Results 1  10
of
12
Pragmatic Equivalence and Safety Checking in Cryptol
"... Cryptol is programming a language designed for specifying and programming cryptographic algorithms. In order to meet highassurance requirements, Cryptol comes with a suite of formalmethods based tools allowing users to perform various program verification tasks. In the fully automated mode, Cryptol ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Cryptol is programming a language designed for specifying and programming cryptographic algorithms. In order to meet highassurance requirements, Cryptol comes with a suite of formalmethods based tools allowing users to perform various program verification tasks. In the fully automated mode, Cryptol uses modern offtheshelf SAT and SMT solvers to perform verification in a pushbutton manner. In the manual mode, Cryptol produces Isabelle/HOL specifications that can be interactively verified using the Isabelle theorem prover. In this paper, we provide an overview of Cryptol’s verification toolset, describing our experiences with building a practical programming environment with dedicated support for formal verification. Categories and Subject Descriptors F.3.1 [Logics and meanings
Automatic Formal Verification of Block Cipher Implementations
"... Abstract—This paper describes an automatic method for proving equivalence of implementations of block ciphers (and similar cryptographic algorithms). The method can compare two object code implementations or compare object code to a formal, mathematical specification. In either case it proves that t ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract—This paper describes an automatic method for proving equivalence of implementations of block ciphers (and similar cryptographic algorithms). The method can compare two object code implementations or compare object code to a formal, mathematical specification. In either case it proves that the computations being compared are bitforbit equivalent. The method has two steps. First the computations are represented as large mathematical terms. Then the two terms are proved equivalent using a phased approach that includes domainspecific optimizations for block ciphers and relies on a careful choice of both wordlevel and bitlevel simplifications. The verification also relies on STP [5], a SATbased decision procedure for bitvectors and arrays. The method has been applied to verify real, widelyused Java code from Sun Microsystems and the open source Bouncy Castle project. It has been applied to implementations of the block ciphers AES, DES, Triple DES (3DES), Blowfish, RC2, RC6, and Skipjack as well as applications of the cryptographic hash functions SHA1 and MD5 on fixedlength messages. I.
Functional Pearl: Every Bit Counts
"... We show how the binary encoding and decoding of typed data and typed programs can be understood, programmed, and verified with the help of questionanswer games. The encoding of a value is determined by the yes/no answers to a sequence of questions about that value; conversely, decoding is the inter ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
We show how the binary encoding and decoding of typed data and typed programs can be understood, programmed, and verified with the help of questionanswer games. The encoding of a value is determined by the yes/no answers to a sequence of questions about that value; conversely, decoding is the interpretation of binary data as answers to the same question scheme. We introduce a general framework for writing and verifying gamebased codecs. We present games for structured, recursive, polymorphic, and indexed types, building up to a representation of welltyped terms in the simplytyped λcalculus. The framework makes novel use of isomorphisms between types in the definition of games. The definition of isomorphisms together with additional simple properties make it easy to prove that codecs derived from games never encode two distinct values using the same code, never decode two codes to the same value, and interpret any bit sequence as a valid code for a value or as a prefix of a valid code.
S.: Proofproducing synthesis of ML from higherorder logic
 International Conference on Functional Programming (ICFP). ACM (2012
"... The higherorder logic found in proof assistants such as Coq and various HOL systems provides a convenient setting for the development and verification of pure functional programs. However, to efficiently run these programs, they must be converted (or “extracted”) to functional programs in a program ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
The higherorder logic found in proof assistants such as Coq and various HOL systems provides a convenient setting for the development and verification of pure functional programs. However, to efficiently run these programs, they must be converted (or “extracted”) to functional programs in a programming language such as ML or Haskell. With current techniques, this step, which must be trusted, relates similar looking objects that have very different semantic definitions, such as the settheoretic model of a logic and the operational semantics of a programming language. In this paper, we show how to increase the trustworthiness of this step with an automated technique. Given a functional program expressed in higherorder logic, our technique provides the corresponding program for a functional language defined with an operational semantics, and it provides a mechanically checked theorem relating the two. This theorem can then be used to transfer verified properties of the logical function to the program. We have implemented our technique in the HOL4 theorem prover, translating functions to a core subset of Standard ML, and have applied it to examples including functional data structures, a parser generator, cryptographic algorithms, and a garbage collector.
Languages, Verification
"... Sparse matrix formats are typically implemented with lowlevel imperative programs. The optimized nature of these implementations hides the structural organization of the sparse format and complicates its verification. We define a variablefree functional language (LL) in which even advanced formats ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Sparse matrix formats are typically implemented with lowlevel imperative programs. The optimized nature of these implementations hides the structural organization of the sparse format and complicates its verification. We define a variablefree functional language (LL) in which even advanced formats can be expressed naturally, as a pipelinestyle composition of smaller construction steps. We translate LL programs to Isabelle/HOL and describe a proof system based on parametric predicates for tracking relationship between mathematical vectors and their concrete representations. This proof theory automatically verifies full functional correctness of many formats. We show that it is reusable and extensible to hierarchical sparse formats.
Verification of a Cryptographic Primitive: SHA256
"... is an interactive proof of functional correctness in the Coq proof assistant, using the Verifiable C program logic. Verifiable C is a separation logic for the C language, proved sound w.r.t. the operational semantics for C, connected to the CompCert verified optimizing C compiler. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
is an interactive proof of functional correctness in the Coq proof assistant, using the Verifiable C program logic. Verifiable C is a separation logic for the C language, proved sound w.r.t. the operational semantics for C, connected to the CompCert verified optimizing C compiler.
DataParallel Language for Correct and Efficient Sparse Matrix Codes
"... All rights reserved. ..."
(Show Context)
Under consideration for publication in Formal Aspects of Computing Proof producing synthesis of
"... arithmetic and cryptographic ..."
Additional services for Journal of Functional Programming:
"... Proofproducing translation of higherorder logic into pure and stateful ML ..."
Abstract
 Add to MetaCart
Proofproducing translation of higherorder logic into pure and stateful ML