Secure Synthesis of Distributed Cryptographic Applications (Technical Report)

TL;DR

This paper presents a formal security proof for a compiler that automatically transforms centralized programs into secure distributed cryptographic applications, addressing multiple cryptographic mechanisms and malicious threats.

Contribution

It develops a comprehensive security proof for a secure synthesis compiler that handles complex cryptographic features, malicious adversaries, and asynchronous communication.

Findings

Proof handles multiple cryptographic mechanisms and malicious corruption

Guarantees robust hyperproperty preservation in compiled programs

Provides a pathway to modular security using Universal Composability

Abstract

Developing secure distributed systems is difficult, and even harder when advanced cryptography must be used to achieve security goals. Following prior work, we advocate using secure program partitioning to synthesize cryptographic applications: instead of implementing a system of communicating processes, the programmer implements a centralized, sequential program, which is automatically compiled into a secure distributed version that uses cryptography. While this approach is promising, formal results for the security of such compilers are limited in scope. In particular, no security proof yet simultaneously addresses subtleties essential for robust, efficient applications: multiple cryptographic mechanisms, malicious corruption, and asynchronous communication. In this work, we develop a compiler security proof that handles these subtleties. Our proof relies on a novel unification of simulation-based security, information-flow control, choreographic programming, and sequentialization techniques for concurrent programs. While our proof targets hybrid protocols, which abstract cryptographic mechanisms as idealized functionalities, our approach offers a clear path toward leveraging Universal Composability to obtain end-to-end, modular security results with fully instantiated cryptographic mechanisms. Finally, following prior observations about simulation-based security, we prove that our result guarantees robust hyperproperty preservation, an important criterion for compiler correctness that preserves all source-level security properties in target programs.