synchronous/nested-ratchets-artifact
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

second iteration

Browse Source
This commit is contained in:
Jake Ginesin
2025-09-15 00:04:30 -04:00
parent 53303ba86e
commit 618ce7c797
8 changed files with 1701 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -1,5 +1,7 @@
Formal Analysis of the Nested Ratchet Protocol, and Symbolic Formal Verification of Sender Keys, Signal, Megolm, Olm, 3DH, and X3DH. The main models are written in [ProVerif](https://en.wikipedia.org/wiki/ProVerif); additional supplementary models (extra from the main results described in the paper) are provided in [VerifPal](https://en.wikipedia.org/wiki/ProVerif)
**Note: this version of the artifact includes the post-quantum construction of sender keys present in Signal. For the original artifact at the time of submission, please see the first zenodo artifact version.**
# Environment Setup
1. Install the [nix package manager](https://nixos.org/download/)
2. Navigate to the current directory, and run `nix develop`. You will get dropped into a devshell with the correct versions of [ProVerif](https://en.wikipedia.org/wiki/ProVerif) and [VerifPal](https://verifpal.com/). Feel free to execute another shell (i.e. `zsh`) if you have something against `bash`.
@@ -13,8 +15,10 @@ Formal Analysis of the Nested Ratchet Protocol, and Symbolic Formal Verification
- `megolm.pv`: a composition of Megolm and Olm.
- `megolm-olm-unsigned.pv`: a composition of Megolm and Olm, where Olm pre-keys are unsigned. Demonstrates the first Megolm session.
- `sender-keys.pv`: a composition of fan-out layer session sharing and Signal. Includes secrecy, authentication, reachability, PCS, and PFS properties.
- `pq/pqxdh.pv`: a complete model of the Post-Quantum Extended Triple Diffie-Hellman handshake. Proving authentication, secrecy, forward secrecy, and quantum forward secrecy.
- `pq/signal.pv` and `pq/signal-pcs.pv`: a complete model of the Signal protocol, including PQXDH and Double Ratchet. Proving secrecy, authentication, forward secrecy, quantum forward secrecy, and post-compromise security.
The `deniability` folder includes both initiator deniability and responder undeniability results for 3dh, x3dh, olm, signal, and megolm.
The `deniability` folder includes both initiator deniability and responder undeniability results for 3dh, x3dh, olm, signal (with x3dh), and megolm. The `pq` folder includes initiator deniability and responder undeniability for signal with pqxdh.
# Notes on Proverif reachability
In each model, there exists several queries designed to ensure reachability and no deadlocks. First,