A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol

Abstract : WireGuard is a free and open source Virtual Private Network (VPN) that aims to replace IPsec and OpenVPN. It is based on a new cryptographic protocol derived from the Noise Protocol Framework. This paper presents the first mechanised cryptographic proof of the protocol underlying WireGuard, using the CryptoVerif proof assistant. We analyse the entire WireGuard protocol as it is, including transport data messages, in an ACCE-style model. We contribute proofs for correctness, message secrecy, forward secrecy, mutual authentication, session uniqueness, and resistance against key compromise impersonation, identity mis-binding, and replay attacks. We also discuss the strength of the identity hiding provided by WireGuard. Our work also provides novel theoretical contributions that are reusable beyond WireGuard. First, we extend CryptoVerif to account for the absence of public key validation in popular Diffie-Hellman groups like Curve25519, which is used in many modern protocols including WireGuard. To our knowledge, this is the first mechanised cryptographic proof for any protocol employing such a precise model. Second, we prove several indifferentiability lemmas that are useful to simplify the proofs for sequences of key derivations.
Document type :
Reports
Complete list of metadatas

https://hal.inria.fr/hal-02100345
Contributor : Bruno Blanchet <>
Submitted on : Monday, April 15, 2019 - 5:38:10 PM
Last modification on : Tuesday, April 30, 2019 - 4:39:02 PM

File

RR-9269.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02100345, version 1

Collections

Citation

Benjamin Lipp, Bruno Blanchet, Karthikeyan Bhargavan. A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol. [Research Report] RR-9269, Inria Paris. 2019, pp.45. ⟨hal-02100345⟩

Share

Metrics

Record views

23422

Files downloads

4954