CryptOpt: Verified Compilation with Randomized Program Search for Cryptographic Primitives

Most software domains rely on compilers to translate high-level code multiple different machine languages, with performance not too much worse than what developers would have the patience write directly in assembly language. However, cryptography has been an exception, where many performance-critical routines written (sometimes through metaprogramming layers). Some past work shown how do formal verification of that assembly, and other generate C automatically along proof, but consequent penalties vs. best- known assembly. We present CryptOpt, first compilation pipeline specializes cryptographic functional programs into significantly faster GCC or Clang produce, mechanized proof (in Coq) whose final theorem statement mentions little beyond input program operational semantics x86-64 On optimization side, we apply randomized search space programs, repeated automatic benchmarking target CPUs. formal-verification connect Fiat Cryptography framework (which translates C-like IR code) extend it a new formally verified program-equivalence checker, incorporating modest subset features SMT solvers symbolic-execution engines. The overall prototype is quite practical, e.g. producing fastest-known implementations finite-field arithmetic for both Curve25519 (part TLS standard) Bitcoin elliptic curve secp256k1 Intel 12