Secure and trusted white-box verification

Abstract

Verification is the process of checking whether a product has been implemented according to its prescribed specifications. We study the case of a designer (the developer) that needs to verify its design by a third party (the verifier), by making publicly available a limited amount of information about the design, namely a diagram of interconnections between the different design components, but not the components themselves or the intermediate values passed between components. We formalize this notion of limited information using tabular expressions as the description method for both the specifications and the design. Treating verification as a process akin to testing, we develop protocols that allow for the design to be verified on a set of inputs generated by the verifier, using any test-case generating algorithm that can take advantage of this extra available information (partially white-box testing), and without compromising the developer's secret information. Our protocols work with both trusted and untrusted developers, and allow for the checking of the correctness of the verification process itself by any third party, and at any time.