52 Hits in 3.4 sec

Vale: Verifying High-Performance Cryptographic Assembly Code Vale: Verifying High-Performance Cryptographic Assembly Code

Barry Bond, Chris Hawblitzel, Rustan, M Leino, Jacob Lorch, Barry Bond, Chris Hawblitzel, Manos Kapritsos, K Rustan, M Leino, Jacob Lorch, Bryan Parno (+4 others)
Proceedings of the 26th USENIX Security Symposium   unpublished
We introduce a new programming language and tool called Vale that supports flexible, automated verification of high-performance assembly code.  ...  High-performance cryptographic code often relies on complex hand-tuned assembly language that is cus-tomized for individual hardware platforms. Such code is difficult to understand or analyze.  ...  Conclusions and Future Work Vale is our programming language and tool for writing and proving properties of high-performance cryptographic assembly code.  ... 

Vale: Verifying High-Performance Cryptographic Assembly Code

Barry Bond, Chris Hawblitzel, Manos Kapritsos, K Rustan, M Leino, Jacob Lorch, Bryan Parno, Ashay Rane, Srinath Setty, Laure Thompson
Cryptographic Implementation Requirements 16 Fast Fast Code generated by Vale matches or exceeds OpenSSL's performance.  ...  High Performance Code generated by Vale matches or exceeds OpenSSL's performance. Step 1: Developer marks regs and mem that contain non-secret information.  ... 

A verified, efficient embedding of a verifiable assembly language

Aymeric Fromherz, Nick Giannarakis, Chris Hawblitzel, Bryan Parno, Aseem Rastogi, Nikhil Swamy
2019 Proceedings of the ACM on Programming Languages (PACMPL)  
High-performance cryptographic libraries often mix code written in a high-level language with code written in assembly.  ...  Prior work on Vale [Bond et al. 2017 ] simply translated Vale code into Dafny code and let Dafny generate VCs, which led to large, inefficient VCs that were slow to verify.  ...  code produced from Vale/F ⋆ , stimulating discussions, and useful feedback.  ... 
doi:10.1145/3290376 fatcat:efyxpus7t5agxeprumtxyfdvhy

The Application of Formal Methods to Real-World Cryptographic Algorithms, Protocols, and Systems

Nicky Mouha, Asmaa Hailane
2021 Computer  
portability and verify assembly code or sacrifice some performance and verify portable C code.  ...  Projects such as Vale 9 and Jasmin 5 have been used to build and verify assembly code for cryptographic algorithms that are faster than unverified crypto.  ... 
doi:10.1109/mc.2020.3033613 fatcat:qsrdehgerbakbibfkp7jpvx5wa

Practical Formal Methods for Real World Cryptography (Invited Talk)

Karthikeyan Bhargavan, Prasad Naldurg, Michael Wagner
2019 Foundations of Software Technology and Theoretical Computer Science  
We describe a tool chain and framework based on the F * programming language to formally specify, verify and compile high-performance cryptographic software that is secure by design.  ...  Cryptographic algorithms, protocols, and applications are difficult to implement correctly, and errors and vulnerabilities in their code can remain undiscovered for long periods before they are exploited  ...  To further improve the performance of HACL * code, we are building a cryptographic provider called EverCrypt that combines verified C code from HACL * with verified assembly code from the Vale project  ... 
doi:10.4230/lipics.fsttcs.2019.1 dblp:conf/fsttcs/BhargavanN19 fatcat:uyj2x66q5rcr5ns6zidmsto7yi

The Last Mile: High-Assurance and High-Speed Cryptographic Implementations [article]

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin Grégoire, Adrien Koutsos, Vincent Laporte, Tiago Oliveira, Pierre-Yves Strub
2019 arXiv   pre-print
Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as hand-written assembly.  ...  We illustrate ur approach using ChaCha20-Poly1305, one of the mandatory ciphersuites in TLS 1.3, and deliver formally verified vectorized implementations which outperform the fastest non-verified code.  ...  For Poly1305 we compare both to HACL and to nonvectorized OpenSSL code verified in the Vale framework [15] (here the comparison is assembly to assembly and so it is precise).  ... 
arXiv:1904.04606v1 fatcat:6faifycmbrcfjaaudfj2wo3pp4


José Bacelar Almeida, Pierre-Yves Strub, Manuel Barbosa, Gilles Barthe, Arthur Blot, Benjamin Grégoire, Vincent Laporte, Tiago Oliveira, Hugo Pacheco, Benedikt Schmidt
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
Jasmin is a framework for developing high-speed and high-assurance cryptographic software. The framework is structured around the Jasmin programming language and its compiler.  ...  The compiler is designed to achieve predictability and efficiency of the output code (currently limited to x64 platforms), and is formally verified in the Coq proof assistant.  ...  In contrast to Jasmin, the Vale compiler is not verified: all verification is performed on the generated annotated assembly. Almeida et al.  ... 
doi:10.1145/3133956.3134078 dblp:conf/ccs/AlmeidaBBBGLOPS17 fatcat:vyxyeu3mtvff7bsios5hdfj5se


Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
, and between 3x-5x of hand-optimized assembly code.  ...  The F * source code is verified for side-channel mitigations, memory safety, and functional correctness with respect to succinct high-level specifications derived from the standard specification for each  ...  Vale [23] has been used to verify X86 assembly code for SHA-256 using Dafny.  ... 
doi:10.1145/3133956.3134043 dblp:conf/ccs/ZinzindohoueBPB17 fatcat:wjkvswbkhnbshosolqpgbwrify

Efficient Verification of Optimized Code: Correct High-speed X25519 [article]

Marc Schoolderman, Jonathan Moerman, Sjaak Smetsers, Marko van Eekelen
2021 arXiv   pre-print
We have formally verified such code: a library which implements elliptic curve cryptography on 8-bit AVR microcontrollers.  ...  It consists of over 3000 lines of assembly instructions. Building on earlier work, we use the Why3 platform to model the code and prove verification conditions, using automated provers.  ...  We would also like to verify the compiler-generated assembly code of routines verified at a higher level (such as in Section 5), by translating high-level specifications to the assembly level.  ... 
arXiv:2012.09919v2 fatcat:ghw6tow2bne4xnbaqdjfuzzmq4

Zero-cost meta-programmed stateful functors in F* [article]

Jonathan Protzenko, Son Ho
2021 arXiv   pre-print
library, without compromising performance.  ...  Nowhere is this issue more evident than in the context of verified cryptographic libraries.  ...  These projects all produce verified C or assembly code.  ... 
arXiv:2102.01644v2 fatcat:qszlnhnrabdtzdwf3mycfuae7i

hacspec: Towards Verifiable Crypto Standards [chapter]

Karthikeyan Bhargavan, Franziskus Kiefer, Pierre-Yves Strub
2018 Lecture Notes in Computer Science  
Online Materials. hacspec source code: hacspec builtin library documentation: hacspec/docs/ hacspec mailing list:  ...  Vale can be used to verify assembly implemenations of cryptography against specifications written in Dafny or F [10] .  ...  Fiat-Crypto generates efficient verified C code for field arithmetic from high-level specifications embedded in Coq [15] .  ... 
doi:10.1007/978-3-030-04762-7_1 fatcat:cyrp57knjrfmvmvyt2d7qvox44


Andrew Ferraiuolo, Andrew Baumann, Chris Hawblitzel, Bryan Parno
2017 Proceedings of the 26th Symposium on Operating Systems Principles - SOSP '17  
We show that the approach is practical and performant with a concrete implementation of a prototype in verified assembly code on ARM TrustZone.  ...  The monitor's correctness is ensured by a machine-checkable proof of both functional correctness and high-level security properties of enclave integrity and confidentiality.  ...  Mitigations exist, but (at a minimum) they require recompilation of enclave code, prevent use of dynamic paging, and carry a high performance cost [77, 78] .  ... 
doi:10.1145/3132747.3132782 dblp:conf/sosp/FerraiuoloBHP17 fatcat:wsua4s3a3nb4dcgtyfpzjtbqki

CT-wasm: type-driven secure cryptography for the web ecosystem

Conrad Watt, John Renner, Natalie Popescu, Sunjay Cauligi, Deian Stefan
2019 Proceedings of the ACM on Programming Languages (PACMPL)  
We present Constant-Time WebAssembly (CT-Wasm), a type-driven strict extension to WebAssembly which facilitates the verifiably secure implementation of cryptographic algorithms.  ...  CT-Wasm's type system ensures that code written in CT-Wasm is both information flow secure and resistant to timing side channel attacks; like base Wasm, these guarantees are verifiable in linear time.  ...  Vale [Bond et al. 2017] and Jasmin [Almeida et al. 2017 ] are structured assembly languages targeting high-performance cryptography, and have verification systems to prove freedom from side-channels  ... 
doi:10.1145/3290390 fatcat:s4k7fhddrvdzhgfqkunhojgirm

FaCT: a DSL for timing-sensitive computation

Sunjay Cauligi, Deian Stefan, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala
2019 Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation - PLDI 2019  
Vale [21] and Jasmin [3] are DSLs for writing and verifying high-performance assembly code.  ...  Vale developers write platform-independent assembly code and specify the target architecture; the Vale compiler uses Dafny to verify semantics and non-interference.  ...  B User study The user study enabled 77 people to write programs with FaCT; in doing so, we wanted to know: what did participants struggle with when writing FaCT code?  ... 
doi:10.1145/3314221.3314605 dblp:conf/pldi/CauligiSJBWRGBJ19 fatcat:2ildtv2lx5fh5plm7vt2hwwit4

Verifying constant-time implementations by abstract interpretation

Sandrine Blazy, David Pichardie, Alix Trieu
2019 Journal of Computer Security  
Vale [39] is a tool for producing verified cryptographic assembly code.  ...  Users write code in the Vale language which is similar to assembly, and then add a functional specification of the code in Dafny [40] , an automatic program verifier.  ... 
doi:10.3233/jcs-181136 fatcat:bwmih55tzravnath74fwwi3tpy
« Previous Showing results 1 — 15 out of 52 results