We develop a new approach for building cryptographic implementations. Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as hand-written assembly. We illustrate ur approach using ChaCha20-Poly1305, one of the mandatory ciphersuites in TLS 1.3, and deliver formally verified vectorized implementations which outperform the fastest non-verified code. We realize our approach by combining the Jasmin framework, which offers in a single language features of high-level and low-level programming, and the EasyCrypt proof assistant, which offers a versatile verification infrastructure that supports proofs of functional correctness and equivalence checking. Neither of these tools had been used for functional correctness before. Taken together, these infrastructures empower programmers to develop efficient and verified implementations by "game hopping", starting from reference implementations that are proved functionally correct against a specification, and gradually introducing program optimizations that are proved correct by equivalence checking. We also make several contributions of independent interest, including a new and extensible verified compiler for Jasmin, with a richer memory model and support for vectorized instructions, and a new embedding of Jasmin in EasyCrypt.
翻译:我们开发了一个新的方法,用于建立加密实施。我们的方法是最后一英里,提供功能正确、防侧通道保护的组装代码,并像手写装配一样高效。我们用ChaCha20-Polly1305(TLS 1.3中强制性密码器之一)来说明方法,并交付经正式核实的矢量化实施,其效果超过最快的未经核实的代码。我们通过将Jasmin框架(提供高层次和低层次编程的单一语言特征)和EasyCrypt验证助理(提供多功能核查基础设施,支持功能正确性和等值检查的证明)来实现我们的方法。我们用这些工具来说明如何使用Chach20-Polly1305(TLS 1.1.3中强制性密码器件之一)来说明方法,并交付经正式核实的矢量化实施,这些执行比最快的编码要好。我们通过将Jasmin框架(提供高层次和低层次编程的单一语言特征)和简洁的校准验证助理(提供多功能正确性核查工具)提供多种独立的兴趣,包括新的和可保存的校准的校准的校准的校准的校准的校准的校准的校正的校准工具。这些工具以前,这些工具都没有的模型和较型的模型。加固的模型,这些模型的模型的模型和制式的模型制。加固的模型制。加固的模型和制式的模型,加固的模型。
相关内容
微信扫码咨询专知VIP会员