A Tight Security Proof for $\mathrm{SPHINCS^{+}}$, Formally Verified

Paper 2024/910

A Tight Security Proof for $\mathrm{SPHINCS^{+}}$, Formally Verified

Manuel Barbosa, University of Porto (FCUP), INESC TEC
François Dupressoir, University of Bristol
Andreas Hülsing, Eindhoven University of Technology, SandboxAQ
Matthias Meijers, Eindhoven University of Technology
Pierre-Yves Strub, PQShield
Abstract

$\mathrm{SPHINCS^{+}}$ is a post-quantum signature scheme that, at the time of writing, is being standardized as $\mathrm{SLH\text{-}DSA}$. It is the most conservative option for post-quantum signatures, but the original tight proofs of security were flawed—as reported by Kudinov, Kiktenko and Fedorov in 2020. In this work, we formally prove a tight security bound for $\mathrm{SPHINCS^{+}}$ using the EasyCrypt proof assistant, establishing greater confidence in the general security of the scheme and that of the parameter sets considered for standardization. To this end, we reconstruct the tight security proof presented by Hülsing and Kudinov (in 2022) in a modular way. A small but important part of this effort involves a complex argument relating four different games at once, of a form not yet formalized in EasyCrypt (to the best of our knowledge). We describe our approach to overcoming this major challenge, and develop a general formal verification technique aimed at this type of reasoning. Enhancing the set of reusable EasyCrypt artifacts previously produced in the formal verification of stateful hash-based cryptographic constructions, we (1) improve and extend the existing libraries for hash functions and (2) develop new libraries for fundamental concepts related to hash-based cryptographic constructions, including Merkle trees. These enhancements, along with the formal verification technique we develop, further ease future formal verification endeavors in EasyCrypt, especially those concerning hash-based cryptographic constructions.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint.
Keywords
SPHINCS⁺Post-Quantum CryptographyEasyCryptFormal VerificationMachine-Checked ProofsComputer-Aided Cryptography
Contact author(s)
fv-sphincsplus @ mmeijers com
History
2024-06-08: approved
2024-06-07: received
See all versions
Short URL
https://ia.cr/2024/910
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/910,
      author = {Manuel Barbosa and François Dupressoir and Andreas Hülsing and Matthias Meijers and Pierre-Yves Strub},
      title = {A Tight Security Proof for $\mathrm{{SPHINCS}^{+}}$, Formally Verified},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/910},
      year = {2024},
      url = {https://eprint.iacr.org/2024/910}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.