Download to read offline
![CAO Language Example (AES fragment)
typedef GF2 := mod[ 2 ];
typedef GF2N :=
mod[ GF2<X> / X**8 + X**4 + X**3 + X + 1 ];
typedef S
:= matrix[4,4] of GF2N;
def mix : matrix[4,4] of GF2N
{[X],[X+1],[1],[1],
[1],[X],[X+1],[1],
[1],[1],[X],[X+1],
[X+1],[1],[1],[X]};
:=
def MixColumns( s : S ) : S {
def r : S;
seq i := 0 to 3 {
r[0..3,i] := mix * s[0..3,i]; }
return r; }](https://image.slidesharecdn.com/net-scip-131120134342-phpapp02/85/Machine-Assisted-Verification-Tools-for-Cryptography-6-320.jpg)
![CALF Language Example (RSA fragment)
typedef RSAPub<(n : int)> :=
struct [ def e : int; ];
def RSA<(n : int)>(k : RSAPub<(n)>, m : int ) : int
{
def c : mod[n];
c := (mod[n]) m;
c := c ** k.e;
return (int) c;
}](https://image.slidesharecdn.com/net-scip-131120134342-phpapp02/85/Machine-Assisted-Verification-Tools-for-Cryptography-13-320.jpg)
Uploaded byPaulo Silva
Machine Assisted Verification Tools for Cryptography
This document discusses machine assisted verification tools for cryptography. It describes the Computer Aided Cryptography Engineering project which aims to develop tools for cryptographic software engineering. The author's group is responsible for the formal verification and validation work package. This involves adapting techniques like formal verification to cryptographic software using languages like CAO and CALF. CAO is a domain specific language for cryptography while CALF provides more powerful abstraction. The document outlines the deductive verification approach used on CAO programs as well as work on a compiler from CALF to CAO.
More Related Content
Similar to Machine Assisted Verification Tools for Cryptography
Machine Assisted Verification Tools for Cryptography
- 1. Machine Assisted VerificationTools for Cryptography Paulo Silva1 Manuel Barbosa1 1 Departamento de Informática Computer Science and Technology Centre (CCTC/DI) Universidade do Minho Portugal October 13, 2010
- 2. Computer Aided CryptographyEngineering (CACE) European FP7 Project (http://www.cace-project.eu) Overal objectives: Design, develop and deploy a toolbox for cryptographic software engineering Allow non-experts to develop high-level cryptographic applications using cryptography-aware programming languages and tools Our group is responsible for the Work Package 5 (WP5): Formal Verification and Validation of Cryptographic Software
- 3. Formal Verification andValidation (WP5) Adapt validation, verification and certification of secure software techniques to the CACE project Extend languages and tools to include machine assisted verification of correctness and conformance to security policies Implement a certified shared library core
- 4.
- 5. CAO Language Small andsimple domain specific language Geared toward the automatic production of highly efficient target code subject to security-aware optimizations Close to cryptographic standards Type system supports cryptographic types such as bit strings, matrices and field extensions We have a complete formalization of CAO’s: Syntax Semantics Type system We have implemented a fully functional CAO interpreter
- 6. CAO Language Example(AES fragment) typedef GF2 := mod[ 2 ]; typedef GF2N := mod[ GF2<X> / X**8 + X**4 + X**3 + X + 1 ]; typedef S := matrix[4,4] of GF2N; def mix : matrix[4,4] of GF2N {[X],[X+1],[1],[1], [1],[X],[X+1],[1], [1],[1],[X],[X+1], [X+1],[1],[1],[X]}; := def MixColumns( s : S ) : S { def r : S; seq i := 0 to 3 { r[0..3,i] := mix * s[0..3,i]; } return r; }
- 7.
- 8. Deductive Verification Tools basedon variations of Hoare logic Axioms and inference rules capture the semantics of imperative languages Programs are bound to contracts: a pre- and a post-condition If pre-condition is met at the inputs, program guarantees post-conditions at the outputs
- 9. Deductive Verification Annotation Language(CAO-SL) Properties that must be proven (specification) and extra information to facilitate verification are included in source code as annotations. Verification condition generator (VCGen) The annotated program is used to generate a set of proof obligations. The validity of these proof obligations will imply that the software is indeed correct with respect to the specification. Proof generation Proof obligations are theorems of first-order logic that must be proven, using a first-order automatic proof tool (e.g. Simplify) or a proof assistant (e.g. Coq) to construct the proof.
- 10.
- 11. CALF Language Higher-level thanCAO More powerful abstraction to write generic code A suitable candidate for direct translation and implementation of cryptographic standards Static verification and pre-processing tool for enhanced CAO source code.
- 12. CALF to CAOcompiler High-assurance compiler that translates CALF to CAO code Advanced type system based on dependent types to ensure that certain properties are met More manageable than deductive verification May be used to reduce the number of proof obligations Example: ensures that the access to a vector position is within bounds (memory safe)
- 13. CALF Language Example(RSA fragment) typedef RSAPub<(n : int)> := struct [ def e : int; ]; def RSA<(n : int)>(k : RSAPub<(n)>, m : int ) : int { def c : mod[n]; c := (mod[n]) m; c := c ** k.e; return (int) c; }
- 14. Ongoing Work Proofs aboutCAO formalization, namely, type safety Data type classifiers Verification of cryptographic libraries (NaCl) Compiler from CAO to C