Efficient Verification of Optimized Code: Correct High-speed Curve25519

by   Marc Schoolderman, et al.

Code that is highly optimized poses a problem for program-level verification. Programmers can employ various clever tricks that are non-trivial to reason about. For cryptography on low-power devices, it is nonetheless crucial that implementations be functionally correct, secure, and efficient. These are usually crafted in hand-optimized machine code that eschew conventional control flow as much as possible. We have formally verified such code: a library which implements elliptic curve cryptography on 8-bit AVR microcontrollers. The chosen implementation is the most efficient currently known for this microarchitecture. It consists of over 3000 lines of assembly instructions. Building on earlier work, we use the Why3 platform to model the code and generate verification conditions, which are proven using automated provers. The approach is re-usable and adaptable, and allows for validation. Furthermore, an error in the original implementation was found and corrected, at the same time reducing its memory footprint. This shows that practical verification of cutting-edge code is not only possible, but can in fact add to its efficiency – and is clearly necessary.


page 1

page 2

page 3

page 4


The Last Mile: High-Assurance and High-Speed Cryptographic Implementations

We develop a new approach for building cryptographic implementations. Ou...

Set It and Forget It! Turnkey ECC for Instant Integration

Historically, Elliptic Curve Cryptography (ECC) is an active field of ap...

Securing Optimized Code Against Power Side Channels

Side-channel attacks impose a serious threat to cryptographic algorithms...

Verified Implementation of an Efficient Term-Rewriting Algorithm for Multiplier Verification on ACL2

Automatic and efficient verification of multiplier designs, especially t...

Secured Wireless Communication using Fuzzy Logic based High Speed Public-Key Cryptography (FLHSPKC)

In this paper secured wireless communication using fuzzy logic based hig...

Wavelet: Code-based postquantum signatures with fast verification on microcontrollers

This work presents the first full implementation of Wave, a postquantum ...

Verification of the Tree-Based Hierarchical Read-Copy Update in the Linux Kernel

Read-Copy Update (RCU) is a scalable, high-performance Linux-kernel sync...