This paper addresses the challenge in formal verification of cryptographic protocols—balancing rigorous correctness proofs with cross-layer reusability. To this end, we propose Cryptis, the first verification framework for authentication protocols built upon Iris separation logic. Our approach comprises three key contributions: (1) designing the first separation logic specification tailored to authentication protocols, unifying the modeling of protocol behavior and security properties; (2) enabling hierarchical verification of protocols and their composed systems within the symbolic cryptographic model; and (3) conducting end-to-end formal verification in Coq of multiple classical authentication protocols and a key-value storage server, formally establishing confidentiality, integrity, and authentication. Crucially, Cryptis supports systematic reuse of verified components at the system level, thereby enhancing composability and trustworthiness of cryptographic modules.

We introduce Cryptis, an extension of the Iris separation logic that can be used to verify cryptographic components using the symbolic model of cryptography. The combination of separation logic and cryptographic reasoning allows us to prove the correctness of a protocol and later reuse this result to verify larger systems that rely on the protocol. To make this integration possible, we propose novel specifications for authentication protocols that allow agents in a network to agree on the use of system resources. We evaluate our approach by verifying various authentication protocols and a key-value store server that uses these authentication protocols to connect to clients. Our results are formalized in Coq.