Single-party semantics

The single-pary semantics class is parameterised by a language L and should establish how programs written in that language are animated as if they were being executed in a idealised way by a TTP.

Our single-party semantics formalisation is based on adversarial code, influenced by the UC model. Program evaluation is managed by an environment, that can provide inputs to the program being interpreted and also collect outputs at any time. Furthermore, the environment can request the evaluation of the program in a small-step basis. This evaluation is carried out by an adversary, that, at a high-level, models the inside behaviour of the environment inside the program execution.

The adversary has the possibility of requesting the execution of one program statement at a time. The semantics also contemplates the possibility of some side information sideInfo_t being leaked by the execution of language instructions.

Our EasyCrypt single-party semantics formalisation is based on the EasyCrypt’s module system, that allows the definition of signature types for procedures by using module type EasyCrypt structure.

Semantics interface

The semantics interface discloses 6 procedures:

  • init(P) - initialises the evaluation with initial program P

  • step - sequential semantics procedures, that executes one instruction of the program.

  • stepInput(x) - processes the input x provided by the environment

  • getOutput - releases output to the environment

module type Semantics = {
  proc init(P : L) : unit
  proc step() : sideInfo_t option
  proc setInput(x : secret_t) : bool
  proc getOutput() : secret_t option
}.

Environment interface

The environment semantics interface specifies how the environment interacts with the program evaluation. It discloses 3 procedures:

  • stepInput(x) - provides input x to the program semantics

  • getOutput - collects output from the program

  • activate - activates the adversary so that it can procede with the actual program evaluation.

module type EnvSemInterface = {
  proc setInput(x: secret_t): bool
  proc getOutput(): secret_t option
  proc activate(): sideInfo_t option
}.

The environment has oracle access to the environment semantics interface in order to animate some program via the animate procedure. To represent the output of some program animation, we enrich the formalisation with a special output_event_t type.

module type Environment (ESI: EnvSemInterface) = {
  proc animate(): output_event_t
}.

Adversary interface

The adversary semantics interface specifies how the adversary interacts with the program evaluation. It discloses 1 procedures: - step() - evaluates an instruction of the program

module type AdvSemInterface = {
  proc step(): sideInfo_t option
}.

The adversary has oracles access to the adversary semantics interface in order to execute one instruction of a program via the step procedure.

module type Adversary (ASI : AdvSemInterface) = {
  proc step() : sideInfo_t option
}.

General evaluation strategy

Armed with the structures previously defined, we can now construct a general evaluation strategy that executes any given program and that ends with the output event that is verified by the environment.

We start by specifying a concrete implementation of the environment semantics oracle that is parameterised by the concrete semantics of the program and by an adversary. This new module EnvironmentSemanticsInterface essentially defines all possible environment operations based on the concrete semantics of the program and based on the evaluation strategies disclosed by the adversary.

module EnvironmentSemanticsInterface (Sem : Semantics) (A : Adversary) = {
  proc init = Sem.init
  proc setInput(x: secret_t): bool = {
    var r;
    r <@ Sem.setInput(x);
    return r;
  }
  proc getOutput(): secret_t option = {
    var r;
    r <@ Sem.getOutput();
    return r;
  }
  proc activate(): sideInfo_t option = {
    var r;
    r <@ A(Sem).step();
    return r;
  }
}.

Finally, a program can be computed according to the generic procedure displayed bellow. It takes as input a program written in any language L, initialises the semantics module with the concrete program and then proceeds with the concrete program execution. It adopts as output the same output given to by the environment.

module Eval(Sem : Semantics, Z : Environment, A : Adversary) = {
  proc eval(P : L) = {
    var b;
    EnvironmentSemanticsInterface(Sem,A).init(P);
    b <@ Z(EnvironmentSemanticsInterface(Sem,A)).animate();
    return (b);
  }
}.