4 documents found, page 1 of 1
Formally verifying Kyber. Episode IV: implementation correctness
Almeida, José Bacelar; Barbosa, Manuel; Barthe, Gilles; Grégoire, Benjamin; Laporte, Vincent; Léchenet, Jean-Christophe; Oliveira, Tiago; Pacheco, HugoIn this paper we present the first formally verified implementations of Kyber and, to the best of our knowledge, the first such implementations of any post-quantum cryptosystem. We give a (readable) formal specification of Kyber in the EasyCrypt proof assistant, which is syntactically very close to the pseudocode description of the scheme as given in the most recent version of the NIST submission. We present hi...
The last mile: High-Assurance and High-Speed cryptographic implementations
Almeida, José Bacelar; Barbosa, Manuel; Barthe, Gilles; Gregoire, Benjamin; Koutsos, Adrien; Laporte, Vincent; Oliveira, Tiago; Strub, Pierre-YvesWe develop a new approach for building cryptographic implementations. Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as handwritten assembly. We illustrate our approach using ChaCha20Poly1305, one of the two ciphersuites recommended in TLS 1.3, and deliver formally verified vectorized implementations which outpe...
A machine-checked proof of security for AWS key management service
Almeida, José Bacelar; Barbosa, Manuel; Barthe, Gilles; Campagna, Matthew; Cohen, Ernie; Gregoire, Benjamin; Pereira, Vitor; Portela, BernardoWe present a machine-checked proof of security for the domain management protocol of Amazon Web Services' KMS (Key Management Service) a critical security service used throughout AWS and by AWS customers. Domain management is at the core of AWS KMS; it governs the top-level keys that anchor the security of encryption services at AWS. We show that the protocol securely implements an ideal distributed encryption ...
Machine-checked proofs for cryptographic standards indifferentiability of SPONG...
Almeida, José Bacelar; Baritel-Ruet, Cecile; Barbosa, Manuel; Barthe, Gilles; Dupressoir, Francois; Gregoire, Benjamin; Laporte, VincentWe present a high-assurance and high-speed implementation of the SHA-3 hash function. Our implementation is written in the Jasmin programming language, and is formally verified for functional correctness, provable security and timing attack resistance in the EasyCrypt proof assistant. Our implementation is the first to achieve simultaneously the four desirable properties (efficiency, correctness, provable secur...