Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content

Implicit Computational Complexity of Subrecursive Definitions and Applications to Cryptographic Proofs

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

We define a call-by-value variant of Gödel’s system \(\textsf {T} \) with references, and equip it with a linear dependent type and effect system, called \(\textsf {d}\ell \textsf {T} \), that can estimate the time complexity of programs, as a function of the size of their inputs. We prove that the type system is intentionally sound, in the sense that it over-approximates the complexity of executing the programs on a variant of the CEK abstract machine. Moreover, we define a sound and complete type inference algorithm which critically exploits the subrecursive nature of \(\textsf {d}\ell \textsf {T} \). Finally, we demonstrate the usefulness of \(\textsf {d}\ell \textsf {T} \) for analyzing the complexity of cryptographic reductions by providing an upper bound for the constructed adversary of the Goldreich–Levin theorem.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

Notes

  1. The original CEK machine comes from [16] and its name comes from the fact that its states have three components, a term, an environment and a continuation.

References

  1. Accattoli, B., Dal Lago, U.: (Leftmost-outermost) beta reduction is invariant, indeed. Log. Methods Comput. Sci. 12(1) (2016)

  2. Albert, E., Arenas, P., Genaim, S., Puebla, G., Zanardini, D.: COSTA: design and implementation of a cost and termination analyzer for Java bytecode. In: Formal Methods for Components and Objects, 6th International Symposium, FMCO 2007, pp. 113–132 (2007)

  3. Baillot, P., Barthe, G., Dal Lago, U.: Implicit computational complexity of subrecursive definitions and applications to cryptographic proofs. In: Proceedings of LPAR 2015, Volume 9450 of LNCS, pp. 203–218. Springer, Berlin (2015)

    Chapter  Google Scholar 

  4. Baillot, P., Terui, K.: Light types for polynomial time computation in lambda calculus. Inf. Comput. 207(1), 41–62 (2009)

    Article  MathSciNet  Google Scholar 

  5. Barthe, G., Daubignard, M., Kapron, B., Lakhnech, Y.: Computational indistinguishability logic. In: Proceedings of Computer and Communications Security, CCS 2010, pp. 375–386. ACM, New York (2010)

  6. Barthe, G., Fournet, C., Grégoire, B., Strub, P.-Y., Swamy, N., Zanella-Béguelin, S.: Probabilistic relational verification for cryptographic implementations. In: Proceedings of POPL 2014, pp. 193–206 (2014)

  7. Barthe, G., Gaboardi, M., Gallego Arias, E. J., Hsu, J., Roth, A., Strub, P.-Y.: Higher-order approximate relational refinement types for mechanism design and differential privacy. In: Proceedings of POPL 2015, pp. 55–68. ACM (2015)

    Article  Google Scholar 

  8. Barthe, G., Grégoire, B., Béguelin, S.Z.: Formal certification of code-based cryptographic proofs. In: Proceedings of POPL 2009, pp. 90–101 (2009)

    Article  Google Scholar 

  9. Barthe, G., Grégoire, B., Heraud, S., Béguelin, S.Z.: Computer-aided security proofs for the working cryptographer. In: Proceedings of CRYPTO 2011, pp. 71–90 (2011)

    Chapter  Google Scholar 

  10. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of Computer and Communications Security, pp. 62–73 (1993)

  11. Blanchet, B.: A computationally sound mechanized prover for security protocols. In: IEEE Symposium on Security and Privacy, pp. 140–154 (2006)

  12. Dal Lago, U.: The geometry of linear higher-order recursion. ACM Trans. Comput. Log. 10(2), 8:1–8:38 (2009)

    Article  MathSciNet  Google Scholar 

  13. Dal Lago, U., Gaboardi, M.: Linear dependent types and relative completeness. Log. Methods Comput. Sci. 8(4) (2011)

  14. Dal Lago, U., Petit, B.: The geometry of types. In: Proceedings of POPL 2013, pp. 167–178 (2013)

    Article  Google Scholar 

  15. Danielsson, N.A.: Lightweight semiformal time complexity analysis for purely functional data structures. In: Proceedings of POPL 2008, pp. 133–144 (2008)

    Article  MathSciNet  Google Scholar 

  16. Felleisen, M., Friedman, D.P.: Control operators, the SECD-machine, and the lambda-calculus. In: 3rd Working Conference on the Formal Description of Programming Concepts (1986)

  17. Goldreich, O.: On expected probabilistic polynomial-time adversaries: a suggestion for restricted definitions and their benefits. In: Theory of Cryptography, pp. 174–193. Springer, Berlin (2007)

  18. Grobauer, B.: Cost recurrences for DML programs. In: International Conference on Functional Programming (ICFP ’01), pp. 253–264 (2001)

  19. Gulwani, S., Mehra, K.K., Chilimbi, T.M.: Speed: precise and efficient static estimation of program computational complexity. In: Proceedings of POPL 2009, pp. 127–139 (2009)

    Article  Google Scholar 

  20. Halevi, S.: A plausible approach to computer-aided cryptographic proofs. IACR Cryptology ePrint Archive, p. 181 (2005)

  21. Hoffmann, J., Hofmann, M.: Amortized resource analysis with polynomial potential. In: Proceedings of ESOP 2010, pp. 287–306 (2010)

    Chapter  Google Scholar 

  22. Hofmann, M.: Safe recursion with higher types and BCK-algebra. Ann. Pure Appl. Log. 104(1–3), 113–166 (2000)

    Article  MathSciNet  Google Scholar 

  23. Jones, N.D., Kristiansen, L.: A flow calculus of mwp-bounds for complexity analysis. ACM Trans. Comput. Log. 10(4), 28 (2009)

    Article  MathSciNet  Google Scholar 

  24. Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall Cryptography and Network Security Series. Chapman & Hall, London (2007)

    Book  Google Scholar 

  25. Leivant, D., Marion, J.-Y.: Lambda calculus characterizations of poly-time. Fundam. Inform. 19(1/2), 167–184 (1993)

    MathSciNet  MATH  Google Scholar 

  26. Lesourd, M.: Type inference for complexity analysis of functional programs (2016). Master Thesis, ENS Lyon. https://ilsordo.github.io/research/rapport2016.pdf

  27. Petcher, A., Morrisett, G.: The foundational cryptography framework. In: Proceedings of POST 2015, Volume 9036 of LNCS, pp. 203–218 (2015)

    Google Scholar 

  28. Swamy, N., Chen, J., Fournet, C., Strub, P.-Y., Bhargavan, K., Yang, J.: Secure distributed programming with value-dependent types. In: Proceedings of ICFP 2011, pp. 266–278 (2011)

  29. Xi, H.: Dependent types for program termination verification. Higher-Order Symb. Comput. 15(1), 91–131 (2002)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ugo Dal Lago.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Baillot, P., Barthe, G. & Dal Lago, U. Implicit Computational Complexity of Subrecursive Definitions and Applications to Cryptographic Proofs. J Autom Reasoning 63, 813–855 (2019). https://doi.org/10.1007/s10817-019-09530-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-019-09530-2

Keywords