Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Formal verification #6

Open
mratsim opened this issue Feb 8, 2020 · 6 comments
Open

Formal verification #6

mratsim opened this issue Feb 8, 2020 · 6 comments
Labels
constant time ⏳ Enhancement is suitable for secret data correctness 🛂

Comments

@mratsim
Copy link
Owner

mratsim commented Feb 8, 2020

Given that Constantine aims to be used for elliptic curve cryptographic, it is required to be proved bug-free.

Traditional model checker like TLA+ or Spin are more suited to formally distributed consensus protocols or concurrent data structures.

However the Galois companies offer SAW, a formal verifier that supports C and is used to AES, SHA and ECDSA formal verification: https://saw.galois.com/, it is based on Z3 https://github.com/GaloisInc/saw-script

@mratsim
Copy link
Owner Author

mratsim commented Feb 9, 2020

Nice PDF presented at Black Hat conference 2015 on finding BigNum vulnerabilities: https://comsecuris.com/slides/slides-bignum-bhus2015.pdf

@mratsim
Copy link
Owner Author

mratsim commented Feb 23, 2020

Formally verified crypto code generated from Coq.

Thesis: http://adam.chlipala.net/theses/andreser_meng.pdf
Crafting Certified Elliptic CurveCryptography Implementations in Coq

Paper: http://adam.chlipala.net/papers/FiatCryptoSP19/FiatCryptoSP19.pdf

Repo: https://github.com/mit-plv/fiat-crypto

@mratsim
Copy link
Owner Author

mratsim commented Jun 19, 2020

Using Z3 for formally verifying bignum implementation and example on an OpenSSL CVE: https://kryptoslogic.blogspot.com/2015/01/openssls-squaring-bug-and-opportunistic.html

Also: http://crypto.di.uminho.pt/CACE/ from the paper: Practical realisation and elimination of an ECC-related software bug attack. https://eprint.iacr.org/2011/633.pdf

@mratsim
Copy link
Owner Author

mratsim commented Jan 12, 2021

Formally verified crypto assembly primitives using Dafny (and Z3): https://project-everest.github.io/assets/vale2017.pdf

@mratsim
Copy link
Owner Author

mratsim commented Aug 6, 2022

Using Why3

https://eprint.iacr.org/2021/415.pdf - Efficient Verification of Optimized Code Correct High-speed X25519

Frama-C which inspired Dr.Nim uses Why3 in the backend.

@mratsim
Copy link
Owner Author

mratsim commented Apr 26, 2023

Cryptoline can verify assembler for cryptography:

It works directly on the compiler internal representation (Gimple for GCC, LLVM IR for LLVM)

Jasmin can generate formally-verified assembly:

Like Vale, it also uses Dafny+Z3 for formal verification and the Jasmin compiler itself is written in Coq.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
constant time ⏳ Enhancement is suitable for secret data correctness 🛂
Projects
None yet
Development

No branches or pull requests

1 participant