Automated Proofs of Block Cipher Modes of Operation

We present a Hoare logic for proving semantic security and determining exact security bounds of a block cipher mode of operation. We propose a simple yet expressive programming language to specify encryption modes, semantic functions for each command (statement) in the language, an assertion language that allows to state predicates and axioms, and rules to propagate the predicates through the commands of a program. We also provide heuristics for finding loop invariants that are necessary for the application of our rule on for-loops. This enables us to prove the security of protocols that take arbitrary length messages as input. We implemented a prototype that uses this logic to automatically prove the security of block cipher modes of operation. This prototype can prove the security of many standard modes of operation, such as Cipher Block Chaining (CBC), Cipher FeedBack mode (CFB), Output FeedBack (OFB), and CounTeR mode (CTR).