Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
153 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

DT-SIM: Property-Based Testing for MPC Security (2403.04991v2)

Published 8 Mar 2024 in cs.CR

Abstract: Formal methods for guaranteeing that a protocol satisfies a cryptographic security definition have advanced substantially, but such methods are still labor intensive and the need remains for an automated tool that can positively identify an insecure protocol. In this work, we demonstrate that property-based testing, "run it a bunch of times and see if it breaks", is effective for detecting security bugs in secure protocols. We specifically target Secure Multi-Party Computation (MPC), because formal methods targeting this security definition for bit-model implementations are particularly difficult. Using results from the literature for Probabilistic Programming Languages and statistical inference, we devise a test that can detect various flaws in a bit-level implementation of an MPC protocol. The test is grey-box; it requires only transcripts of randomness consumed by the protocol and of the inputs, outputs, and messages. It successfully detects several different mistakes and biases introduced into two different implementations of the classic GMW protocol. Applied to hundreds of randomly generated protocols, it identifies nearly all of them as insecure. We also include an analysis of the parameters of the test, and discussion of what makes detection of MPC (in)security difficult.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (25)
  1. Enforcing ideal-world leakage bounds in real-world secret sharing mpc frameworks. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pages 132–146. IEEE, 2018.
  2. A probabilistic separation logic. Proceedings of the ACM on Programming Languages, 4(POPL):1–30, 2019.
  3. Donald Beaver. Efficient multiparty protocols using circuit randomization. In Advances in Cryptology—CRYPTO’91: Proceedings 11, pages 420–432. Springer, 1992.
  4. Fast conditional independence test for vector variables with large sample sizes. arXiv preprint arXiv:1804.02747, 2018.
  5. Quickcheck: a lightweight tool for random testing of haskell programs. In Proceedings of the fifth ACM SIGPLAN international conference on Functional programming, pages 268–279, 2000.
  6. A language for probabilistically oblivious computation. Proceedings of the ACM on Programming Languages, 4(POPL):1–31, 2019.
  7. Detecting violations of differential privacy. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 475–489, 2018.
  8. A pragmatic introduction to secure multi-party computation. Foundations and Trends® in Privacy and Security, 2(2-3):70–246, 2018.
  9. Property-based testing: a new approach to testing for assurance. ACM SIGSOFT Software Engineering Notes, 22(4):74–80, 1997.
  10. Information-flow types for homomorphic encryptions. In Proceedings of the 18th ACM conference on Computer and communications security, pages 351–360, 2011.
  11. Owl: Compositional verification of security protocols via an information-flow type system. In 2023 IEEE Symposium on Security and Privacy (SP), pages 1130–1147. IEEE Computer Society, 2023.
  12. A core calculus for equational proofs of cryptographic protocols. Proceedings of the ACM on Programming Languages, 7(POPL):866–892, 2023.
  13. Oded Goldreich. Foundations of cryptography: volume 2, basic applications. Cambridge university press, 2009.
  14. How to play any mental game, or a completeness theorem for protocols with honest majority. In Oded Goldreich, editor, Providing Sound Foundations for Cryptography: On the Work of Shafi Goldwasser and Silvio Micali, pages 307–328. Association for Computing Machinery, New York, NY, USA, 2019.
  15. Conditional independence by typing. ACM Transactions on Programming Languages and Systems (TOPLAS), 44(1):1–54, 2021.
  16. Computer-aided proofs for multiparty computation with active security. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pages 119–131. IEEE, 2018.
  17. Scaling exact inference for discrete probabilistic programs. Proceedings of the ACM on Programming Languages, 4(OOPSLA):1–31, 2020.
  18. Joe Kilian. Founding crytpography on oblivious transfer. In Proceedings of the twentieth annual ACM symposium on Theory of computing, pages 20–31, 1988.
  19. Lilac: a modal separation logic for conditional probability. Proceedings of the ACM on Programming Languages, 7(PLDI):148–171, 2023.
  20. Foundational property-based testing. In Interactive Theorem Proving: 6th International Conference, ITP 2015, Nanjing, China, August 24-27, 2015, Proceedings 6, pages 325–343. Springer, 2015.
  21. Sum-product networks: A new deep architecture. In 2011 IEEE International Conference on Computer Vision Workshops (ICCV Workshops), pages 689–690. IEEE, 2011.
  22. Wysteria: A programming language for generic, mixed-mode multiparty computations. In 2014 IEEE Symposium on Security and Privacy, pages 655–670. IEEE, 2014.
  23. Sppl: probabilistic programming with fast exact symbolic inference. In Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, pages 804–819, 2021.
  24. Andrew Chi-Chih Yao. How to generate and exchange secrets. In 27th annual symposium on foundations of computer science (Sfcs 1986), pages 162–167. IEEE, 1986.
  25. Testing differential privacy with dual interpreters. Proceedings of the ACM on Programming Languages, 4(OOPSLA):1–26, 2020.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now