Type Checking Cryptography Implementations

Barbosa, Manuel; Moss, Andrew; Page, Daniel; Rodrigues, Nuno F.; Silva, Paulo F.

doi:10.1007/978-3-642-29320-7_21

Cited by 5 publications

(9 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, the size restrictions associated with matrix addition and multiplication are enforced by the type system. The same happens for operations involving bit strings, rings and finite fields, where the type system checks that operator inputs have matching lengths, moduli, etc.s The soundness of this type system has recently been established with respect to the semantics of CAO [19]. This result implies that a correctly typed CAO program can only give rise to a well-defined set of trapped errors.…”

Section: Deductive Verification Of Cao Programsmentioning

confidence: 99%

“…The language has been designed to allow the programmer to work over a syntax that is similar to that of C, whilst focusing on the aspects of cryptographic primitive implementation that are most critical for security and efficiency. A detailed specification of CAO can be found in [17,18]. AppendixA includes source code extracted from a CAO implementation of the NaCl crypography library.…”

Section: Deductive Verification Of Cao Programsmentioning

confidence: 99%

“…An implementation of a type-checker for CAO programs has been derived from the CAO type system formalisation [18]. Hence, we assume that the input CAO program has been type checked and that CAOVerif has access to an Abstract Syntax Tree (AST) annotated with the resulting type information.…”

Section: Deductive Verification Of Cao Programsmentioning

confidence: 99%

See 2 more Smart Citations

CAOVerif: An open-source deductive verification platform for cryptographic software implementations

Almeida

Barbosa

Filliâtre

et al. 2014

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

CAO is a domain-specific imperative language for cryptography, offering a rich mathematical type system and crypto-oriented language constructions. We describe the design and implementation of a deductive verification platform for CAO and demonstrate that the development time of such a complex verification tool could be greatly reduced by building on the Jessie plug-in included in the Frama-C framework. We discuss the interesting challenges raised by the domain-specific characteristics of CAO, and describe how we tackle these problems in our design. We base our presentation on real-world examples of CAO code, extracted from the open-source code of the NaCl cryptographic library, and illustrate how various cryptography-relevant security properties can be verified.

show abstract

Section: Deductive Verification Of Cao Programsmentioning

confidence: 99%

Section: Deductive Verification Of Cao Programsmentioning

confidence: 99%

See 1 more Smart Citation

CAOVerif: An open-source deductive verification platform for cryptographic software implementations

Almeida

Barbosa

Filliâtre

et al. 2014

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, the burden is still on the developer to write constant-time code, as qhasm has no notion of non-interference. CAO [Barbosa et al 2012] and Cryptol [Galois 2016] are higher-level DSLs for crypto implementations, but do not have verified non-interference guarantees.…”

Section: Related Workmentioning

confidence: 99%

“…FaCT [Cauligi et al 2017] is a high-level language that compiles to LLVM which it then verifies with ct-verif [Almeida et al 2016b]. CAO [Barbosa et al 2014[Barbosa et al , 2012 and Cryptol [Galois 2016] are high-level DSLs for crypto implementations, but do not have verified non-interference guarantees. All these efforts are complementary to our low-level approach.…”

Section: Related Workmentioning

confidence: 99%

CT-wasm: type-driven secure cryptography for the web ecosystem

Watt

Renner

Popescu

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

A significant amount of both client and server-side cryptography is implemented in JavaScript. Despite widespread concerns about its security, no other language has been able to match the convenience that comes from its ubiquitous support on the "web ecosystem"-the wide variety of technologies that collectively underpins the modern World Wide Web. With the introduction of the new WebAssembly bytecode language (Wasm) into the web ecosystem, we have a unique opportunity to advance a principled alternative to existing JavaScript cryptography use cases which does not compromise this convenience.We present Constant-Time WebAssembly (CT-Wasm), a type-driven, strict extension to WebAssembly which facilitates the verifiably secure implementation of cryptographic algorithms. CT-Wasm's type system ensures that code written in CT-Wasm is both information flow secure and resistant to timing side channel attacks; like base Wasm, these guarantees are verifiable in linear time. Building on an existing Wasm mechanization, we mechanize the full CT-Wasm specification, prove soundness of the extended type system, implement a verified type checker, and give several proofs of the language's security properties.We provide two implementations of CT-Wasm: an OCaml reference interpreter and a native implementation for Node.js and Chromium that extends Google's V8 engine. We also implement a CT-Wasm to Wasm rewrite tool that allows developers to reap the benefits of CT-Wasm's type system today, while developing cryptographic algorithms for base Wasm environments. We evaluate the language, our implementations, and supporting tools by porting several cryptographic primitives-Salsa20, SHA-256, and TEA-and the full TweetNaCl library. We find that CT-Wasm is fast, expressive, and generates code that we experimentally measure to be constant-time.

show abstract

Compiling CAO: From Cryptographic Specifications to C Implementations

Barbosa

Castro

Silva

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We present a compiler for CAO, an imperative DSL for the cryptographic domain. The tool takes high-level cryptographic algorithm specifications and translates them into C implementations through a series of security-aware transformations and optimizations. The compiler back-end is highly configurable, allowing the targeting of very disparate platforms in terms of memory requirements and computing power.

show abstract

Type Checking Cryptography Implementations

Cited by 5 publications

References 6 publications

CAOVerif: An open-source deductive verification platform for cryptographic software implementations

CAOVerif: An open-source deductive verification platform for cryptographic software implementations

CT-wasm: type-driven secure cryptography for the web ecosystem

Compiling CAO: From Cryptographic Specifications to C Implementations

Contact Info

Product

Resources

About