A Cryptographic Investigation of Secure Scuttlebutt
Abstract
Scuttlebutt is a framework for developing decentralized applications which can achieve scalability, availability and secure communications despite not requiring a central trusted party. The Scuttlebutt protocol describes three sub-protocols for its handshake, invite system and private messaging, all of which claim to achieve ambitious security goals.
We present a comprehensive analysis of the Scuttlebutt sub-protocols in the symbolic model using the automated verifier ProVerif, and the first computational proofs of Scuttlebutt’s security using the CryptoVerif proof assistant. We conclude by showing that the Scuttlebutt handshake can achieve its security guarantees in half the amount of message round-trips.
Oleksandra Lapiha did this work under the direction of Prof. Nadim Kobeissi. People interested in #crypto and #security using proofs should definitely check it out.
Links:
- github link
- the PDF as a blob: A Cryptographic Investigation of Secure Scuttlebutt