Paper 2023/185
The Last Yard: Foundational End-to-End Verification of High-Speed Cryptography
Abstract
The field of high-assurance cryptography is quickly maturing, yet a unified foundational framework for end-to-end formal verification of efficient cryptographic implementations is still missing. To address this gap, we use the Coq proof assistant to formally connect three existing tools: (1) the Hacspec emergent cryptographic specification language; (2) the Jasmin language for efficient, high-assurance cryptographic implementations; and (3) the SSProve foundational verification framework for modular cryptographic proofs. We first connect Hacspec with SSProve by devising a new translation from Hacspec specifications to imperative SSProve code. We validate this translation by considering a second, more standard translation from Hacspec to purely functional Coq code and generate a proof of the equivalence between the code produced by the two translations. We further define a translation from Jasmin to SSProve, which allows us to formally reason in SSProve about efficient cryptographic implementations in Jasmin. We prove this translation correct in Coq with respect to Jasmin's operational semantics. Finally, we demonstrate the usefulness of our approach by giving a foundational end-to-end Coq proof of an efficient AES implementation. For this case study, we start from an existing Jasmin implementation of AES that makes use of hardware acceleration and prove that it conforms to a specification of the AES standard written in Hacspec. We use SSProve to formalize the security of the encryption scheme based on the Jasmin implementation of AES.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP)
- DOI
- 10.1145/3636501.3636961
- Keywords
- high-assurance cryptographyformal verificationcomputer-aided cryptographyAESCoq
- Contact author(s)
-
philipp @ haselwarter org
bsh @ cs au dk
letager @ cs au dk
theo winterhalter @ inria fr
catalin hritcu @ mpi-sp org
spitters @ cs au dk - History
- 2024-01-06: last of 2 revisions
- 2023-02-13: received
- See all versions
- Short URL
- https://ia.cr/2023/185
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/185, author = {Philipp G. Haselwarter and Benjamin Salling Hvass and Lasse Letager Hansen and Théo Winterhalter and Catalin Hritcu and Bas Spitters}, title = {The Last Yard: Foundational End-to-End Verification of High-Speed Cryptography}, howpublished = {Cryptology {ePrint} Archive, Paper 2023/185}, year = {2023}, doi = {10.1145/3636501.3636961}, url = {https://eprint.iacr.org/2023/185} }