Cryptographic types

Abstract

Cryptographic types are a way to express cryptographic guarantees (of secrecy and integrity) in a type system for a network programming language. This allows some of these guarantees to be checked statically, before a network program executes. Where dynamic checks are required, these are represented at the source language level as dynamic type-checking, and are translated by the compiler to lower level cryptographic operations. Static checking avoids the unnecessary overhead of run-time cryptographic operations where communication is through a trusted medium (e.g. the OS kernel, or a trusted subnet), and also provides static guarantees of the reliability of a network application. Cryptographic types can also be used to build application-specific security protocols, where type-checking in the lower layers of the protocol stack verifies security properties for upper layers. Cryptographic types are described formally using a process calculus, the ec-calculus. Correctness is verified for a scheme for compiling type operations to cryptographic operations.