Version 18 (modified by Pierre-Yves Strub, 6 years ago) (diff)


EasyCrypt: Computer-Aided Cryptographic Proofs


EasyCrypt is a toolset for reasoning about relational properties of probabilistic computations with adversarial code. Its main application is the construction and verification of game-based cryptographic proofs. EasyCrypt can also be used for reasoning about (vanilla, approximate, and computational) differential privacy.

EasyCrypt has been used to prove the security of emblematic cryptographic constructions, including the Cramer-Shoup cryptosystem, the OAEP padding scheme, the Full Domain Hash signature scheme, the Merkle-Damgård hash function design, and the CBC block cipher mode of operation.


The current release of EasyCrypt (version 1.0) is still under development. Please join the EasyCrypt support mailing list to be informed of evolutions.

You can get EasyCrypt via our public git repository (browse):

git clone

Installation instructions can be found here?.

Past Events


You can contact the developers by sending an email to the EasyCrypt support mailing list. However, we encourage you to use the EasyCrypt club mailing list for general questions.

Related tools

  • CertiCrypt is a fully machine-checked framework for building and verifying game-based cryptographic proofs in the Coq proof assistant. The original version of EasyCrypt featured a mechanism for compiling EasyCrypt scripts into CertiCrypt proofs. This mechanism is currently disabled. For additional information, visit the [ CertiCrypt? website]. CertiCrypt was developed actively from 2006 until
    1. Its latest stable version can be obtained from us upon request.
  • ZKCrypt is a cryptographic compiler that outputs Java and C implementations of zero-knowledge protocols from high-level specifications, together with EasyCrypt proofs of their correctness.
  • ZooCrypt? is an automated tool for analyzing the security of padding-based public-key encryption schemes (i.e. schemes built from trapdoor permutations and hash functions). ZooCrypt includes an experimental mechanism to generate EasyCrypt proofs of security of analyzed schemes.


Former members

  • Guido Genzone (U. Nacional de Rosario, Argentina)
  • Daniel Hedin (Chalmers University of Technology, Sweden)
  • Sylvain Heraud (Prove & Run)
  • Federico Olmedo (IMDEA Software Institute)
  • Anne Pacalet (SafeRiver)
  • Adrian Silveira (U. de la República, Uruguay)
  • Santiago Zanella-Béguelin (Microsoft Research)


The research is partially funded by ONR Grant N000141210914, Spanish project TIN2009-14599 DESAFIOS 10, and Madrid Regional project S2009TIC-1465 PROMETIDOS.