Paper 2022/607

Noise*: A Library of Verified High-Performance Secure Channel Protocol Implementations (Long Version)

Son Ho, Jonathan Protzenko, Abhishek Bichhawat, and Karthikeyan Bhargavan

Abstract

The Noise protocol framework defines a succinct notation and execution framework for a large class of 59+ secure channel protocols, some of which are used in popular applications such as WhatsApp and WireGuard. We present a verified implementation of a Noise protocol compiler that takes any Noise protocol, and produces an optimized C implementation with extensive correctness and security guarantees. To this end, we formalize the complete Noise stack in F*, from the low-level cryptographic library to a high-level API. We write our compiler also in F*, prove that it meets our formal specification once and for all, and then specialize it on-demand for any given Noise protocol, relying on a novel technique called hybrid embedding. We thusa establish functional correctness, memory safety and a form of side-channel resistance for the generated C code for each Noise protocol. We propagate these guarantees to the high-level API, using defensive dynamic checks to prevent incorrect uses of the protocol. Finally, we formally state and prove the security of our Noise code, by building on a symbolic model of cryptography in F*, and formally link high-level API security goals stated in terms of security levels to low-level cryptographic guarantees. Ours are the first comprehensive verification results for a protocol compiler that targets C code and the first verified implementations of any Noise protocol. We evaluate our framework by generating implementations for all 59 Noise protocols and by comparing the size, performance, and security of our verified code against other (unverified) implementations and prior security analyses of Noise.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. MAJOR revision.2022 IEEE Symposium on Security and Privacy (SP)
DOI
10.1109/SP46214.2022.00038
Keywords
protocolsformal verification
Contact author(s)
son ho @ inria fr
History
2022-05-23: received
Short URL
https://ia.cr/2022/607
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/607,
      author = {Son Ho and Jonathan Protzenko and Abhishek Bichhawat and Karthikeyan Bhargavan},
      title = {Noise*: A Library of Verified High-Performance Secure Channel Protocol Implementations (Long Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2022/607},
      year = {2022},
      doi = {10.1109/SP46214.2022.00038},
      note = {\url{https://eprint.iacr.org/2022/607}},
      url = {https://eprint.iacr.org/2022/607}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.