Logical Relations for Formally Verified Authenticated Data Structures

TL;DR

This paper presents a formal verification framework for authenticated data structures using a new relational separation logic, ensuring security, correctness, and enabling sound optimizations through mechanized proofs in Coq.

Contribution

It introduces a novel relational separation logic for cryptographic hash functions, and provides a mechanized proof of correctness for automatically generated authenticated data structures.

Findings

Formal proof of security and correctness for the library

Validation of optimizations through semantic models

Sound linking of generated and handwritten implementations

Abstract

Authenticated data structures allow untrusted third parties to carry out operations which produce proofs that can be used to verify an operation's output. Such data structures are challenging to develop and implement correctly. This paper gives a formal proof of security and correctness for a library that generates authenticated versions of data structures automatically. The proof is based on a new relational separation logic for reasoning about programs that use collision-resistant cryptographic hash functions. This logic provides a basis for constructing two semantic models of a type system, which are used to justify how the library makes use of type abstraction to enforce security and correctness. Using these models, we also prove the correctness of several optimizations to the library and then show how optimized, hand-written implementations of authenticated data structures can be soundly linked with automatically generated code. All of the results in this paper have been mechanized in the Coq proof assistant using the Iris framework.