Difference between revisions of "The Joint EasyCrypt-F*-CryptoVerif School 2014"

From prosecco
(Invited speakers)
 
(181 intermediate revisions by 2 users not shown)
Line 2: Line 2:
 
   |__TOC__
 
   |__TOC__
 
   |}
 
   |}
 
= Dates: 24-28 November =
 
 
= Place: Paris =
 
Because the interest was so big, the school location has '''changed'''; we now have two locations:
 
* Monday, Tuesday, and Friday are at: Maison Internationale, Salon David Weill, Cité internationale universitaire de Paris (Cite Universitaire), [https://www.google.fr/maps/place/17+Boulevard+Jourdan,+75014+Paris 17 Boulevard Jourdan, 75014 Paris]
 
* Wednesday and Thursday we are at: UPMC - Campus des Cordeliers, Amphitheatre Roussy, [https://www.google.fr/maps/place/15+Rue+de+l'École+de+Médecine,+75005+Paris 15 Rue de l'École de Médecine, 75006 Paris]
 
  
 
= Abstract =
 
= Abstract =
The school is aimed at teaching participants how to use three state-of-the-art security verification tools: [https://www.easycrypt.info EasyCrypt], [https://research.microsoft.com/en-us/projects/fstar/ F*], and [http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif], as well as give participants a glimpse of the formal foundations behind these tools.
+
The school takes place 24-28  November in Paris and
 +
is aimed at teaching participants how to use three state-of-the-art security verification tools: [https://www.easycrypt.info EasyCrypt], [https://www.fstar-lang.org F*], and [http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif], as well as give participants a glimpse of the formal foundations behind these tools.  
  
 
'''[https://www.easycrypt.info EasyCrypt]''' is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt was used to prove the security of complex cryptographic constructions, including the Cramer-Shoup encryption scheme, the Merkle-Damgaard iterative hash function design, and the ZAEP encryption scheme. More recently, it has been used for proving the security of protocols based on garbled circuits, and for the proof of security for authenticated key-exchange protocols and derived proofs under weaker assumptions.
 
'''[https://www.easycrypt.info EasyCrypt]''' is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt was used to prove the security of complex cryptographic constructions, including the Cramer-Shoup encryption scheme, the Merkle-Damgaard iterative hash function design, and the ZAEP encryption scheme. More recently, it has been used for proving the security of protocols based on garbled circuits, and for the proof of security for authenticated key-exchange protocols and derived proofs under weaker assumptions.
  
'''[https://research.microsoft.com/en-us/projects/fstar/ F*]''' is a new ML-like functional programming language designed with program verification in mind. It has a powerful refinement type-checker that discharges verification conditions using the Z3 SMT solver. F* has been successfully used to verify nearly 50,000 lines of code, ranging from cryptographic protocol implementations to web browser extensions, and from cloud-hosted web applications to key parts of the F* compiler itself. The [https://github.com/FStarLang/FStar newest version on F*] erases to both F# and OCaml, on which it is based. It also compiles securely to JavaScript, enabling safe interoperability with arbitrary, untrusted JavaScript libraries.
+
'''[https://www.fstar-lang.org F*]''' is a new ML-like functional programming language designed with program verification in mind. It has a powerful refinement type-checker that discharges verification conditions using the Z3 SMT solver. F* has been successfully used to verify nearly 50,000 lines of code, ranging from cryptographic protocol implementations to web browser extensions, and from cloud-hosted web applications to key parts of the F* compiler itself. The [https://www.fstar-lang.org newest version on F*] erases to both F# and OCaml, on which it is based. It also compiles securely to JavaScript, enabling safe interoperability with arbitrary, untrusted JavaScript libraries.
  
 
'''[http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif]''' is an automatic protocol prover sound in the computational model. It can prove
 
'''[http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif]''' is an automatic protocol prover sound in the computational model. It can prove
 
secrecy and correspondences (e.g. authentication). The generated proofs are by sequences of games, as used by cryptographers. CryptoVerif was successfully used for security proofs of FDH signatures, Kerberos, OEKE, and the SSH transport layer protocol.
 
secrecy and correspondences (e.g. authentication). The generated proofs are by sequences of games, as used by cryptographers. CryptoVerif was successfully used for security proofs of FDH signatures, Kerberos, OEKE, and the SSH transport layer protocol.
 +
 +
The presented tools have been developed at
 +
 +
[[Image:cnrs.png|60px|CNRS|link=http://www.cnrs.fr/]]       
 +
[[Image:ens.png|60px|ENS|link=http://www.ens.fr/]]       
 +
[[Image:imdea2.png|100px|IMDEA|link=http://software.imdea.org/]]     
 +
[[Image:inria.png|130px|INRIA|link=http://www.inria.fr/]]   
 +
[[Image:msresearch.png|140px|Microsoft Research|link=http://research.microsoft.com/]]     
 +
[[Image:MSR-INRIA_UK_CMYK.png|180px|Microsoft Research Inria Joint Centre|link=http://www.msr-inria.fr/]]
 +
 +
= Report =
 +
 +
A [http://prosecco.gforge.inria.fr/personal/hritcu/publications/school2014-siglog.pdf report on the school] appeared in the
 +
[http://siglog.hosting.acm.org/?attachment_id=77 SIGLOG Newsletter, Volume 2, Number 1] from January 2015.
  
 
= Lecturers and tutorial aides =
 
= Lecturers and tutorial aides =
Line 26: Line 34:
 
* '''[https://www.easycrypt.info EasyCrypt]''': [http://software.imdea.org/people/gilles.barthe/ Gilles Barthe], [http://fdupress.net/ François Dupressoir], [http://www-sop.inria.fr/members/Benjamin.Gregoire/ Benjamin Grégoire], [http://www.software.imdea.org/people/benedikt.schmidt/index.html Benedikt Schmidt], [http://pierre-yves.strub.nu/ Pierre-Yves Strub]
 
* '''[https://www.easycrypt.info EasyCrypt]''': [http://software.imdea.org/people/gilles.barthe/ Gilles Barthe], [http://fdupress.net/ François Dupressoir], [http://www-sop.inria.fr/members/Benjamin.Gregoire/ Benjamin Grégoire], [http://www.software.imdea.org/people/benedikt.schmidt/index.html Benedikt Schmidt], [http://pierre-yves.strub.nu/ Pierre-Yves Strub]
  
* '''[https://research.microsoft.com/en-us/projects/fstar/ F*]''': [http://prosecco.gforge.inria.fr/personal/karthik/ Karthik Bhargavan], [http://antoine.delignat-lavaud.fr/ Antoine Delignat-Lavaud], [https://research.microsoft.com/en-us/um/people/fournet/ Cédric Fournet], [http://prosecco.gforge.inria.fr/personal/hritcu/ Cătălin Hriţcu], [http://prosecco.gforge.inria.fr/personal/ckeller/index-en.html Chantal Keller], [http://alfredo.pironti.eu/research/ Alfredo Pironti], [http://pierre-yves.strub.nu/ Pierre-Yves Strub], [http://research.microsoft.com/en-us/people/nswamy/ Nikhil Swamy]
+
* '''[https://www.fstar-lang.org F*]''': [http://prosecco.gforge.inria.fr/personal/karthik/ Karthik Bhargavan], [http://antoine.delignat-lavaud.fr/ Antoine Delignat-Lavaud], [https://research.microsoft.com/en-us/um/people/fournet/ Cédric Fournet], [http://prosecco.gforge.inria.fr/personal/hritcu/ Cătălin Hriţcu], [http://prosecco.gforge.inria.fr/personal/ckeller/index-en.html Chantal Keller], [http://research.microsoft.com/en-us/people/markulf/ Markulf Kohlweiss], [http://www.cs.umd.edu/~aseem/ Aseem Rastogi], [http://pierre-yves.strub.nu/ Pierre-Yves Strub], [http://research.microsoft.com/en-us/people/nswamy/ Nikhil Swamy]
  
 
* '''[http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif]''':  [http://prosecco.gforge.inria.fr/personal/bblanche/index-eng.html Bruno Blanchet]
 
* '''[http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif]''':  [http://prosecco.gforge.inria.fr/personal/bblanche/index-eng.html Bruno Blanchet]
Line 32: Line 40:
 
= Invited speakers =
 
= Invited speakers =
 
While the school is targeted mostly at explaining the three tools, we're also planning two sessions of invited
 
While the school is targeted mostly at explaining the three tools, we're also planning two sessions of invited
talks, a longer one on Wednesday afternoon and a short one on Friday morning.
+
talks, a longer one Wednesday morning and a short one Friday morning.
* [http://www.lsv.ens-cachan.fr/~comon/ Hubert Comon] (LSV, CNRS & ENS de Cachan) - Computationally Complete Symbolic Attacker
+
* [http://www.lsv.ens-cachan.fr/~comon/ Hubert Comon] (LSV, CNRS & ENS de Cachan) - Unconditional Soundness
* [http://www.loria.fr/~cortier/ Véronique Cortier] (CNRS & LORIA Nancy) - Using F* to Verify E-Voting Protocols
+
* [http://www.loria.fr/~cortier/ Véronique Cortier] (CNRS & LORIA Nancy) - [https://wiki.inria.fr/prosecco/Abstracts_of_Invited_Talks_-_Joint_School_2014#Type-Based_Verification_of_Electronic_Voting_Protocols_.28V.C3.A9ronique_Cortier.2C_CNRS_.26_LORIA_Nancy.29 Type-Based Verification of Electronic Voting Protocols]
* [http://www.sps.cs.uni-saarland.de/maffei/ Matteo Maffei] (Saarland University) - Linear Refinement Type Systems
+
* [http://www.sps.cs.uni-saarland.de/maffei/ Matteo Maffei] (Saarland University) - [https://wiki.inria.fr/prosecco/Invited_Talks_-_Joint_School_2014#Logical_Foundations_of_Secure_Resource_Management_in_Protocol_Implementations_.28Matteo_Maffei.2C_Saarland_University.29 Logical Foundations of Secure Resource Management in Protocol Implementations]
 
* [http://www.cs.ut.ee/~unruh/ Dominique Unruh] (University of Tartu) - Computational Soundness for Refinement Types
 
* [http://www.cs.ut.ee/~unruh/ Dominique Unruh] (University of Tartu) - Computational Soundness for Refinement Types
  
 
= Organization =
 
= Organization =
 
Anna Bednarik,
 
Anna Bednarik,
 +
[http://prosecco.gforge.inria.fr/personal/karthik/ Karthikeyan Bhargavan],
 
[http://prosecco.gforge.inria.fr/personal/hritcu/ Cătălin Hriţcu] ([mailto:catalin.hritcu@gmail.com contact]),
 
[http://prosecco.gforge.inria.fr/personal/hritcu/ Cătălin Hriţcu] ([mailto:catalin.hritcu@gmail.com contact]),
 
[http://pierre-yves.strub.nu/ Pierre-Yves Strub]
 
[http://pierre-yves.strub.nu/ Pierre-Yves Strub]
  
= Schedule =
+
Student volunteers: Evmorfia-Iro Bartzia, Benjamin Beurdouche, Antoine Delignat-Lavaud, and Jean Karim Zinzindohoué
* Monday, 24 November: EasyCrypt
 
* Tuesday, 25 November: EasyCrypt
 
* Wednesday, 26 November: F* lectures and tutorial + Invited speakers: Cortier & Comon & Maffei (afternoon)
 
* Thursday, 27 November: Lectures on F* + CryptoVerif (morning) + F* tutorial (afternoon)
 
* Friday, 28 November: Invited speakers: Unruh (morning) + CryptoVerif lecture + tutorial
 
  
= Hardware and software =
+
= Materials =
Roughly half of the time of the school is devoted to hands-on exercise sessions and tutorials. Participants are expected to bring their own laptop with [https://www.easycrypt.info EasyCrypt], [https://research.microsoft.com/en-us/projects/fstar/ F*], and [http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif] installed. More details e.g. about precise versions and setup will be communicated by email to the participants.
+
* [https://www.easycrypt.info/trac/wiki/SchoolParis14 EasyCrypt]
 +
* [https://wiki.inria.fr/prosecco/F*_Materials_-_Joint_School_2014 F*]
 +
* [https://wiki.inria.fr/prosecco/CryptoVerif_Installation#Teaching_material CryptoVerif]
 +
* [https://wiki.inria.fr/prosecco/Abstracts_of_Invited_Talks_-_Joint_School_2014 Invited talks]
  
 
= Registration =
 
= Registration =
 +
<!--
 
* There are no registration fees for participants.
 
* There are no registration fees for participants.
 
* Registration deadline has passed (1 September, 2014).
 
* Registration deadline has passed (1 September, 2014).
 
* The number of participants is limited.
 
* The number of participants is limited.
 
* Registrants were informed of the outcome of the selection process on 16 September, 2014.
 
* Registrants were informed of the outcome of the selection process on 16 September, 2014.
 +
-->
 +
* '''The school has filled up completely, we have no space for additional participants'''.
 +
 +
= Locations =
 +
We have two locations:
 +
* '''Monday, Tuesday, and Friday are at: [http://www.ciup.fr/maison-internationale/ Maison Internationale], [http://www.ciup.fr/salon-david-weill/ Salon David Weill], [http://www.ciup.fr/ Cité internationale universitaire de Paris (Cite Universitaire)], [https://www.google.fr/maps/place/17+Boulevard+Jourdan,+75014+Paris 17 Boulevard Jourdan, 75014 Paris]'''
 +
** The best ways to reach Cite Universitaire are by [https://en.wikipedia.org/wiki/RER_B RER B] or by [https://en.wikipedia.org/wiki/%C3%8Ele-de-France_tramway_Line_3#T3a Tram T3a]. The RER/tram station is called Cite Universitaire. By metro you will need to change to one of these two or walk a kilometer or two (e.g. [https://en.wikipedia.org/wiki/Paris_M%C3%A9tro_Line_4#mediaviewer/File:Plan_m%C3%A9tro_4_Paris.svg M4] goes to [https://goo.gl/maps/JGMrL Porte d'Orleans]). You can in principle also take the bus to stations Cité Universitaire or Stade Charléty (lines 21, 67, or 216), although that's a bit harder for people without some experience of Paris.
 +
** [https://wiki.inria.fr/wikis/prosecco/images/1/14/Reaching-maison-internationale.pdf Some information and maps for reaching Maison Internationale] (warning: on the 2nd page north is up, but on the 3rd north is down)
 +
** [https://wiki.inria.fr/wikis/prosecco/images/f/fc/Reaching-salon-david-weill.pdf Some information and maps for finding Salon David Weill within Maison Internationale] (warning: on these plans north is down, and ouest means West; there will also be signs guiding you there)
 +
** We will have lunch at the [http://www.ciup.fr/restaurant/le-restaurant-universitaire-2/ Restaurant Universitaire of  Maison Internationale]. The menu (entrée, plat, dessert) is about 6-10€. There are [https://goo.gl/maps/H4mxj few restaurants around and they are quite far] for a 1h30mins break.
 +
* '''Wednesday and Thursday we are at: [http://www.upmc.fr/fr/universite/campus_et_sites/a_paris_et_en_idf/cordeliers.html UPMC - Campus des Cordeliers], [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf Amphitheatre Gustave Roussy], [https://www.google.fr/maps/place/15+Rue+de+l'École+de+Médecine,+75005+Paris 15 Rue de l'École de Médecine, 75006 Paris]'''
 +
** The easiest way to reach [http://www.upmc.fr/fr/universite/campus_et_sites/a_paris_et_en_idf/cordeliers.html UPMC - Campus des Cordeliers] is either by [https://en.wikipedia.org/wiki/RER_B RER B] (station [https://goo.gl/maps/PjYQY Saint-Michel - Notre-Dame]), or by metro (station [http://goo.gl/maps/M5avz Odéon] for lines [https://en.wikipedia.org/wiki/Paris_M%C3%A9tro_Line_4#mediaviewer/File:Plan_m%C3%A9tro_4_Paris.svg M4] and [https://en.wikipedia.org/wiki/Paris_M%C3%A9tro_Line_10#Route_and_stations M10]). You can in principle also take the bus (lines 58, 63, 70, 86, 87, or 96), although that's a bit harder for people without some experience of Paris.
 +
** [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf A plan for finding Amphitheatre Gustave Roussy (the orange dot) within UPMC Cordeliers]; (the entrance to UPMC is marked "accueil"; the amphitheater is on the 2nd floor, staircase B; there will also be signs guiding you there)
 +
** You are on your own for lunch, but [https://goo.gl/maps/4y6Yt there are plenty of good options around] and the break is 2h long.
 +
 +
= Schedule =
  
 +
=== Monday, November 24th 2014 ===
 +
 +
{| class="wikitable"
 +
! Time
 +
! style="min-width: 400px;" | [https://www.google.fr/maps/place/17+Boulevard+Jourdan,+75014+Paris Maison Internationale, Cite Universitaire]
 +
! Room
 +
|-
 +
| 09.15 - 10.15
 +
| '''EasyCrypt lecture''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/lecture1.pdf Introduction (Gilles)]
 +
| rowspan="5" | [http://www.ciup.fr/salon-david-weill/ Salon David Weill]
 +
|-
 +
| 10.15 - 10.30
 +
| ''break''
 +
|-
 +
| 10.30 - 11.30
 +
| '''EasyCrypt lecture''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/lecture2.pdf An introduction to EasyCrypt  (Benjamin)]
 +
|-
 +
| 11.30 - 11.45
 +
| ''break''
 +
|-
 +
| 11.45 - 12.45
 +
| '''EasyCrypt lecture''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/lecture3.pdf Proving in EasyCrypt and pRHL in practice (Pierre-Yves)]
 +
|-
 +
| 12.45 - 14.15
 +
| ''lunch''
 +
| [http://www.ciup.fr/restaurant/le-restaurant-universitaire-2/ Restaurant Universitaire]
 +
|-
 +
| 14.15 - 15.45
 +
| '''EasyCrypt tutorial''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/day1.tgz Exercices]
 +
| rowspan="3" | [http://www.ciup.fr/salon-david-weill/ Salon David Weill] <br/> + [https://www.google.com/maps/place/23+Avenue+d'Italie,+75013+Paris,+France/ Salle Orange at INRIA] <br/> &nbsp;&nbsp;&nbsp;([https://www.google.com/maps/dir/17+Boulevard+Jourdan,+75014+Paris,+France/23+Avenue+d'Italie,+Paris,+France/ 25 minutes walk])
 +
|-
 +
| 15.45 - 16.15
 +
| ''break''
 +
|-
 +
| 16.00 - 17.30
 +
| '''EasyCrypt tutorial'''
 +
|}
 +
 +
=== Tuesday, November 25th 2014 ===
 +
 +
{| class="wikitable"
 +
! Time
 +
! style="min-width: 400px;" | [https://www.google.fr/maps/place/17+Boulevard+Jourdan,+75014+Paris Maison Internationale, Cite Universitaire]
 +
! Room
 +
|-
 +
| 09.15 - 10.15
 +
| '''EasyCrypt lecture''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/lecture4.pdf Theories, Cloning and Modules (François)]
 +
| rowspan="5" | [http://www.ciup.fr/salon-david-weill/ Salon David Weill]
 +
|-
 +
| 10.15 - 10.30
 +
| ''break''
 +
|-
 +
| 10.30 - 11.30
 +
| '''EasyCrypt lecture''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/lecture5.pdf High-level Proof Principles (Benedikt)]
 +
|-
 +
| 11.30 - 11.45
 +
| ''break''
 +
|-
 +
| 11.45 - 12.45
 +
| '''EasyCrypt lecture''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/lecture6.pdf Overview and perspectives (Gilles)]
 +
|-
 +
| 12.45 - 14.15
 +
| ''lunch''
 +
| [http://www.ciup.fr/restaurant/ Restaurant Universitaire]
 +
|-
 +
| 14.15 - 15.45
 +
| '''EasyCrypt tutorial''' - [https://www.easycrypt.info/trac/raw-attachment/wiki/SchoolParis14/day2.tgz Exercices]
 +
| rowspan="3" | [http://www.ciup.fr/salon-david-weill/ Salon David Weill] <br/> + [https://www.google.com/maps/place/23+Avenue+d'Italie,+75013+Paris,+France/ Salle Orange at INRIA] <br/> &nbsp;&nbsp;&nbsp;([https://www.google.com/maps/dir/17+Boulevard+Jourdan,+75014+Paris,+France/23+Avenue+d'Italie,+Paris,+France/ 25 minutes walk])
 +
|-
 +
| 15.45 - 16.15
 +
| ''break''
 +
|-
 +
| 16.00 - 17.30
 +
| '''EasyCrypt tutorial'''
 +
|-
 +
| 18.00 - 20:00
 +
| '''[https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014#Cryptosense_reception Cryptosense Reception]'''
 +
| [http://gobelins.vqd.fr/fr/ Le Vin Qui Danse, Gobelins] <br/> ([https://www.google.com/maps/dir/Cité+internationale+universitaire+de+Paris,+17+Boulevard+Jourdan,+75014+Paris,+France/69+Rue+Broca,+75013+Paris,+France/ 25 minutes walk from CiteU])
 +
|}
 +
 +
=== Wednesday, November 26th 2014 ===
 +
 +
{| class="wikitable"
 +
! Time
 +
! style="min-width: 400px;" | [https://www.google.fr/maps/place/15+Rue+de+l'%C3%89cole+de+M%C3%A9decine,+75005+Paris UPMC - Campus des Cordeliers]
 +
! Room
 +
|-
 +
| 09:00 - 10:00
 +
| '''F* lecture:''' [https://wiki.inria.fr/wikis/prosecco/images/f/f0/Fstar-school-Nov26-2014.pdf High-level introduction] (Nikhil)
 +
| rowspan="7" | [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf Amphitheatre Gustave Roussy]
 +
|-
 +
| 10:00 - 10:15
 +
| ''short break''
 +
|-
 +
| 10:15 - 10:45
 +
| '''Véronique Cortier:''' [https://wiki.inria.fr/prosecco/Abstracts_of_Invited_Talks_-_Joint_School_2014#Type-Based_Verification_of_Electronic_Voting_Protocols_.28V.C3.A9ronique_Cortier.2C_CNRS_.26_LORIA_Nancy.29 Type-Based Verification<br/> of Electronic Voting Protocols] (Invited Talk)
 +
|-
 +
| 10:45 - 11:15
 +
| '''Matteo Maffei:''' [https://wiki.inria.fr/prosecco/Invited_Talks_-_Joint_School_2014#Logical_Foundations_of_Secure_Resource_Management_in_Protocol_Implementations_.28Matteo_Maffei.2C_Saarland_University.29 Logical Foundations of Secure Resource<br/> Management in Protocol Implementations] (Invited Talk)
 +
|-
 +
| 11:15 - 11:30
 +
| ''short break''
 +
|-
 +
| 11:30 - 12:00
 +
| '''Hubert Comon:''' Unconditional Soundness (Invited Talk)
 +
|-
 +
| 12:00 - 12:30
 +
| '''CryptoVerif lecture:''' [http://prosecco.gforge.inria.fr/personal/bblanche/talks/CV-School14-Wednesday.pdf sneak preview] (Bruno)
 +
|-
 +
| 12:30 - 14:30
 +
| ''lunch break''
 +
|-
 +
| 14.30 - 19:00
 +
| '''F* tutorial:''' [http://prosecco.gforge.inria.fr/tutorial.html#sec-introduction Basic F*]
 +
| [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf Amphitheatre Gustave Roussy]<br/> + [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf Room Déjerine] (35 people)
 +
|-
 +
| 19:00 - 21:00
 +
| '''[https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014#Social_dinner Social dinner]'''
 +
| [http://www.bouillon-racine.com/ Bouillon Racine] ([https://www.google.com/maps/dir/UPMC+-+Campus+des+Cordeliers/Bouillon+Racine,+3+Rue+Racine,+75006+Paris,+France/ 2 minutes walk])
 +
|}
 +
 +
=== Thursday, November 27th 2014 ===
 +
 +
{| class="wikitable"
 +
! Time
 +
! style="min-width: 400px;" | [https://www.google.fr/maps/place/15+Rue+de+l'%C3%89cole+de+M%C3%A9decine,+75005+Paris UPMC - Campus des Cordeliers]
 +
! Room
 +
|-
 +
| 9:00 - 9:30
 +
| '''F* lecture:''' [http://prosecco.gforge.inria.fr/tutorial.html#sec-state-and-other-effects Advanced F*] (Nikhil)
 +
| rowspan="6" | [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf Amphitheatre Gustave Roussy]
 +
|-
 +
| 9:30 - 10:00
 +
| '''F* lecture:''' [https://wiki.inria.fr/wikis/prosecco/images/2/28/Mitls.pdf miTLS] (Antoine)
 +
|-
 +
| 10:00 - 10:15
 +
| ''short break''
 +
|-
 +
| 10:15 - 11:15
 +
| '''F* lecture:''' [https://wiki.inria.fr/wikis/prosecco/images/8/86/CryptoTyping.pdf Types for Modular Cryptography] (Cedric)
 +
|-
 +
| 11:15 - 11:30
 +
| ''short break''
 +
|-
 +
| 11:30 - 12:30
 +
| '''F* lecture:''' [https://wiki.inria.fr/wikis/prosecco/images/8/86/CryptoTyping.pdf Types for Modular Cryptography] (Cedric)
 +
|-
 +
| 12:30 - 14:30
 +
| ''lunch break''
 +
|-
 +
| 14:30 - 16:30
 +
| '''F* tutorial:''' [http://prosecco.gforge.inria.fr/tutorial.html#sec-security-examples Verifying Simple Cryptography] (Cedric, Markulf, Nikhil)
 +
| rowspan="3" | [https://wiki.inria.fr/wikis/prosecco/images/3/35/UpmcCordeliers.pdf Rooms Déjerine and Leroux]<br/> (35 people each)
 +
|-
 +
| 16:30 - 17:00
 +
| ''break''
 +
|-
 +
| 17.00 - 18:00
 +
| '''F* tutorial:''' [http://prosecco.gforge.inria.fr/tutorial.html#sec-case-study--simply-typed-lambda-calculus Simply Typed Lambda Calculus] (Catalin, Chantal)
 +
|}
 +
 +
=== Friday, November 28th 2014 ===
 +
 +
{| class="wikitable"
 +
! Time
 +
! style="min-width: 400px;" | [https://www.google.fr/maps/place/17+Boulevard+Jourdan,+75014+Paris Maison Internationale, Cite Universitaire]
 +
! Room
 +
|-
 +
| 09:00 - 10:30
 +
| '''[http://prosecco.gforge.inria.fr/personal/bblanche/talks/CV-School14-Course.pdf CryptoVerif lecture]''' (Bruno)
 +
| rowspan="3" | [http://www.ciup.fr/salon-david-weill/ Salon Salon David Weill]
 +
|-
 +
| 10:30 - 11:00
 +
| ''break''
 +
|-
 +
| 11:00 - 12:30
 +
| '''[http://prosecco.gforge.inria.fr/personal/bblanche/talks/CV-School14-Course.pdf CryptoVerif lecture]''' (Bruno)
 +
|-
 +
| 13:00 - 14:30
 +
| ''lunch break''
 +
| [http://www.ciup.fr/restaurant/le-restaurant-universitaire-2/ Restaurant Universitaire]
 +
|-
 +
| 14:30 - 16:00
 +
| '''CryptoVerif tutorial'''
 +
| rowspan="3" | [http://www.ciup.fr/salon-david-weill/ Salon Salon David Weill]
 +
|-
 +
| 16:00 - 16:30
 +
| ''break''
 +
|-
 +
| 16.30 - 18:00
 +
| '''CryptoVerif tutorial'''
 +
|}
 +
 +
= Photos =
 +
[https://wiki.inria.fr/wikis/prosecco/images/b/b3/2014-11-26-School.zip Download]
 +
<gallery>
 +
IMG_6593.JPG|
 +
IMG_6594.JPG|
 +
IMG_6595.JPG|
 +
IMG_6600.JPG|
 +
IMG_6602.JPG|
 +
IMG_6605.JPG|
 +
IMG_6607.JPG|
 +
IMG_6609.JPG|
 +
</gallery>
 +
 +
= Hardware and software =
 +
Roughly half of the time of the school is devoted to hands-on exercise sessions and tutorials. Participants are expected to bring their own laptop with [https://www.easycrypt.info EasyCrypt], [https://www.fstar-lang.org F*], and [http://prosecco.gforge.inria.fr/personal/bblanche/cryptoverif/ CryptoVerif] installed. More details e.g. about precise versions and setup will be communicated on the participants' mailing list.
 +
* [[CryptoVerif Installation|CryptoVerif Installation Instructions]]
 +
* [https://www.easycrypt.info/trac/wiki/SchoolParis14Install EasyCrypt Installation Instructions]
 +
* [https://github.com/FStarLang/FStar/blob/master/INSTALL.md F* Installation Instructions]
 +
<!--
 
= Financial support =
 
= Financial support =
 
* We try to offer grants covering the travel and/or accommodation costs of the participants who need it.
 
* We try to offer grants covering the travel and/or accommodation costs of the participants who need it.
Line 64: Line 300:
 
* The travel support comes in the form of reimbursement for the costs of a trip participants plan and initially pay themselves, provided these costs stay within certain bounds we establish in advance.
 
* The travel support comes in the form of reimbursement for the costs of a trip participants plan and initially pay themselves, provided these costs stay within certain bounds we establish in advance.
 
* Participants can apply for financial support via the registration form above.
 
* Participants can apply for financial support via the registration form above.
* A number of the grants for UK attendees are subsidized by [http://www.cryptoforma.org.uk/ CryptoForma]; the application process is the same for all grants (part of the normal registration form above).
+
* Most of these grants are supported by the [http://prosecco.gforge.inria.fr/ Prosecco team at INRIA Paris-Rocquencourt]. A number of the grants for UK attendees are subsidized by [http://www.cryptoforma.org.uk/ CryptoForma]; the application process is the same for all grants (part of the normal registration form above).
 +
-->
  
= Social events =
+
= Social dinner =
We will organize a social dinner and a social lunch that are free for all registered participants.
+
* The social dinner is free for all registered participants and takes place '''Wednesday at 7pm at [http://www.bouillon-racine.com/ Bouillon Racine]'''.
 +
* Bouillon Racine is located at [https://www.google.com/maps/place/Bouillon+Racine 3 rue Racine, 75006 Paris], [https://www.google.com/maps/dir/UPMC+-+Campus+des+Cordeliers/Bouillon+Racine,+3+Rue+Racine,+75006+Paris,+France/ a 2 minutes walk from UPMC - Campus des Cordeliers].
 +
* The social dinner is sponsored by the [http://www.msr-inria.fr/ MSR-Inria Joint Centre].
 +
 
 +
= Cryptosense reception =
 +
* The [http://cryptosense.com/ Cryptosense] reception takes place '''Tuesday 6-8pm at [http://gobelins.vqd.fr/fr/ Le Vin Qui Danse, Gobelins]'''.
 +
* We have a reserved area at the back of the bar. There will be a wine, juice, water, and nibbles available, paid for by [http://cryptosense.com/ Cryptosense], and the possibility of buying beer or cocktails at the bar. Afterwards it's a reasonable area for people to split up and go for dinner in smaller groups.
 +
* [http://gobelins.vqd.fr/fr/ Le Vin Qui Danse, Gobelins] is located at [https://www.google.com/maps/place/69+Rue+Broca,+75013+Paris,+France/ 69 Rue Broca, 75013 Paris]. That's a [https://www.google.com/maps/dir/Cit%C3%A9+internationale+universitaire+de+Paris,+17+Boulevard+Jourdan,+75014+Paris,+France/69+Rue+Broca,+75013+Paris,+France/@48.8285824,2.3335993,15z/data=!3m1!4b1!4m14!4m13!1m5!1m1!1s0x47e671a1a98df859:0x1c4282bc491b8270!2m2!1d2.338553!2d48.820237!1m5!1m1!1s0x47e671eb47426d69:0xb102905c6c1acf5d!2m2!1d2.3471351!2d48.8369049!3e2 25 minutes walk from Cité Universitaire] ([https://www.google.com/maps/dir/23+Avenue+d'Italie,+75013+Paris,+France/69+Rue+Broca,+75013+Paris,+France/@48.8328814,2.3471811,16z/data=!3m1!4b1!4m14!4m13!1m5!1m1!1s0x47e6718efd139081:0x30c4a0c3d61b6f55!2m2!1d2.3568972!2d48.8283983!1m5!1m1!1s0x47e671eb47426d69:0xb102905c6c1acf5d!2m2!1d2.3471351!2d48.8369049!3e2 15 minutes walk from Place d'Italie]). From Cité Universitaire one can also [https://www.google.com/maps/dir/Cit%C3%A9+Universitaire/69+Rue+Broca,+75013+Paris,+France/@48.8301271,2.3307519,15z/data=!3m1!4b1!4m14!4m13!1m5!1m1!1s0x47e671a19d1b03eb:0xe4752dc769ccc6a8!2m2!1d2.338835!2d48.820371!1m5!1m1!1s0x47e671eb47426d69:0xb102905c6c1acf5d!2m2!1d2.3471351!2d48.8369049!3e3 take RER B, get off at Port Royal, and then walk for 10 minutes].
  
 
= Travel, food, and accommodation =
 
= Travel, food, and accommodation =
Participants are expected to make their own travel, food, and accommodation arrangements. Paris offers many good alternatives. The only exceptions are for invited speakers, for the shared hotel rooms (see financial support above), and for the social events (see above).
+
Participants are expected to make their own travel, food, and accommodation arrangements. Paris offers many great alternatives. The only exceptions are for invited speakers, for the shared hotel rooms (financial support), and for the social dinner (see above).
  
 
= Sponsors =
 
= Sponsors =
This school is financially supported by the [http://prosecco.gforge.inria.fr/ Prosecco team at INRIA Paris-Rocquencourt]. [http://www.cryptoforma.org.uk/ The EPSRC CryptoForma network on formal methods and cryptography] sponsors a number of  grants for UK attendees.
+
This school is financially supported by the [http://prosecco.gforge.inria.fr/ Prosecco team at INRIA Paris-Rocquencourt]
 
+
with funds from the [http://cordis.europa.eu/project/rcn/96778_en.html ERC Starting Grant CRYSP].
= Tools Institutions =
+
The [http://www.cryptoforma.org.uk/ EPSRC CryptoForma network on formal methods and cryptography] sponsors a number of  [https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014#Financial_support grants] for UK attendees. The [http://www.msr-inria.fr/ MSR-Inria Joint Centre] sponsors the [https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014#Social_dinner social dinner]. [http://cryptosense.com/ Cryptosense] organizes and sponsors the [https://wiki.inria.fr/prosecco/The_Joint_EasyCrypt-F*-CryptoVerif_School_2014#Cryptosense_reception reception].
  
All the presented tools have been developed at &nbsp;
+
[[Image:prosecco1.png|160px|CNRS|link=http://prosecco.gforge.inria.fr/]] &nbsp;&nbsp;
[[Image:cnrs.png|75px|CNRS|link=http://www.cnrs.fr/]] &nbsp;&nbsp;&nbsp;&nbsp;
+
[[Image:inria.png|120px|INRIA|link=http://www.inria.fr/]] &nbsp;&nbsp;
[[Image:ens.png|75px|ENS|link=http://www.ens.fr/]] &nbsp;&nbsp;&nbsp;&nbsp;
+
[[Image:Erc-logo3.png|80px|ERC|link=http://erc.europa.eu/]] &nbsp;&nbsp;
[[Image:inria.png|100px|INRIA|link=http://www.inria.fr/]] &nbsp;&nbsp;&nbsp;&nbsp;
+
[[Image:cryptoforma2.png|150px|CryptoForma|link=http://www.cryptoforma.org.uk/]] &nbsp;&nbsp;&nbsp;&nbsp;
[[Image:imdea.png|100px|IMDEA|link=http://software.imdea.org/]] &nbsp;&nbsp;&nbsp;&nbsp;
+
[[Image:MSR-INRIA_UK_CMYK.png|180px|Microsoft Research Inria Joint Centre|link=http://www.msr-inria.fr/]] &nbsp;&nbsp;&nbsp;&nbsp;
[[Image:ms.png|100px|Microsoft Research|link=http://research.microsoft.com/]]
+
[[Image:cryptosense.png|180px|Cryptosense|link=http://cryptosense.com/]]

Latest revision as of 18:27, 17 February 2019

Abstract

The school takes place 24-28 November in Paris and is aimed at teaching participants how to use three state-of-the-art security verification tools: EasyCrypt, F*, and CryptoVerif, as well as give participants a glimpse of the formal foundations behind these tools.

EasyCrypt is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt was used to prove the security of complex cryptographic constructions, including the Cramer-Shoup encryption scheme, the Merkle-Damgaard iterative hash function design, and the ZAEP encryption scheme. More recently, it has been used for proving the security of protocols based on garbled circuits, and for the proof of security for authenticated key-exchange protocols and derived proofs under weaker assumptions.

F* is a new ML-like functional programming language designed with program verification in mind. It has a powerful refinement type-checker that discharges verification conditions using the Z3 SMT solver. F* has been successfully used to verify nearly 50,000 lines of code, ranging from cryptographic protocol implementations to web browser extensions, and from cloud-hosted web applications to key parts of the F* compiler itself. The newest version on F* erases to both F# and OCaml, on which it is based. It also compiles securely to JavaScript, enabling safe interoperability with arbitrary, untrusted JavaScript libraries.

CryptoVerif is an automatic protocol prover sound in the computational model. It can prove secrecy and correspondences (e.g. authentication). The generated proofs are by sequences of games, as used by cryptographers. CryptoVerif was successfully used for security proofs of FDH signatures, Kerberos, OEKE, and the SSH transport layer protocol.

The presented tools have been developed at

CNRS        ENS        IMDEA      INRIA    Microsoft Research      Microsoft Research Inria Joint Centre

Report

A report on the school appeared in the SIGLOG Newsletter, Volume 2, Number 1 from January 2015.

Lecturers and tutorial aides

Participants will attend lectures and hands-on tutorials, under the guidance of members from the tools' developer teams:

Invited speakers

While the school is targeted mostly at explaining the three tools, we're also planning two sessions of invited talks, a longer one Wednesday morning and a short one Friday morning.

Organization

Anna Bednarik, Karthikeyan Bhargavan, Cătălin Hriţcu (contact), Pierre-Yves Strub

Student volunteers: Evmorfia-Iro Bartzia, Benjamin Beurdouche, Antoine Delignat-Lavaud, and Jean Karim Zinzindohoué

Materials

Registration

  • The school has filled up completely, we have no space for additional participants.

Locations

We have two locations:

Schedule

Monday, November 24th 2014

Time Maison Internationale, Cite Universitaire Room
09.15 - 10.15 EasyCrypt lecture - Introduction (Gilles) Salon David Weill
10.15 - 10.30 break
10.30 - 11.30 EasyCrypt lecture - An introduction to EasyCrypt (Benjamin)
11.30 - 11.45 break
11.45 - 12.45 EasyCrypt lecture - Proving in EasyCrypt and pRHL in practice (Pierre-Yves)
12.45 - 14.15 lunch Restaurant Universitaire
14.15 - 15.45 EasyCrypt tutorial - Exercices Salon David Weill
+ Salle Orange at INRIA
   (25 minutes walk)
15.45 - 16.15 break
16.00 - 17.30 EasyCrypt tutorial

Tuesday, November 25th 2014

Time Maison Internationale, Cite Universitaire Room
09.15 - 10.15 EasyCrypt lecture - Theories, Cloning and Modules (François) Salon David Weill
10.15 - 10.30 break
10.30 - 11.30 EasyCrypt lecture - High-level Proof Principles (Benedikt)
11.30 - 11.45 break
11.45 - 12.45 EasyCrypt lecture - Overview and perspectives (Gilles)
12.45 - 14.15 lunch Restaurant Universitaire
14.15 - 15.45 EasyCrypt tutorial - Exercices Salon David Weill
+ Salle Orange at INRIA
   (25 minutes walk)
15.45 - 16.15 break
16.00 - 17.30 EasyCrypt tutorial
18.00 - 20:00 Cryptosense Reception Le Vin Qui Danse, Gobelins
(25 minutes walk from CiteU)

Wednesday, November 26th 2014

Time UPMC - Campus des Cordeliers Room
09:00 - 10:00 F* lecture: High-level introduction (Nikhil) Amphitheatre Gustave Roussy
10:00 - 10:15 short break
10:15 - 10:45 Véronique Cortier: Type-Based Verification
of Electronic Voting Protocols
(Invited Talk)
10:45 - 11:15 Matteo Maffei: Logical Foundations of Secure Resource
Management in Protocol Implementations
(Invited Talk)
11:15 - 11:30 short break
11:30 - 12:00 Hubert Comon: Unconditional Soundness (Invited Talk)
12:00 - 12:30 CryptoVerif lecture: sneak preview (Bruno)
12:30 - 14:30 lunch break
14.30 - 19:00 F* tutorial: Basic F* Amphitheatre Gustave Roussy
+ Room Déjerine (35 people)
19:00 - 21:00 Social dinner Bouillon Racine (2 minutes walk)

Thursday, November 27th 2014

Time UPMC - Campus des Cordeliers Room
9:00 - 9:30 F* lecture: Advanced F* (Nikhil) Amphitheatre Gustave Roussy
9:30 - 10:00 F* lecture: miTLS (Antoine)
10:00 - 10:15 short break
10:15 - 11:15 F* lecture: Types for Modular Cryptography (Cedric)
11:15 - 11:30 short break
11:30 - 12:30 F* lecture: Types for Modular Cryptography (Cedric)
12:30 - 14:30 lunch break
14:30 - 16:30 F* tutorial: Verifying Simple Cryptography (Cedric, Markulf, Nikhil) Rooms Déjerine and Leroux
(35 people each)
16:30 - 17:00 break
17.00 - 18:00 F* tutorial: Simply Typed Lambda Calculus (Catalin, Chantal)

Friday, November 28th 2014

Time Maison Internationale, Cite Universitaire Room
09:00 - 10:30 CryptoVerif lecture (Bruno) Salon Salon David Weill
10:30 - 11:00 break
11:00 - 12:30 CryptoVerif lecture (Bruno)
13:00 - 14:30 lunch break Restaurant Universitaire
14:30 - 16:00 CryptoVerif tutorial Salon Salon David Weill
16:00 - 16:30 break
16.30 - 18:00 CryptoVerif tutorial

Photos

Download

Hardware and software

Roughly half of the time of the school is devoted to hands-on exercise sessions and tutorials. Participants are expected to bring their own laptop with EasyCrypt, F*, and CryptoVerif installed. More details e.g. about precise versions and setup will be communicated on the participants' mailing list.

Social dinner

Cryptosense reception

Travel, food, and accommodation

Participants are expected to make their own travel, food, and accommodation arrangements. Paris offers many great alternatives. The only exceptions are for invited speakers, for the shared hotel rooms (financial support), and for the social dinner (see above).

Sponsors

This school is financially supported by the Prosecco team at INRIA Paris-Rocquencourt with funds from the ERC Starting Grant CRYSP. The EPSRC CryptoForma network on formal methods and cryptography sponsors a number of grants for UK attendees. The MSR-Inria Joint Centre sponsors the social dinner. Cryptosense organizes and sponsors the reception.

CNRS    INRIA    ERC    CryptoForma      Microsoft Research Inria Joint Centre      Cryptosense