Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises

Author(s)

Erbsen, Andres; Philipoom, Jade D.; Gross, Jason S.; Sloan, Robert Hal; Chlipala, Adam

Abstract

We introduce a new approach for implementing cryptographic arithmetic in short high-level code with machine-checked proofs of functional correctness. We further demonstrate that simple partial evaluation is sufficient to transform into the fastest-known C code, breaking the decades-old pattern that the only fast implementations are those whose instruction-level steps were written out by hand. These techniques were used to build an elliptic-curve library that achieves competitive performance for 80 prime fields and multiple CPU architectures, showing that implementation and proof effort scales with the number and complexity of conceptually different algorithms, not their use cases. As one outcome, we present the first verified high-performance implementation of P-256, the most widely used elliptic curve. implementations from our library were included in BoringSSL to replace existing specialized code, for inclusion in several large deployments for Chrome, Android, and CloudFlare.

Date issued

2019-04

URI

https://hdl.handle.net/1721.1/130000

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Journal

Proceedings - IEEE Symposium on Security and Privacy

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

Erbsen, Andres et al. “Simple High-Level Code for Cryptographic Arithmetic - With Proofs, Without Compromises.” Proceedings - IEEE Symposium on Security and Privacy, May-2019 (May 2019) © 2019 The Author(s)

Version: Author's final manuscript

ISSN

1063-7109