Machine Assisted Verification Tools for Cryptography
-
Upload
paulo-silva -
Category
Technology
-
view
93 -
download
2
description
Transcript of Machine Assisted Verification Tools for Cryptography
![Page 1: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/1.jpg)
Machine Assisted Verification Tools forCryptography
Paulo Silva1 Manuel Barbosa1
1Departamento de InformáticaComputer Science and Technology Centre (CCTC/DI)
Universidade do MinhoPortugal
October 13, 2010
![Page 2: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/2.jpg)
Computer Aided Cryptography Engineering (CACE)
European FP7 Project(http://www.cace-project.eu)Overal objectives:
Design, develop and deploy a toolbox for cryptographicsoftware engineeringAllow non-experts to develop high-level cryptographicapplications using cryptography-aware programminglanguages and tools
Our group is responsible for the Work Package 5 (WP5):Formal Verification and Validation of CryptographicSoftware
![Page 3: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/3.jpg)
Formal Verification and Validation (WP5)
Adapt validation, verification and certification of securesoftware techniques to the CACE projectExtend languages and tools to include machine assistedverification of correctness and conformance to securitypoliciesImplement a certified shared library core
![Page 4: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/4.jpg)
CAO Language
![Page 5: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/5.jpg)
CAO Language
Small and simple domain specific languageGeared toward the automatic production of highly efficienttarget code subject to security-aware optimizationsClose to cryptographic standardsType system supports cryptographic types such as bitstrings, matrices and field extensionsWe have a complete formalization of CAO’s:
SyntaxSemanticsType system
We have implemented a fully functional CAO interpreter
![Page 6: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/6.jpg)
CAO Language Example (AES fragment)
typedef GF2 := mod[ 2 ];typedef GF2N :=mod[ GF2<X> / X**8 + X**4 + X**3 + X + 1 ];
typedef S := matrix[4,4] of GF2N;
def mix : matrix[4,4] of GF2N :={[X],[X+1],[1],[1],[1],[X],[X+1],[1],[1],[1],[X],[X+1],[X+1],[1],[1],[X]};
def MixColumns( s : S ) : S {def r : S;seq i := 0 to 3 {
r[0..3,i] := mix * s[0..3,i]; }return r; }
![Page 7: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/7.jpg)
Deductive Verification
![Page 8: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/8.jpg)
Deductive Verification
Tools based on variations of Hoare logicAxioms and inference rules capture the semantics ofimperative languagesPrograms are bound to contracts: a pre- and apost-conditionIf pre-condition is met at the inputs, program guaranteespost-conditions at the outputs
![Page 9: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/9.jpg)
Deductive Verification
Annotation Language (CAO-SL) Properties that must beproven (specification) and extra information tofacilitate verification are included in source codeas annotations.
Verification condition generator (VCGen) The annotatedprogram is used to generate a set of proofobligations. The validity of these proof obligationswill imply that the software is indeed correct withrespect to the specification.
Proof generation Proof obligations are theorems of first-orderlogic that must be proven, using a first-orderautomatic proof tool (e.g. Simplify) or a proofassistant (e.g. Coq) to construct the proof.
![Page 10: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/10.jpg)
CALF Language
![Page 11: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/11.jpg)
CALF Language
Higher-level than CAOMore powerful abstraction to write generic codeA suitable candidate for direct translation andimplementation of cryptographic standardsStatic verification and pre-processing tool for enhancedCAO source code.
![Page 12: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/12.jpg)
CALF to CAO compiler
High-assurance compiler that translates CALF to CAOcodeAdvanced type system based on dependent types toensure that certain properties are metMore manageable than deductive verificationMay be used to reduce the number of proof obligationsExample: ensures that the access to a vector position iswithin bounds (memory safe)
![Page 13: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/13.jpg)
CALF Language Example (RSA fragment)
typedef RSAPub<(n : int)> :=struct [ def e : int; ];
def RSA<(n : int)>(k : RSAPub<(n)>, m : int ) : int{
def c : mod[n];
c := (mod[n]) m;c := c ** k.e;return (int) c;
}
![Page 14: Machine Assisted Verification Tools for Cryptography](https://reader034.fdocuments.in/reader034/viewer/2022042715/5596f0021a28ab23778b4714/html5/thumbnails/14.jpg)
Ongoing Work
Proofs about CAO formalization, namely, type safetyData type classifiersVerification of cryptographic libraries (NaCl)Compiler from CAO to C