Skip to Main content Skip to Navigation
New interface
Reports (Research report)

Composition Theorems for CryptoVerif and Application to TLS 1.3

Abstract : We present composition theorems for security protocols, to compose a key exchange protocol and a symmetric-key protocol that uses the exchanged key. Our results rely on the computational model of cryptography and are stated in the framework of the tool CryptoVerif. They support key exchange protocols that guarantee injective or non-injective authentication. They also allow random oracles shared between the composed protocols. To our knowledge, they are the first composition theorems for key exchange stated for a computational protocol verification tool, and also the first to allow such flexibility. As a case study, we apply our composition theorems to a proof of TLS 1.3 Draft-18. This work fills a gap in a previous paper that informally claims a compositional proof of TLS 1.3, without formally justifying it.
Document type :
Reports (Research report)
Complete list of metadata

Cited literature [37 references]  Display  Hide  Download
Contributor : Bruno Blanchet Connect in order to contact the contributor
Submitted on : Thursday, April 12, 2018 - 10:46:45 AM
Last modification on : Wednesday, October 26, 2022 - 8:14:59 AM


Files produced by the author(s)


  • HAL Id : hal-01764527, version 1



Bruno Blanchet. Composition Theorems for CryptoVerif and Application to TLS 1.3. [Research Report] RR-9171, Inria Paris. 2018, pp.67. ⟨hal-01764527⟩



Record views


Files downloads