HACLxN: Verified Generic SIMD Crypto (for all your favourite platforms)

Polubelova, Marina; Bhargavan, Karthikeyan; Protzenko, Jonathan; Beurdouche, Benjamin; Fromherz, Aymeric; Kulatova, Natalia; Zanella-Béguelin, Santiago

doi:10.1145/3372297.3423352

Cited by 12 publications

(3 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A set of distinguished types, combinators and libraries provides users with workingtools to operate on mutable arrays, machine integers, const pointers, and so on. Low* has been used for cryptographic libraries [26], [30], providers [15], protocol record layers [31], [32] and parsers [14].…”

Section: Implementing a Noise Compiler In Low*mentioning

confidence: 99%

Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations

Protzenko

Bichhawat

et al. 2022

2022 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

The Noise protocol framework defines a succinct notation and execution framework for a large class of 59+ secure channel protocols, some of which are used in popular applications such as WhatsApp and WireGuard. We present a verified implementation of a Noise protocol compiler that takes any Noise protocol, and produces an optimized C implementation with extensive correctness and security guarantees. To this end, we formalize the complete Noise stack in F*, from the low-level cryptographic library to a high-level API. We write our compiler also in F*, prove that it meets our formal specification once and for all, and then specialize it on-demand for any given Noise protocol, relying on a novel technique called hybrid embedding. We thus establish functional correctness, memory safety and a form of side-channel resistance for the generated C code for each Noise protocol. We propagate these guarantees to the high-level API, using defensive dynamic checks to prevent incorrect uses of the protocol. Finally, we formally state and prove the security of our Noise code, by building on a symbolic model of cryptography in F*, and formally link high-level API security goals stated in terms of security levels to low-level cryptographic guarantees. Ours are the first comprehensive verification results for a protocol compiler that targets C code and the first verified implementations of any Noise protocol. We evaluate our framework by generating implementations for all 59 Noise protocols and by comparing the size, performance, and security of our verified code against other (unverified) implementations and prior security analyses of Noise.

show abstract

Section: Implementing a Noise Compiler In Low*mentioning

confidence: 99%

Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations

Protzenko

Bichhawat

et al. 2022

2022 IEEE Symposium on Security and Privacy (SP)

Self Cite

View full text Add to dashboard Cite

show abstract

“…High-assurance cryptography. Many tools have been used to verify functional correctness (and memory safety, if applicable) [28], [29], [30], [31], [32], [33], [34], [35], [36], [37], [38] and constant-time [39], [40], [41], [42], [43], [44], [45], [46], [47], [48], [35], [49] for cryptographic code, including for ChaCha20/Poly1305 [35], [36], [50], [51], [52], [8], [9], [53], [11]. We refer readers to the survey by Barbosa et al [1] for a detailed systematization of high-assurance cryptography tools and applications.…”

Section: Spectre-pht (Input Validation Bypassmentioning

confidence: 99%

High-Assurance Cryptography in the Spectre Era

Barthe

Cauligi

Grégoire

et al. 2021

2021 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

High-assurance cryptography leverages methods from program verification and cryptography engineering to deliver efficient cryptographic software with machine-checked proofs of memory safety, functional correctness, provable security, and absence of timing leaks. Traditionally, these guarantees are established under a sequential execution semantics. However, this semantics is not aligned with the behavior of modern processors that make use of speculative execution to improve performance. This mismatch, combined with the high-profile Spectre-style attacks that exploit speculative execution, naturally casts doubts on the robustness of high-assurance cryptography guarantees. In this paper, we dispel these doubts by showing that the benefits of high-assurance cryptography extend to speculative execution, costing only a modest performance overhead. We build atop the Jasmin verification framework an end-to-end approach for proving properties of cryptographic software under speculative execution, and validate our approach experimentally with efficient, functionally correct assembly implementations of ChaCha20 and Poly1305, which are secure against both traditional timing and speculative execution attacks.[5], [6], [7], [10] either consider weaker threat models or are not proven sound). Following an established approach, our method is decomposed into two steps: (i) check that the program does not perform illegal memory accesses under

show abstract

“…We will discuss the verification and compilation methodology used by HACL* to generate portable C code for each cryptographic algorithm [5]. We will see how this methodology can be extended to generate verified C code optimized for singleinstruction-multiple-data (SIMD) architectures [3]. We will also show how verified C code from HACL* can be safely composed with verified assembly code for improved performance [4].…”

Section: Karthikeyan Bhargavanmentioning

confidence: 99%

Progress in Cryptology – INDOCRYPT 2021

Kumaraswamy¹,

Vivek²

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

show abstract

HACLxN: Verified Generic SIMD Crypto (for all your favourite platforms)

Cited by 12 publications

References 17 publications

Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations

Noise: A Library of Verified High-Performance Secure Channel Protocol Implementations

High-Assurance Cryptography in the Spectre Era

Progress in Cryptology – INDOCRYPT 2021

Contact Info

Product

Resources

About