SlideShare a Scribd company logo

Compiling CAO: From Cryptographic Specifications to C Implementations

Paulo Silva
Paulo Silva

Tool demo presented at POST14 (part of ETAPS 2014: 5-13 April 2014, Grenoble, France).

ScienceTechnology
1 of 21
Download to read offline
Compiling CAO: from Cryptographic Specifications to C Implementations Manuel Barbosa David Castro Paulo Silva HASLab/INESC TEC Universidade do Minho Braga, Portugal April 8, 2014 Grenoble
Motivation 〉 Developing cryptographic software is challenging 〉 Performance is usually critical 〉 Many implementations are done directly in assembly 〉 Aggressive optimizations must not change the semantics 〉 Error prone and time consuming Manuel Barbosa, David Castro, Paulo Silva 1/14
CAO Language 〉 Started in the CACE project (FP7) in collaboration with Univ. Bristol 〉 Domain specific language for core cryptographic components 〉 Hash functions, authentication algorithms, signatures, . . . 〉 High level features closer to standards 〉 Supported by a tool chain to assist development Manuel Barbosa, David Castro, Paulo Silva 2/14
CAO Language 〉 Main design goals: 〉 Flexible and configurable for a wide range of platforms (machine architecture + operating system + compiler + extra libraries) 〉 Incorporate domain specific optimizations early in the compilation process 〉 Oriented to the implementation of cryptographic APIs Manuel Barbosa, David Castro, Paulo Silva 3/14
CAO Features 〉 Call by value semantics 〉 No input/output support 〉 No language construct to dynamically allocate memory 〉 Highly expressive native types and operators Manuel Barbosa, David Castro, Paulo Silva 4/14
CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; Manuel Barbosa, David Castro, Paulo Silva 5/14
CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; Manuel Barbosa, David Castro, Paulo Silva 5/14
CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; 〉 Machine integers def ri1 : register int; def ri2 : register int := 1; Manuel Barbosa, David Castro, Paulo Silva 5/14
CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; 〉 Machine integers def ri1 : register int; def ri2 : register int := 1; 〉 Bit strings def ubs1 : unsigned bits [32]; def ubs2 : unsigned bits [4] := 0b0101; def sbs1 : signed bits [16]; def sbs2 : signed bits [8] := 1b01010010; Manuel Barbosa, David Castro, Paulo Silva 5/14
CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; Manuel Barbosa, David Castro, Paulo Silva 6/14
CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; Manuel Barbosa, David Castro, Paulo Silva 6/14
CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; 〉 Vectors def v1 : vector [10] of register int; def v2 : vector [4] of unsigned bits [2] := { 0b00 , 0b01 , 0b10 , 0b11 }; Manuel Barbosa, David Castro, Paulo Silva 6/14
CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; 〉 Vectors def v1 : vector [10] of register int; def v2 : vector [4] of unsigned bits [2] := { 0b00 , 0b01 , 0b10 , 0b11 }; 〉 Matrices def m1 : matrix [2, 3] of int; def m2 : matrix [2, 2] of mod [2] := { [1], [0], [0], [1] }; Manuel Barbosa, David Castro, Paulo Silva 6/14
Simple Example: Bubble Sort typedef int_vector := vector [10] of int; def bubble_sort (v : int_vector) : int_vector { def temp : int; seq i := 8 to 0 by -1 { seq j := 0 to i { if (v[j] > v[j+1]) { temp := v[j]; v[j] := v[j+1]; v[j+1] := temp; } } } return v; } Manuel Barbosa, David Castro, Paulo Silva 7/14
Simple Example: Bubble Sort def bubble_sort (const n : register int {1 < n}, v : vector[n] of int) : vector[n] of int { def temp : int; seq i := n - 2 to 0 by -1 { seq j := 0 to i { if (v[j] > v[j+1]) { temp := v[j]; v[j] := v[j+1]; v[j+1] := temp; } } } return v; } Manuel Barbosa, David Castro, Paulo Silva 8/14
Complete Algorithm: SHA1 〉 (example sha1.cao) Manuel Barbosa, David Castro, Paulo Silva 9/14
Exploring Intermediate CAO Code 〉 Source to source transformations 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 10/14
Platform Specification 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 11/14
Using the Generated Code 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 12/14
Protection Against Side-channel Attacks 〉 Popular countermeasure against side-channel attacks 〉 Indistinguishable functions: 〉 Vulnerable functions execute the same sequence of native CAO operations 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 13/14
Conclusions 〉 The code of the compiler is reasonably stable 〉 The source code is available from the Hackage repository: http://hackage.haskell.org/package/cao 〉 Future work: 〉 Improve efficiency of the generated code (more aggressive optimizations are possible) 〉 Additional protection countermeasures against side-channel attacks 〉 Provide support for other platforms (ongoing work for ARM architecture) 〉 Provide additional guarantees when compiling C using CompCert (ongoing work) Manuel Barbosa, David Castro, Paulo Silva 14/14

Recommended

Programming For Problem Solving Lecture Notes
Programming For Problem Solving Lecture NotesProgramming For Problem Solving Lecture Notes
Programming For Problem Solving Lecture NotesSreedhar Chowdam
 
Develop Embedded Software Module-Session 2
Develop Embedded Software Module-Session 2Develop Embedded Software Module-Session 2
Develop Embedded Software Module-Session 2Naveen Kumar
 
2. data, operators, io
2. data, operators, io2. data, operators, io
2. data, operators, iohtaitk
 
Develop Embedded Software Module-Session 3
Develop Embedded Software Module-Session 3Develop Embedded Software Module-Session 3
Develop Embedded Software Module-Session 3Naveen Kumar
 
Os2
Os2Os2
Os2issbp
 
Technical questions
Technical questionsTechnical questions
Technical questionsKirthan S Holla
 
Summary of C++17 features
Summary of C++17 featuresSummary of C++17 features
Summary of C++17 featuresBartlomiej Filipek
 
Labsheet2
Labsheet2Labsheet2
Labsheet2rohassanie
 

Recommended

Programming For Problem Solving Lecture Notes
Programming For Problem Solving Lecture NotesProgramming For Problem Solving Lecture Notes
Programming For Problem Solving Lecture NotesSreedhar Chowdam
 
Develop Embedded Software Module-Session 2
Develop Embedded Software Module-Session 2Develop Embedded Software Module-Session 2
Develop Embedded Software Module-Session 2Naveen Kumar
 
2. data, operators, io
2. data, operators, io2. data, operators, io
2. data, operators, iohtaitk
 
Develop Embedded Software Module-Session 3
Develop Embedded Software Module-Session 3Develop Embedded Software Module-Session 3
Develop Embedded Software Module-Session 3Naveen Kumar
 
Os2
Os2Os2
Os2issbp
 
Technical questions
Technical questionsTechnical questions
Technical questionsKirthan S Holla
 
Summary of C++17 features
Summary of C++17 featuresSummary of C++17 features
Summary of C++17 featuresBartlomiej Filipek
 
Labsheet2
Labsheet2Labsheet2
Labsheet2rohassanie
 
Galois: A Language for Proofs Using Galois Connections and Fork Algebras
Galois: A Language for Proofs Using Galois Connections and Fork AlgebrasGalois: A Language for Proofs Using Galois Connections and Fork Algebras
Galois: A Language for Proofs Using Galois Connections and Fork AlgebrasPaulo Silva
 
On the Design of a Galculator
On the Design of a GalculatorOn the Design of a Galculator
On the Design of a GalculatorPaulo Silva
 
Boolean algebra And Logic Gates
Boolean algebra And Logic GatesBoolean algebra And Logic Gates
Boolean algebra And Logic GatesKumar
 
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014Takashi J OZAKI
 
Digital logic gates and Boolean algebra
Digital logic gates and Boolean algebraDigital logic gates and Boolean algebra
Digital logic gates and Boolean algebraSARITHA REDDY
 
Boolean algebra
Boolean algebraBoolean algebra
Boolean algebraGagan Deep
 
実装ディープラーニング
実装ディープラーニング実装ディープラーニング
実装ディープラーニングYurie Oka
 
Verilog tutorial
Verilog tutorialVerilog tutorial
Verilog tutorialAbhiraj Bohra
 
Verilog tutorial
Verilog tutorialVerilog tutorial
Verilog tutorialamnis_azeneth
 
ERTS UNIT 3.ppt
ERTS UNIT 3.pptERTS UNIT 3.ppt
ERTS UNIT 3.pptPavithra525349
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)bolovv
 
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Windows Developer
 
Differential Semantics
Differential SemanticsDifferential Semantics
Differential SemanticsJohnBender35
 
C# console applications.docx
C# console applications.docxC# console applications.docx
C# console applications.docxMehwishKanwal14
 
From clever code to better code
From clever code to better codeFrom clever code to better code
From clever code to better codeDror Helper
 
C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8Giovanni Bassi
 
cuptopointer-180804092048-190306091149 (2).pdf
cuptopointer-180804092048-190306091149 (2).pdfcuptopointer-180804092048-190306091149 (2).pdf
cuptopointer-180804092048-190306091149 (2).pdfYashwanthCse
 
Verilog Tutorial - Verilog HDL Tutorial with Examples
Verilog Tutorial - Verilog HDL Tutorial with ExamplesVerilog Tutorial - Verilog HDL Tutorial with Examples
Verilog Tutorial - Verilog HDL Tutorial with ExamplesE2MATRIX
 
Core .NET Framework 4.0 Enhancements
Core .NET Framework 4.0 EnhancementsCore .NET Framework 4.0 Enhancements
Core .NET Framework 4.0 EnhancementsRobert MacLean
 
Novidades do c# 7 e 8
Novidades do c# 7 e 8Novidades do c# 7 e 8
Novidades do c# 7 e 8Giovanni Bassi
 
Instruction Set Architecture: MIPS
Instruction Set Architecture: MIPSInstruction Set Architecture: MIPS
Instruction Set Architecture: MIPSPrasenjit Dey
 
Programming in C Presentation upto FILE
Programming in C Presentation upto FILEProgramming in C Presentation upto FILE
Programming in C Presentation upto FILEDipta Saha
 

More Related Content

Viewers also liked

Galois: A Language for Proofs Using Galois Connections and Fork Algebras
Galois: A Language for Proofs Using Galois Connections and Fork AlgebrasGalois: A Language for Proofs Using Galois Connections and Fork Algebras
Galois: A Language for Proofs Using Galois Connections and Fork AlgebrasPaulo Silva
 
On the Design of a Galculator
On the Design of a GalculatorOn the Design of a Galculator
On the Design of a GalculatorPaulo Silva
 
Boolean algebra And Logic Gates
Boolean algebra And Logic GatesBoolean algebra And Logic Gates
Boolean algebra And Logic GatesKumar
 
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014Takashi J OZAKI
 
Digital logic gates and Boolean algebra
Digital logic gates and Boolean algebraDigital logic gates and Boolean algebra
Digital logic gates and Boolean algebraSARITHA REDDY
 
Boolean algebra
Boolean algebraBoolean algebra
Boolean algebraGagan Deep
 
実装ディープラーニング
実装ディープラーニング実装ディープラーニング
実装ディープラーニングYurie Oka
 

Viewers also liked (7)

Galois: A Language for Proofs Using Galois Connections and Fork Algebras
Galois: A Language for Proofs Using Galois Connections and Fork AlgebrasGalois: A Language for Proofs Using Galois Connections and Fork Algebras
Galois: A Language for Proofs Using Galois Connections and Fork Algebras
 
On the Design of a Galculator
On the Design of a GalculatorOn the Design of a Galculator
On the Design of a Galculator
 
Boolean algebra And Logic Gates
Boolean algebra And Logic GatesBoolean algebra And Logic Gates
Boolean algebra And Logic Gates
 
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
Deep Learningと他の分類器をRで比べてみよう in Japan.R 2014
 
Digital logic gates and Boolean algebra
Digital logic gates and Boolean algebraDigital logic gates and Boolean algebra
Digital logic gates and Boolean algebra
 
Boolean algebra
Boolean algebraBoolean algebra
Boolean algebra
 
実装ディープラーニング
実装ディープラーニング実装ディープラーニング
実装ディープラーニング
 

Similar to Compiling CAO: From Cryptographic Specifications to C Implementations

Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)bolovv
 
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Windows Developer
 
Differential Semantics
Differential SemanticsDifferential Semantics
Differential SemanticsJohnBender35
 
C# console applications.docx
C# console applications.docxC# console applications.docx
C# console applications.docxMehwishKanwal14
 
From clever code to better code
From clever code to better codeFrom clever code to better code
From clever code to better codeDror Helper
 
C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8Giovanni Bassi
 
cuptopointer-180804092048-190306091149 (2).pdf
cuptopointer-180804092048-190306091149 (2).pdfcuptopointer-180804092048-190306091149 (2).pdf
cuptopointer-180804092048-190306091149 (2).pdfYashwanthCse
 
Verilog Tutorial - Verilog HDL Tutorial with Examples
Verilog Tutorial - Verilog HDL Tutorial with ExamplesVerilog Tutorial - Verilog HDL Tutorial with Examples
Verilog Tutorial - Verilog HDL Tutorial with ExamplesE2MATRIX
 
Core .NET Framework 4.0 Enhancements
Core .NET Framework 4.0 EnhancementsCore .NET Framework 4.0 Enhancements
Core .NET Framework 4.0 EnhancementsRobert MacLean
 
Instruction Set Architecture: MIPS
Instruction Set Architecture: MIPSInstruction Set Architecture: MIPS
Instruction Set Architecture: MIPSPrasenjit Dey
 
Programming in C Presentation upto FILE
Programming in C Presentation upto FILEProgramming in C Presentation upto FILE
Programming in C Presentation upto FILEDipta Saha
 
TDC2018SP | Trilha .Net - Novidades do C# 7 e 8
TDC2018SP | Trilha .Net - Novidades do C# 7 e 8TDC2018SP | Trilha .Net - Novidades do C# 7 e 8
TDC2018SP | Trilha .Net - Novidades do C# 7 e 8tdc-globalcode
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)Wang Hsiangkai
 
System Verilog Tutorial - VHDL
System Verilog Tutorial - VHDLSystem Verilog Tutorial - VHDL
System Verilog Tutorial - VHDLE2MATRIX
 
Debugging concurrency programs in go
Debugging concurrency programs in goDebugging concurrency programs in go
Debugging concurrency programs in goAndrii Soldatenko
 

Similar to Compiling CAO: From Cryptographic Specifications to C Implementations (20)

Verilog tutorial
Verilog tutorialVerilog tutorial
Verilog tutorial
 
Verilog tutorial
Verilog tutorialVerilog tutorial
Verilog tutorial
 
ERTS UNIT 3.ppt
ERTS UNIT 3.pptERTS UNIT 3.ppt
ERTS UNIT 3.ppt
 
Chapter Eight(3)
Chapter Eight(3)Chapter Eight(3)
Chapter Eight(3)
 
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
Build 2016 - B880 - Top 6 Reasons to Move Your C++ Code to Visual Studio 2015
 
Differential Semantics
Differential SemanticsDifferential Semantics
Differential Semantics
 
C# console applications.docx
C# console applications.docxC# console applications.docx
C# console applications.docx
 
From clever code to better code
From clever code to better codeFrom clever code to better code
From clever code to better code
 
C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8
 
cuptopointer-180804092048-190306091149 (2).pdf
cuptopointer-180804092048-190306091149 (2).pdfcuptopointer-180804092048-190306091149 (2).pdf
cuptopointer-180804092048-190306091149 (2).pdf
 
Verilog Tutorial - Verilog HDL Tutorial with Examples
Verilog Tutorial - Verilog HDL Tutorial with ExamplesVerilog Tutorial - Verilog HDL Tutorial with Examples
Verilog Tutorial - Verilog HDL Tutorial with Examples
 
Core .NET Framework 4.0 Enhancements
Core .NET Framework 4.0 EnhancementsCore .NET Framework 4.0 Enhancements
Core .NET Framework 4.0 Enhancements
 
Novidades do c# 7 e 8
Novidades do c# 7 e 8Novidades do c# 7 e 8
Novidades do c# 7 e 8
 
Instruction Set Architecture: MIPS
Instruction Set Architecture: MIPSInstruction Set Architecture: MIPS
Instruction Set Architecture: MIPS
 
Programming in C Presentation upto FILE
Programming in C Presentation upto FILEProgramming in C Presentation upto FILE
Programming in C Presentation upto FILE
 
VerilogHDL_Utkarsh_kulshrestha
VerilogHDL_Utkarsh_kulshresthaVerilogHDL_Utkarsh_kulshrestha
VerilogHDL_Utkarsh_kulshrestha
 
TDC2018SP | Trilha .Net - Novidades do C# 7 e 8
TDC2018SP | Trilha .Net - Novidades do C# 7 e 8TDC2018SP | Trilha .Net - Novidades do C# 7 e 8
TDC2018SP | Trilha .Net - Novidades do C# 7 e 8
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)
 
System Verilog Tutorial - VHDL
System Verilog Tutorial - VHDLSystem Verilog Tutorial - VHDL
System Verilog Tutorial - VHDL
 
Debugging concurrency programs in go
Debugging concurrency programs in goDebugging concurrency programs in go
Debugging concurrency programs in go
 

Recently uploaded

G9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.pptG9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.pptMAESTRELLAMesa2
 
GFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxGFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxAleenaTreesaSaji
 
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |aasikanpl
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfmuntazimhurra
 
Isotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoIsotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoSérgio Sacani
 
NAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdf
NAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdfNAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdf
NAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdfWadeK3
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxUmerFayaz5
 
VIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PVIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PPRINCE C P
 
Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )aarthirajkumar25
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)PraveenaKalaiselvan1
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsSérgio Sacani
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsAArockiyaNisha
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...Sérgio Sacani
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTSérgio Sacani
 
zoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzohaibmir069
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​kaibalyasahoo82800
 
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.aasikanpl
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PPRINCE C P
 
Scheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxScheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxyaramohamed343013
 

Recently uploaded (20)

G9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.pptG9 Science Q4- Week 1-2 Projectile Motion.ppt
G9 Science Q4- Week 1-2 Projectile Motion.ppt
 
GFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptxGFP in rDNA Technology (Biotechnology).pptx
GFP in rDNA Technology (Biotechnology).pptx
 
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
Call Us ≽ 9953322196 ≼ Call Girls In Mukherjee Nagar(Delhi) |
 
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
9953056974 Young Call Girls In Mahavir enclave Indian Quality Escort service
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdf
 
Isotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on IoIsotopic evidence of long-lived volcanism on Io
Isotopic evidence of long-lived volcanism on Io
 
NAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdf
NAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdfNAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdf
NAVSEA PEO USC - Unmanned & Small Combatants 26Oct23.pdf
 
Animal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptxAnimal Communication- Auditory and Visual.pptx
Animal Communication- Auditory and Visual.pptx
 
VIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PVIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C P
 
Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )Recombination DNA Technology (Nucleic Acid Hybridization )
Recombination DNA Technology (Nucleic Acid Hybridization )
 
Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)Recombinant DNA technology (Immunological screening)
Recombinant DNA technology (Immunological screening)
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
 
Natural Polymer Based Nanomaterials
Natural Polymer Based NanomaterialsNatural Polymer Based Nanomaterials
Natural Polymer Based Nanomaterials
 
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
All-domain Anomaly Resolution Office U.S. Department of Defense (U) Case: “Eg...
 
Disentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOSTDisentangling the origin of chemical differences using GHOST
Disentangling the origin of chemical differences using GHOST
 
zoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistanzoogeography of pakistan.pptx fauna of Pakistan
zoogeography of pakistan.pptx fauna of Pakistan
 
Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​Nanoparticles synthesis and characterization​ ​
Nanoparticles synthesis and characterization​ ​
 
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Mayapuri Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
 
Artificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C PArtificial Intelligence In Microbiology by Dr. Prince C P
Artificial Intelligence In Microbiology by Dr. Prince C P
 
Scheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docxScheme-of-Work-Science-Stage-4 cambridge science.docx
Scheme-of-Work-Science-Stage-4 cambridge science.docx
 

Compiling CAO: From Cryptographic Specifications to C Implementations

  • 1. Compiling CAO: from Cryptographic Specifications to C Implementations Manuel Barbosa David Castro Paulo Silva HASLab/INESC TEC Universidade do Minho Braga, Portugal April 8, 2014 Grenoble
  • 2. Motivation 〉 Developing cryptographic software is challenging 〉 Performance is usually critical 〉 Many implementations are done directly in assembly 〉 Aggressive optimizations must not change the semantics 〉 Error prone and time consuming Manuel Barbosa, David Castro, Paulo Silva 1/14
  • 3. CAO Language 〉 Started in the CACE project (FP7) in collaboration with Univ. Bristol 〉 Domain specific language for core cryptographic components 〉 Hash functions, authentication algorithms, signatures, . . . 〉 High level features closer to standards 〉 Supported by a tool chain to assist development Manuel Barbosa, David Castro, Paulo Silva 2/14
  • 4. CAO Language 〉 Main design goals: 〉 Flexible and configurable for a wide range of platforms (machine architecture + operating system + compiler + extra libraries) 〉 Incorporate domain specific optimizations early in the compilation process 〉 Oriented to the implementation of cryptographic APIs Manuel Barbosa, David Castro, Paulo Silva 3/14
  • 5. CAO Features 〉 Call by value semantics 〉 No input/output support 〉 No language construct to dynamically allocate memory 〉 Highly expressive native types and operators Manuel Barbosa, David Castro, Paulo Silva 4/14
  • 6. CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; Manuel Barbosa, David Castro, Paulo Silva 5/14
  • 7. CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; Manuel Barbosa, David Castro, Paulo Silva 5/14
  • 8. CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; 〉 Machine integers def ri1 : register int; def ri2 : register int := 1; Manuel Barbosa, David Castro, Paulo Silva 5/14
  • 9. CAO Types 〉 Booleans def b1 : bool; def b2 : bool := true; 〉 Integers (arbitrary precision) def i1 : int; def i2 : int := 10; 〉 Machine integers def ri1 : register int; def ri2 : register int := 1; 〉 Bit strings def ubs1 : unsigned bits [32]; def ubs2 : unsigned bits [4] := 0b0101; def sbs1 : signed bits [16]; def sbs2 : signed bits [8] := 1b01010010; Manuel Barbosa, David Castro, Paulo Silva 5/14
  • 10. CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; Manuel Barbosa, David Castro, Paulo Silva 6/14
  • 11. CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; Manuel Barbosa, David Castro, Paulo Silva 6/14
  • 12. CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; 〉 Vectors def v1 : vector [10] of register int; def v2 : vector [4] of unsigned bits [2] := { 0b00 , 0b01 , 0b10 , 0b11 }; Manuel Barbosa, David Castro, Paulo Silva 6/14
  • 13. CAO Types (cont.) 〉 Rings or fields defined by an integer def mo1 : mod [5]; def mo2 : mod [2] := [1]; 〉 Extension fields defined by a type and a polynomial def mp1 : mod[ mod [2] <X> / X**7 + X**3 + 1 ]; def mp2 : mod[ mod [11] <Y> / Y**2 + 1 ] := [5*Y + 2] * [7*Y+1]; 〉 Vectors def v1 : vector [10] of register int; def v2 : vector [4] of unsigned bits [2] := { 0b00 , 0b01 , 0b10 , 0b11 }; 〉 Matrices def m1 : matrix [2, 3] of int; def m2 : matrix [2, 2] of mod [2] := { [1], [0], [0], [1] }; Manuel Barbosa, David Castro, Paulo Silva 6/14
  • 14. Simple Example: Bubble Sort typedef int_vector := vector [10] of int; def bubble_sort (v : int_vector) : int_vector { def temp : int; seq i := 8 to 0 by -1 { seq j := 0 to i { if (v[j] > v[j+1]) { temp := v[j]; v[j] := v[j+1]; v[j+1] := temp; } } } return v; } Manuel Barbosa, David Castro, Paulo Silva 7/14
  • 15. Simple Example: Bubble Sort def bubble_sort (const n : register int {1 < n}, v : vector[n] of int) : vector[n] of int { def temp : int; seq i := n - 2 to 0 by -1 { seq j := 0 to i { if (v[j] > v[j+1]) { temp := v[j]; v[j] := v[j+1]; v[j+1] := temp; } } } return v; } Manuel Barbosa, David Castro, Paulo Silva 8/14
  • 16. Complete Algorithm: SHA1 〉 (example sha1.cao) Manuel Barbosa, David Castro, Paulo Silva 9/14
  • 17. Exploring Intermediate CAO Code 〉 Source to source transformations 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 10/14
  • 18. Platform Specification 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 11/14
  • 19. Using the Generated Code 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 12/14
  • 20. Protection Against Side-channel Attacks 〉 Popular countermeasure against side-channel attacks 〉 Indistinguishable functions: 〉 Vulnerable functions execute the same sequence of native CAO operations 〉 (demo) Manuel Barbosa, David Castro, Paulo Silva 13/14
  • 21. Conclusions 〉 The code of the compiler is reasonably stable 〉 The source code is available from the Hackage repository: http://hackage.haskell.org/package/cao 〉 Future work: 〉 Improve efficiency of the generated code (more aggressive optimizations are possible) 〉 Additional protection countermeasures against side-channel attacks 〉 Provide support for other platforms (ongoing work for ARM architecture) 〉 Provide additional guarantees when compiling C using CompCert (ongoing work) Manuel Barbosa, David Castro, Paulo Silva 14/14