HACL * : A Verified Modern Cryptographic Library

Abstract : HACL* is a verified portable C cryptographic library that implements modern cryptographic primitives such as the ChaCha20 and Salsa20 encryption algorithms, Poly1305 and HMAC message authentication, SHA-256 and SHA-512 hash functions, the Curve25519 elliptic curve, and Ed25519 signatures. HACL* is written in the F* programming language and then compiled to readable C code. The F* source code for each cryptographic primitive is verified for memory safety, mitigations against timing side-channels, and functional correctness with respect to a succinct high-level specification of the primitive derived from its published standard. The translation from F* to C preserves these properties and the generated C code can itself be compiled via the CompCert verified C compiler or mainstream compilers like GCC or CLANG. When compiled with GCC on 64-bit platforms, our primitives are as fast as the fastest pure C implementations in OpenSSL and Libsodium, significantly faster than the reference C code in TweetNaCl, and between 1.1x-5.7x slower than the fastest hand-optimized vectorized assembly code in SUPERCOP. HACL* implements the NaCl cryptographic API and can be used as a drop-in replacement for NaCl libraries like Libsodium and TweetNaCl. HACL * provides the cryptographic components for a new mandatory ciphersuite in TLS 1.3 and is being developed as the main cryptographic provider for the miTLS verified implementation. Primitives from HACL* are also being integrated within Mozilla's NSS cryptographic library. Our results show that writing fast, verified, and usable C cryptographic libraries is now practical.
Type de document :
Communication dans un congrès
ACM Conference on Computer and Communications Security (CCS), Oct 2017, Dallas, United States. 〈https://www.sigsac.org/ccs/CCS2017/index.html〉
Liste complète des métadonnées

Contributeur : Benjamin Beurdouche <>
Soumis le : samedi 8 décembre 2018 - 11:28:13
Dernière modification le : mardi 11 décembre 2018 - 01:16:12
Document(s) archivé(s) le : samedi 9 mars 2019 - 12:58:52


Fichiers produits par l'(les) auteur(s)


  • HAL Id : hal-01588421, version 2



Jean-Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, Benjamin Beurdouche. HACL * : A Verified Modern Cryptographic Library. ACM Conference on Computer and Communications Security (CCS), Oct 2017, Dallas, United States. 〈https://www.sigsac.org/ccs/CCS2017/index.html〉. 〈hal-01588421v2〉



Consultations de la notice


Téléchargements de fichiers