Privacy Preserving CTL Model Checking through Oblivious Graph Algorithms

Abstract

Model checking is the problem of verifying whether an abstract model $\mathcalM of a computational system meets a specification of behavior φ. We apply the cryptographic theory of secure multiparty computation (MPC) to model checking. With our construction, adversarial parties D and A holding $\mathcalM and φ respectively may check satisfaction --- notationally, whether $\mathcalM |= φ --- while maintaining privacy of all other meaningful information. Our protocol adopts oblivious graph algorithms to provide for secure computation of global explicit state model checking with specifications in Computation Tree Logic (CTL), and its design ameliorates the asymptotic overhead required by generic MPC schemes. We therefore introduce the problem of privacy preserving model checking (PPMC) and provide an initial step towards applicable and efficient constructions.