Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cleanup: stop relying on label injectivity #66

Merged
merged 1 commit into from
Oct 15, 2024
Merged

cleanup: stop relying on label injectivity #66

merged 1 commit into from
Oct 15, 2024

Conversation

TWal
Copy link
Collaborator

@TWal TWal commented Sep 24, 2024

Builds on #65.

In many proofs, we rely on the injectivity of principal_label, via the pattern

pred = (fun tr pk msg ->
  exists prin. get_sk_label pk == principal_label prin /\
  ... // something that involves `prin`
);

Because of the injectivity of principal_label if we know that get_sk_label pk == principal_label "Alice", then we can use the predicate above with prin == "Alice". This is done in both NSL and ISO-DH.

I now believe that this is more a hack than an actual feature: the labels are used to prove that two keys are distinct (the private key of Alice and the private key of Bob), whereas the goal of labels is initially to prove secrecy.
Proving that two keys are distinct is the role of usages: we already use them to prove that two keys in distinct protocols are distinct (via the "usage tag", e.g. "NSL.PublicKey"), we can also use them to prove that Alice's key is distinct from Bob's key.
This PR uses the "usage data" to store the principal owning the key.

@TWal TWal requested a review from a team as a code owner September 24, 2024 19:24
@TWal
Copy link
Collaborator Author

TWal commented Sep 24, 2024

Forgot to mention, this will be useful in #60 where we currently have assumes in the places we needed label injectivity (because we use more fancy labels than just principal_label), and this will also be useful in another future PR that reworks usages.

@TWal TWal mentioned this pull request Sep 25, 2024
Merged
@TWal TWal mentioned this pull request Oct 10, 2024
Merged
qaphla
qaphla previously approved these changes Oct 14, 2024
View reviewed changes
Copy link

@qaphla qaphla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cleanup changes look overall good to me.

@qaphla qaphla mentioned this pull request Oct 14, 2024
Merged
Base automatically changed from twal/pki_and_private_keys_cleanup to main October 15, 2024 07:35
@TWal TWal dismissed qaphla’s stale review October 15, 2024 07:35

The base branch was changed.

@TWal TWal merged commit d4cd759 into main Oct 15, 2024
1 check passed
@TWal TWal deleted the twal/no_label_injectivity branch October 15, 2024 08:33
@TWal
Copy link
Collaborator Author

TWal commented Oct 15, 2024

(merged, the force-push didn't change the code, you can check that git diff e27024b..0b303e7 is empty)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qaphla qaphla qaphla left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TWal @qaphla