You are looking at a specific version 20200915:112808 of this paper. See the latest version.

Paper 2020/1104

High-Assurance Cryptography Software in the Spectre Era

Gilles Barthe and Sunjay Cauligi and Benjamin Gregoire and Adrien Koutsos and Kevin Liao and Tiago Oliveira and Swarn Priya and Tamara Rezk and Peter Schwabe

Abstract

High-assurance cryptography leverages methods from program verification and cryptography engineering to deliver efficient cryptographic software with machine-checked proofs of memory safety, functional correctness, cryptographic security, and side-channel protection. Traditionally, these guarantees are established under a sequential execution semantics. However, this semantics is not aligned with the behavior of modern processors that make use of speculative execution to improve performance. This mismatch, combined with the high-profile Spectre-style attacks that exploit speculative execution, may naturally cast doubts on the robustness of high-assurance cryptography guarantees. In this paper, we dispel these doubts by showing that the benefits of high-assurance cryptography extend to speculative execution, at the cost of a modest performance overhead. We build atop the Jasmin verification framework an end-to-end approach for proving properties of cryptographic software under speculative execution, and validate our approach experimentally with efficient, functionally correct, side-channel protected assembly implementations of ChaCha20 and Poly1305.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
high-assurance cryptographyverificationside-channel resistancespeculative execution
Contact author(s)
kevliao @ mit edu
History
2021-01-15: revised
2020-09-15: received
See all versions
Short URL
https://ia.cr/2020/1104
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.