# The Last Mile: High-Assurance and High-Speed Cryptographic   Implementations

**Authors:** Jos\'e Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Benjamin, Gr\'egoire, Adrien Koutsos, Vincent Laporte, Tiago Oliveira, Pierre-Yves, Strub

arXiv: 1904.04606 · 2019-04-10

## TL;DR

This paper presents a novel approach for creating cryptographic implementations that are both formally verified for correctness and side-channel resistant, achieving high performance comparable to hand-optimized assembly, demonstrated on TLS 1.3 cipher suites.

## Contribution

It introduces a combined framework using Jasmin and EasyCrypt for developing and verifying efficient cryptographic code, including a new verified compiler and embedding of Jasmin in EasyCrypt.

## Key findings

- Verified vectorized ChaCha20-Poly1305 implementations outperform non-verified code.
- The approach ensures functional correctness and security protections.
- Tools enable step-by-step optimization with formal correctness guarantees.

## Abstract

We develop a new approach for building cryptographic implementations. Our approach goes the last mile and delivers assembly code that is provably functionally correct, protected against side-channels, and as efficient as hand-written assembly. We illustrate ur approach using ChaCha20-Poly1305, one of the mandatory ciphersuites in TLS 1.3, and deliver formally verified vectorized implementations which outperform the fastest non-verified code.   We realize our approach by combining the Jasmin framework, which offers in a single language features of high-level and low-level programming, and the EasyCrypt proof assistant, which offers a versatile verification infrastructure that supports proofs of functional correctness and equivalence checking. Neither of these tools had been used for functional correctness before. Taken together, these infrastructures empower programmers to develop efficient and verified implementations by "game hopping", starting from reference implementations that are proved functionally correct against a specification, and gradually introducing program optimizations that are proved correct by equivalence checking.   We also make several contributions of independent interest, including a new and extensible verified compiler for Jasmin, with a richer memory model and support for vectorized instructions, and a new embedding of Jasmin in EasyCrypt.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.04606/full.md

## Figures

19 figures with captions in the complete paper: https://tomesphere.com/paper/1904.04606/full.md

## References

32 references — full list in the complete paper: https://tomesphere.com/paper/1904.04606/full.md

---
Source: https://tomesphere.com/paper/1904.04606