Internet Archive Scholar

Verified Correctness and Security of mbedTLS HMAC-DRBG

Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (732.3 kB)
https://web.archive.org/web/20170916234136/http://www.cs.princeton.edu/~appel/papers/verified-hmac-drbg.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Other Versions

2017 pre-print
arXiv:1708.08542v1 fatcat:jdo2clillvcxxmcwc7tjfkr43u
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security--that its output is pseudorandom--using a hybrid game-based proof. We have also proved that the mbedTLS implementation (C program) correctly implements this functional specification. That proof composes with an existing C compiler correctness proof to guarantee, end-to-end, that the machine language program gives strong pseudorandomness. All proofs (hybrid games, C program
more » ... erification, compiler, and their composition) are machine-checked in the Coq proof assistant. Our proofs are modular: the hybrid game proof holds on any implementation of HMAC-DRBG that satisfies our functional specification. Therefore, our functional specification can serve as a high-assurance reference.
doi:10.1145/3133956.3133974 dblp:conf/ccs/YeGSBPA17 fatcat:ob5xnocvrvc2vftmnv73bwrc3i
Multiple Versions
Citation

Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel. "Verified Correctness and Security of mbedTLS HMAC-DRBG." Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17 (2017) 2007-2020