notes on improvement in FindCompos
parent
5f1339c8
Changes
1
Hide whitespace changes
Inline
Sidebyside
TODO
View file @
735bd12b
Improve
FindCompos
to
exploit
collisions
(
with
non

zero
probability
)
in
order
to
prove
injectivity
.
Currently
,
find_compos_bin
works
as
follows
:
if
M
=
X
,
X
is
independent
of
x
,
and
M
determines
x
,
then
we
bound
the
probability
that
M
=
X
.
"M determines x"
is
proved
by
building
M
' obtained from M by replacing all variables
that depend on x with fresh variables. In particular, x is
replaced by x'
.
We
prove
that
M
=
M
' implies x = x'
,
using
only
equations
(
no
collision
statements
).
It
would
be
better
to
work
as
follows
:
if
M
=
X
and
X
is
independent
of
x
,
then
there
exists
a
term
M
',
obtained from M by replacing all variables that depend on x with
fresh variables, such that M'
=
X
and
M
' is independent of x.
Then the probability that M = X is bounded by the probability that
M = M'
.
The
latter
probability
can
be
bounded
using
both
equations
and
collision
statements
.
Note
:
the
form
chosen
for
M
' is good when using equations/collisions
that show injectivity, e.g. (f(y) = f(z)) = (y = z), but in general
other forms of M'
may
perhaps
be
better
?
It
still
seems
difficult
to
consider
other
forms
of
M
'.
The better definition of find_compos_bin would allow CV to infer
the collisions
collision y <R Z; forall X: subG;
return(pow_k(subGtoG(exp_div_k(g_k, y))) = X) <=(2*Pcoll1rand(Z))=> return(false)
if X independentof y.
+ the same with exp_div_k'
instead
of
exp_div_k
+
the
same
with
subGtoG
instead
of
pow_k
(
subGtoG
in
DH_X25519
,
DH_X448
,
DH_single_coord_ladder
.
Set
future
binders
/
true
facts
in
terms
in
Terms
.
build_def_process
Allow
insert
find
[
unique
],
provided
CryptoVerif
manages
to
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment