To build and run Owl, you need
ghc in your
PATH. You can use ghcup to install them.
Additionally, you need the Z3 Prover installed
and in your
PATH; binary releases are here. Owl has been tested with Z3 version
To build and run, type
cabal run owl.
Owl currently features a prototype extraction mechanism generating safe Rust code. To use it, you will need Rust (including
rustfmt) installed and in your
Suppose you want to extract the protocol in
protocol.owl, which contains localities
charlie. The steps are as follows:
cabal run owl -- -e path/to/protocol.owl
This should print
Successfully extracted to file extraction/src/main.rs
cargo run -- config .
This should output one
.owl_configfile for each of the localities in the protocol (in this example,
loc_charlie.owl_config). These files contain all the pre-initialized names for the protocol (such as pre-shared symmetric keys, public keys for other localities, shared salt for the KDF, etc).
- Open one shell for each of the localities in the protocol (in this example, three shells). In all of them,
- In each of the shells, run
cargo run -- run LOCALITY PATH-TO-LOCALITY-CONFIG. In this example, you would run:
- Shell 1:
cargo run -- run alice loc_alice.owl_config
- Shell 2:
cargo run -- run bob loc_bob.owl_config
- Shell 3:
cargo run -- run charlie loc_charlie.owl_config
These should all be started within 5 seconds of each other. The extraction harness waits 5 seconds before beginning execution of the locality; this is to ensure that the user has time to start the other localities. Otherwise, the protocol code may fail because another locality's TCP socket is not ready to receive yet.
- Shell 1:
- You should see the return values of each of the localities printed in their corresponding shells.
Add the following to your vimrc:
$OWL_HOME is set accordingly.
vscode/README.md for details.
Joshua Gancher, Sydney Gibson, Pratap Singh, Samvid Dharanikota, & Bryan Parno. (2023). Owl: Compositional Verification of Security Protocols via an Information-Flow Type System.
Supported Cryptographic Operations
Owl currently supports the following cryptographic primitives:
- Authenticated Symmetric Encryption (e.g., ChaCha20-Poly1305, or AES-GCM)
- CCA-secure PKE (e.g., RSA with OAEP)
- Message Authentication Codes (e.g., HMAC)
- Digital Signatures (e.g., RSA siagnatures)
- Diffie-Hellman Key Exchange
- HKDF for key derivations
- Unique Nonces for checking equality