No Cover Image

Conference Paper/Proceeding/Abstract 880 views 64 downloads

Verification of Bitcoin Script in Agda using Weakest Preconditions for Access Control

Fahad F. Alhabardi Orcid Logo, Arnold Beckmann Orcid Logo, Bogdan Lazar, Anton Setzer Orcid Logo

27th International Conference on Types for Proofs and Programs (TYPES 2021), Volume: 239, Pages: 1:1 - 1:25

Swansea University Authors: Arnold Beckmann Orcid Logo, Anton Setzer Orcid Logo

  • 60178_VoR.pdf

    PDF | Version of Record

    © Fahad F. Alhabardi, Arnold Beckmann, Bogdan Lazar, and Anton Setzer; licensed under Creative Commons License CC-BY 4.0

    Download (829.9KB)

Abstract

This paper contributes to the verification of programs written in Bitcoin’s smart contract language script in the interactive theorem prover Agda. It focuses on the security property of access control for script programs that govern the distribution of Bitcoins. It advocates that weakest preconditio...

Full description

Published in: 27th International Conference on Types for Proofs and Programs (TYPES 2021)
ISBN: 978-3-95977-254-9
ISSN: 1868-8969
Published: Dagstuhl, Germany Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik 2022
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa60178
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract: This paper contributes to the verification of programs written in Bitcoin’s smart contract language script in the interactive theorem prover Agda. It focuses on the security property of access control for script programs that govern the distribution of Bitcoins. It advocates that weakest preconditions in the context of Hoare triples are the appropriate notion for verifying access control. It aims at obtaining human-readable descriptions of weakest preconditions in order to close the validation gap between user requirements and formal specification of smart contracts.As examples for the proposed approach, the paper focuses on two standard script programs that govern the distribution of Bitcoins, Pay to Public Key Hash (P2PKH) and Pay to Multisig (P2MS). The paper introduces an operational semantics of the script commands used in P2PKH and P2MS, which is formalised in the Agda proof assistant and reasoned about using Hoare triples. Two methodologies for obtaining human-readable descriptions of weakest preconditions are discussed:(1) a step-by-step approach, which works backwards instruction by instruction through a script, sometimes stepping over several instructions in one go;(2) symbolic execution of the code and translation into a nested case distinction, which allows to read off weakest preconditions as the disjunction of conjunctions of conditions along accepting paths.A syntax for equational reasoning with Hoare Triples is defined in order to formalise those approaches in Agda.
Keywords: Bitcoin; Agda; Verification; Hoare logic; Bitcoin script; P2PKH; P2MS; Access control; Weakest; precondition; Predicate transformer semantics; Provable correctness; Symbolic execution; Smart contracts
College: Faculty of Science and Engineering
Funders: Fahad F. Alhabardi: Supported by Saudi Arabia Cultural Bureau in London. Anton Setzer: Supported by COST actions CA20111 EuroProofNet and CA15123 EU Types.
Start Page: 1:1
End Page: 1:25