{"id":15716971,"url":"https://github.com/cjpatton/better_proofs","last_synced_at":"2025-05-01T12:50:29.877Z","repository":{"id":221753192,"uuid":"755228995","full_name":"cjpatton/better_proofs","owner":"cjpatton","description":"Security proofs written to be machine checkable.","archived":false,"fork":false,"pushed_at":"2024-07-24T23:44:22.000Z","size":285,"stargazers_count":4,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-05-01T12:49:36.838Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TeX","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cjpatton.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-09T17:37:24.000Z","updated_at":"2025-02-15T02:08:06.000Z","dependencies_parsed_at":"2024-04-19T23:26:02.591Z","dependency_job_id":"bffe9f80-188a-4411-8128-05679e867c4f","html_url":"https://github.com/cjpatton/better_proofs","commit_stats":null,"previous_names":["cjpatton/better_proofs"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fbetter_proofs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fbetter_proofs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fbetter_proofs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cjpatton%2Fbetter_proofs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cjpatton","download_url":"https://codeload.github.com/cjpatton/better_proofs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251879117,"owners_count":21658690,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-03T21:48:20.669Z","updated_at":"2025-05-01T12:50:29.573Z","avatar_url":"https://github.com/cjpatton.png","language":"TeX","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Better proofs\n\nGame-playing proofs [[BR06]] written in Rust. A \"game\" is a security definition\nfor a cryptographic protocol (or primitive) that is used to define an\nadversary's advantage in breaking the protocol.\n\n## Why\n\nGames are usually specified in \"pseudocode\". There is no standard syntax for\nthis pseudocode (each proof author has their own style), and its semantics is\nusually only implicitly defined. By replacing this pseudocode with a proper\nprogramming language, we can make it easier to interpret these definitions\nand verify proofs for them with the help of a computer.\n\nThere are already a number of tools for establishing game-playing proofs, such\nas [CryptoVerif](https://bblanche.gitlabpages.inria.fr/CryptoVerif/) or\n[SSProve](https://eprint.iacr.org/2021/397)). With these tools, one normally\ncarries out the proof work in a language specific to the tool, which requires a\nhigh degree of expertise.\n\n[hax](https://cryspen.com/hax/) is a tool for translating Rust into languages\nwith formal semantics such that the code can be analyzed for functional\ncorrectness and various (symbolic) security properties. In this way, hax can\nact as a bridge between experts in formal methods and those designing and\nimplementing protocols.\n\nWe envision the following separation of concerns. The definition, protocol, and\nproof are all implemented in Rust. The proof consists of a sequence of games,\neach derived from the previous game by rewriting it or changing its\nfunctionality. For each such \"transition\", we need to (1) argue that the games\nare equivalent, (2) argue that the games are equivalent until something rare\nhappens (\"identical until bad\"), or (3) construct a reduction of a\ndistinguisher to an algorithm that breaks one of our assumptions. The hope is\nthat the task of formally verifying each of these transitions can be formulated\nas checking equivalence of two Rust programs (i.e., neighboring games), thereby\nreducing the amount of work we need the formal methods tools to do.\n\nThere are a few reasons why doing most of the proof work in Rust, rather than\nin the language native to the tool, may not work:\n\n1. The formal methods expert may need domain expertise in order to verify game\n   hops. Put another way, it may be more efficient for the domain expert to\n   just learn the damn tools!\n\n2. The concrete cost (in terms of CPU time and memory) of finding a proof might\n   be higher than if the games were expressed in native code.\n\n3. It may be harder to find a proof for translated code compared to native\n   code.\n\nThis repo can be thought of an experiment to assess these costs.\n\n[BR06]: https://eprint.iacr.org/2004/331\n[draft-irtf-cfrg-vdaf]: https://datatracker.ietf.org/doc/draft-irtf-cfrg-vdaf\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcjpatton%2Fbetter_proofs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcjpatton%2Fbetter_proofs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcjpatton%2Fbetter_proofs/lists"}