License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.TYPES.2021.1
URN: urn:nbn:de:0030-drops-167704
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2022/16770/
Go to the corresponding LIPIcs Volume Portal

Alhabardi, Fahad F. ; Beckmann, Arnold ; Lazar, Bogdan ; Setzer, Anton

Verification of Bitcoin Script in Agda Using Weakest Preconditions for Access Control

pdf-format:
LIPIcs-TYPES-2021-1.pdf (0.8 MB)

Abstract

This paper contributes to the verification of programs written in Bitcoin’s smart contract language script in the interactive theorem prover Agda. It focuses on the security property of access control for script programs that govern the distribution of Bitcoins. It advocates that weakest preconditions in the context of Hoare triples are the appropriate notion for verifying access control. It aims at obtaining human-readable descriptions of weakest preconditions in order to close the validation gap between user requirements and formal specification of smart contracts.
As examples for the proposed approach, the paper focuses on two standard script programs that govern the distribution of Bitcoins, Pay to Public Key Hash (P2PKH) and Pay to Multisig (P2MS). The paper introduces an operational semantics of the script commands used in P2PKH and P2MS, which is formalised in the Agda proof assistant and reasoned about using Hoare triples. Two methodologies for obtaining human-readable descriptions of weakest preconditions are discussed: (1) a step-by-step approach, which works backwards instruction by instruction through a script, sometimes grouping several instructions together; (2) symbolic execution of the code and translation into a nested case distinction, which allows to read off weakest preconditions as the disjunction of conjunctions of conditions along accepting paths. A syntax for equational reasoning with Hoare Triples is defined in order to formalise those approaches in Agda.

BibTeX - Entry

@InProceedings{alhabardi_et_al:LIPIcs.TYPES.2021.1,
  author =	{Alhabardi, Fahad F. and Beckmann, Arnold and Lazar, Bogdan and Setzer, Anton},
  title =	{{Verification of Bitcoin Script in Agda Using Weakest Preconditions for Access Control}},
  booktitle =	{27th International Conference on Types for Proofs and Programs (TYPES 2021)},
  pages =	{1:1--1:25},
  series =	{Leibniz International Proceedings in Informatics (LIPIcs)},
  ISBN =	{978-3-95977-254-9},
  ISSN =	{1868-8969},
  year =	{2022},
  volume =	{239},
  editor =	{Basold, Henning and Cockx, Jesper and Ghilezan, Silvia},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/opus/volltexte/2022/16770},
  URN =		{urn:nbn:de:0030-drops-167704},
  doi =		{10.4230/LIPIcs.TYPES.2021.1},
  annote =	{Keywords: Blockchain, Cryptocurrency, Bitcoin, Agda, Verification, Hoare logic, Bitcoin Script, P2PKH, P2MS, Access control, Weakest precondition, Predicate transformer semantics, Provable correctness, Symbolic execution, Smart contracts}
}

Keywords: Blockchain, Cryptocurrency, Bitcoin, Agda, Verification, Hoare logic, Bitcoin Script, P2PKH, P2MS, Access control, Weakest precondition, Predicate transformer semantics, Provable correctness, Symbolic execution, Smart contracts
Collection: 27th International Conference on Types for Proofs and Programs (TYPES 2021)
Issue Date: 2022
Date of publication: 04.08.2022
Supplementary Material: Software (Agde Source Code): https://github.com/fahad1985lab/Smart--Contracts--Verification--With--Agda archived at: https://archive.softwareheritage.org/swh:1:dir:f552dd7468ce4fa08c193e2016b6c0e7580f1791

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI