4 research outputs found
Translation of Algorithmic Descriptions of Discrete Functions to SAT with Applications to Cryptanalysis Problems
In the present paper, we propose a technology for translating algorithmic
descriptions of discrete functions to SAT. The proposed technology is aimed at
applications in algebraic cryptanalysis. We describe how cryptanalysis problems
are reduced to SAT in such a way that it should be perceived as natural by the
cryptographic community. In~the theoretical part of the paper we justify the
main principles of general reduction to SAT for discrete functions from a class
containing the majority of functions employed in cryptography. Then, we
describe the Transalg software tool developed based on these principles with
SAT-based cryptanalysis specifics in mind. We demonstrate the results of
applications of Transalg to construction of a number of attacks on various
cryptographic functions. Some of the corresponding attacks are state of the
art. We compare the functional capabilities of the proposed tool with that of
other domain-specific software tools which can be used to reduce cryptanalysis
problems to SAT, and also with the CBMC system widely employed in symbolic
verification. The paper also presents vast experimental data, obtained using
the SAT solvers that took first places at the SAT competitions in the recent
several years
Continuous Reasoning: Scaling the impact of formal methods
This paper describes work in continuous reasoning, where formal reasoning about a (changing) codebase is done in a fashion which mirrors the iterative, continuous model of software development that is increasingly practiced in industry. We suggest that advances in continuous reasoning will allow formal reasoning to scale to more programs, and more programmers. The paper describes the rationale for continuous reasoning, outlines some success cases from within industry, and proposes directions for work by the scientific community
Hacspec: succinct, executable, verifiable specifications for high-assurance cryptography embedded in Rust
Despite significant progress in the formal verification of security-critical components like cryptographic libraries and protocols, the secure integration of these components into larger unverified applications remains an open challenge. The first problem is that any memory safety bug or side-channel leak in the unverified code can nullify the security guarantees of the verified code. A second issue is that application developers may misunderstand the specification and assumptions of the verified code and so use it incorrectly. In this paper, we propose a novel verification framework that seeks to close these gaps for applications written in Rust. At the heart of this framework is hacspec, a new language for writing succinct, executable, formal specifications for cryptographic components. Syntactically, hacspec is a purely functional subset of Rust that aims to be readable by developers, cryptographers, and verification experts. An application developer can use hacspec to specify and prototype cryptographic components in Rust, and then replace this specification with a verified implementation before deployment. We present the hacspec language, its formal semantics and type system, and describe a translation from hacspec to F. We evaluate the language and its toolchain on a library of popular cryptographic algorithms. An earlier attempt in this direction by some of the same authors, was also called hacspec, and sought to embed a cryptographic specification language into Python. We now believe that the strong typing of Rust provides an essential improvement to the specification and programming workflow. This work subsumes and obsoletes that earlier attempt. Hereafter, we use hacspec-python to refer to this prior version