| dc.contributor.author | Erbsen, Andres | |
| dc.contributor.author | Philipoom, Jade D. | |
| dc.contributor.author | Gross, Jason S. | |
| dc.contributor.author | Sloan, Robert Hal | |
| dc.contributor.author | Chlipala, Adam | |
| dc.date.accessioned | 2021-07-14T15:11:01Z | |
| dc.date.available | 2021-07-14T15:11:01Z | |
| dc.date.issued | 2020-07 | |
| dc.identifier.issn | 0163-5980 | |
| dc.identifier.uri | https://hdl.handle.net/1721.1/131080 | |
| dc.description.abstract | We introduce an unusual approach for implementing cryptographic arithmetic in short high-level code with machinechecked proofs of functional correctness. We further demonstrate that simple partial evaluation is sufficient to transform such initial code into highly competitive C code, breaking the decades-old pattern that the only fast implementations are those whose instruction-level steps were written out by hand. These techniques were used to build an elliptic-curve library that achieves competitive performance for a wide range of prime fields and multiple CPU architectures, showing that implementation and proof effort scales with the number and complexity of conceptually different algorithms, not their use cases. As one outcome, we present the first verified highperformance implementation of P-256, the most widely used elliptic curve. Implementations from our library were included in BoringSSL to replace existing specialized code, for inclusion in several large deployments for Chrome, Android, and CloudFlare. This is an abridged version of the full paper originally presented in IEEE S&P 2019 [10]. We have omitted most proof-engineering details in favor of a focus on the system's functional capabilities. | en_US |
| dc.description.sponsorship | National Science Foundation (Grants CCF-1253229, CCF- 1512611, and CCF-1521584) | en_US |
| dc.language.iso | en | |
| dc.publisher | Association for Computing Machinery (ACM) | en_US |
| dc.relation.isversionof | http://dx.doi.org/10.1145/3421473.3421477 | en_US |
| dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
| dc.source | Prof. Chlipala via Phoebe Ayers | en_US |
| dc.title | Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises | en_US |
| dc.type | Article | en_US |
| dc.identifier.citation | Erbsen, Andres et al. "Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises." ACM SIGOPS Operating Systems Review 54, 1 (July 2020): 23-30. © 2020 Author(s). | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
| dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
| dc.relation.journal | ACM SIGOPS Operating Systems Review | en_US |
| dc.eprint.version | Author's final manuscript | en_US |
| dc.type.uri | http://purl.org/eprint/type/JournalArticle | en_US |
| eprint.status | http://purl.org/eprint/status/PeerReviewed | en_US |
| dc.date.updated | 2021-07-12T17:55:43Z | |
| dspace.orderedauthors | Erbsen, A; Philipoom, J; Gross, J; Sloan, R; Chlipala, A | en_US |
| dspace.date.submission | 2021-07-12T17:55:45Z | |
| mit.journal.volume | 54 | en_US |
| mit.journal.issue | 1 | en_US |
| mit.license | OPEN_ACCESS_POLICY | |
| mit.metadata.status | Complete | |
