EasyCrypt: Computer-Aided Cryptographic Proofs
EasyCrypt is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt can also be used for reasoning about (vanilla, approximate, and computational) differential privacy.
EasyCrypt has been used to prove the security of emblematic cryptographic constructions, including the Cramer-Shoup cryptosystem, the OAEP padding scheme, the Full Domain Hash signature scheme, the Merkle-Damgård hash function design, and the CBC block cipher mode of operation.
See our dedicated page for a list of related publications.
You can get EasyCrypt via our public git repository (browse):
git clone http://ci.easycrypt.info/easycrypt.git
Installation instructions can be found here.
Note that the current release of EasyCrypt (version 1.0) is still under development. You can also download EasyCrypt version 0.2 (and its documentation) However, we are not actively supporting this version any longer, and recommend switching to version 1.0.
- First EasyCrypt summer school and workshop: July 2013, UPenn.
- CertiCrypt is a fully machine-checked framework for
building and verifying game-based cryptographic proofs in the
Coq proof assistant. The original version of EasyCrypt
featured a mechanism for compiling EasyCrypt scripts into
CertiCrypt proofs. This mechanism is currently disabled. For
additional information, visit the
CertiCrypt was developed actively from 2006 until
- Its latest stable version can be obtained from us upon request.
- ZKCrypt is a cryptographic compiler that outputs Java and C implementations of zero-knowledge protocols from high-level specifications, together with EasyCrypt proofs of their correctness.
- ZooCrypt is an automated tool for analyzing the security of padding-based public-key encryption schemes (i.e. schemes built from trapdoor permutations and hash functions). ZooCrypt includes an experimental mechanism to generate EasyCrypt proofs of security of analyzed schemes.
- Gilles Barthe (IMDEA Software Institute)
- Juan Manuel Crespo (IMDEA Software Institute)
- François Dupressoir (IMDEA Software Institute)
- Benjamin Grégoire (INRIA Sophia-Antipolis Méditerranée)
- Benedikt Schmidt (IMDEA Software Institute)
- Pierre-Yves Strub (IMDEA Software Institute)
- Guido Genzone (U. Nacional de Rosario, Argentina)
- Daniel Hedin (Chalmers University of Technology, Sweden)
- Sylvain Heraud (Prove & Run)
- Federico Olmedo (IMDEA Software Institute)
- César Kunz (IMDEA Software Institute and Universidad Politécnica de Madrid)
- Anne Pacalet (SafeRiver)
- Adrian Silveira (U. de la República, Uruguay)
- Santiago Zanella-Béguelin (Microsoft Research)
The research is partially funded by ONR Grant N000141210914, Spanish project TIN2009-14599 DESAFIOS 10, and Madrid Regional project S2009TIC-1465 PROMETIDOS.