EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2020

EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider

Résumé

We present EverCrypt: a comprehensive collection of verified, high-performance cryptographic functionalities available via a carefully designed API. The API provably supports agility (choosing between multiple algorithms for the same functionality) and multiplexing (choosing between multiple implementations of the same algorithm). Through abstraction and zero-cost generic programming, we show how agility can simplify verification without sacrificing performance, and we demonstrate how C and assembly can be composed and verified against shared specifications. We substantiate the effectiveness of these techniques with new verified implementations (including hashes, Curve25519, and AES-GCM) whose performance matches or exceeds the best unverified implementations. We validate the API design with two high-performance verified case studies built atop EverCrypt, resulting in line-rate performance for a secure network protocol and a Merkle-tree library, used in a production blockchain, that supports 2.7 million insertions/sec. Altogether, EverCrypt consists of over 124K verified lines of specs, code, and proofs, and it produces over 29K lines of C and 14K lines of assembly code.

Dates et versions

hal-03154278 , version 1 (28-02-2021)

Identifiants

Citer

Jonathan Protzenko, Bryan Parno, Aymeric Fromherz, Chris Hawblitzel, Marina Polubelova, et al.. EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider. SP 2020 - IEEE Symposium on Security and Privacy, May 2020, San Francisco / Virtual, United States. pp.983-1002, ⟨10.1109/SP40000.2020.00114⟩. ⟨hal-03154278⟩

Collections

INRIA INRIA2
82 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More