The Last Mile: High-Assurance and High-Speed Cryptographic Implementations

by   José Bacelar Almeida, et al.

We develop a new approach for building cryptographic implementations. Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as hand-written assembly. We illustrate ur approach using ChaCha20-Poly1305, one of the mandatory ciphersuites in TLS 1.3, and deliver formally verified vectorized implementations which outperform the fastest non-verified code. We realize our approach by combining the Jasmin framework, which offers in a single language features of high-level and low-level programming, and the EasyCrypt proof assistant, which offers a versatile verification infrastructure that supports proofs of functional correctness and equivalence checking. Neither of these tools had been used for functional correctness before. Taken together, these infrastructures empower programmers to develop efficient and verified implementations by "game hopping", starting from reference implementations that are proved functionally correct against a specification, and gradually introducing program optimizations that are proved correct by equivalence checking. We also make several contributions of independent interest, including a new and extensible verified compiler for Jasmin, with a richer memory model and support for vectorized instructions, and a new embedding of Jasmin in EasyCrypt.


page 1

page 2

page 3

page 4


Efficient Verification of Optimized Code: Correct High-speed Curve25519

Code that is highly optimized poses a problem for program-level verifica...

Verified Functional Programming of an Abstract Interpreter

Abstract interpreters are complex pieces of software: even if the abstra...

FunTAL: Reasonably Mixing a Functional Language with Assembly

We present FunTAL, the first multi-language system to formalize safe int...

Animated Logic: Correct Functional Conversion to Conjunctive Normal Form

We present an approach to obtain formally verified implementations of cl...

Accelerating Verified-Compiler Development with a Verified Rewriting Engine

Compilers are a prime target for formal verification, since compiler bug...

Overcoming Restraint: Modular Refinement using Cogent's Principled Foreign Function Interface

Cogent is a restricted functional language designed to reduce the cost o...

Zero-cost meta-programmed stateful functors in F*

Writing code is hard; proving it correct is even harder. As the scale of...

Please sign up or login with your details

Forgot password? Click here to reset