Formally verifying Kyber
نویسندگان
چکیده
In this paper we present the first formally verified implementations of Kyber and, to best our knowledge, such any post-quantum cryptosystem. We give a (readable) formal specification in EasyCrypt proof assistant, which is syntactically very close pseudocode description scheme as given most recent version NIST submission. high-assurance open-source written Jasmin language, along with machine-checked proofs that they are functionally correct respect specification. describe number improvements and frameworks were needed for implementation verification effort, detailed benchmarks implementations, showing code achieves performance existing hand-optimized C assembly.
منابع مشابه
Formally verifying interactive systems: A review
Although some progress has been made in the development of principles to guide the designers of interactive systems, ultimately the only proven method of checking how usable a particular system is must be based on experiment. However, it is also the case that changes that occur at this late stage are very expensive. The need for early design checking increases as software becomes more complex a...
متن کاملSymbolic Techniques for Formally Verifying Industrial Systems
The design of correct computer systems is extremely difficult. However, it is also a very important task. Such systems are frequently used in applications where failures can have catastrophic consequences, or cause significant financial losses. Simulation and testing are the most widely used verification techniques, but they can only show the presence of errors and cannot demonstrate correctnes...
متن کاملClassifying and Formally Verifying Integer Constant Folding
Constant folding is a well-known optimization of compilers which evaluates constant expressions already at compile time. Constant folding is valid only if the results computed by the compiler are exactly the same as the results which would be computed at run-time by the target machine arithmetic. We classify different arithmetics by deriving a general condition under which a target-machine arit...
متن کاملFormally Defining and Verifying Master/Slave Speculative Parallelization
Master/Slave Speculative Parallelization (MSSP) is a new execution paradigm that decouples the issues of performance and correctness in microprocessor design and implementation. MSSP uses a fast, not necessarily correct, master processor to speculatively split a program into tasks, which are executed independently and concurrently on slower, but correct, slave processors. This work reports on t...
متن کاملFormally Verifying Data and Control with Weak Reachability Invariants
Existing formal verification methods do not handle systems that combine state machines and data paths very well. Model checking deals with finitestate machines efficiently, but model checking full designs is infeasible because of the large amount of state in the data path. Theorem-proving methods may be effective for verifying data path operations, but verifying the control requires finding and...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR transactions on cryptographic hardware and embedded systems
سال: 2023
ISSN: ['2569-2925']
DOI: https://doi.org/10.46586/tches.v2023.i3.164-193