research-article

Public Access

Jasmin: High-Assurance and High-Speed Cryptography

Authors:

José Bacelar Almeida,

Manuel Barbosa,

Benjamin Grégoire,

Vincent Laporte,

Tiago Oliveira,

Benedikt Schmidt,

Pierre-Yves StrubAuthors Info & Claims

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

Pages 1807 - 1823

https://doi.org/10.1145/3133956.3134078

Published: 30 October 2017 Publication History

Abstract

Jasmin is a framework for developing high-speed and high-assurance cryptographic software. The framework is structured around the Jasmin programming language and its compiler. The language is designed for enhancing portability of programs and for simplifying verification tasks. The compiler is designed to achieve predictability and efficiency of the output code (currently limited to x64 platforms), and is formally verified in the Coq proof assistant. Using the supercop framework, we evaluate the Jasmin compiler on representative cryptographic routines and conclude that the code generated by the compiler is as efficient as fast, hand-crafted, implementations. Moreover, the framework includes highly automated tools for proving memory safety and constant-time security (for protecting against cache-based timing attacks). We also demonstrate the effectiveness of the verification tools on a large set of cryptographic routines.

Supplemental Material

MP4 File

Download
2891.26 MB

References

[1]

Nadhem J. AlFardan and Kenneth G. Paterson 2013. Lucky Thirteen: Breaking the TLS and DTLS Record Protocols IEEE Symposium on Security and Privacy, SP 2013. IEEE Computer Society, 526--540.

[2]

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, and Franc cois Dupressoir 2013. Certified computer-aided cryptography: efficient provably secure machine code from high-level implementations. In ACM CCS 13, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM Press, 1217--1230.

[3]

José Bacelar Almeida, Manuel Barbosa, Gilles Barthe, and Franc cois Dupressoir. 2016. Verifiable Side-Channel Security of Cryptographic Implementations: Constant-Time MEE-CBC FSE 2016 (LNCS), Thomas Peyrin (Ed.), Vol. Vol. 9783. Springer, Heidelberg, 163--184. https://doi.org/10.1007/978-3-662-52993-5_9

Digital Library

[4]

Jose Carlos Bacelar Almeida, Manuel Barbosa, Gilles Barthe, Franc cois Dupressoir, and Michael Emmi 2016. Verifying Constant-time Implementations. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/almeida

[5]

Andrew W. Appel. 2015. Verification of a Cryptographic Primitive: SHA-256. ACM Trans. Program. Lang. Syst. Vol. 37, 2 (2015), 7:1--7:31. https://doi.org/10.1145/2701415

Digital Library

[6]

Andrew W Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program logics for certified compilers. Cambridge University Press.

Digital Library

[7]

Michael Barnett, Bor-Yuh Evan Chang, Robert DeLine, Bart Jacobs, and K. Rustan M. Leino. 2005. Boogie: A Modular Reusable Verifier for Object-Oriented Programs Formal Methods for Components and Objects, 4th International Symposium, FMCO 2005, Amsterdam, The Netherlands, November 1--4, 2005, Revised Lectures (Lecture Notes in Computer Science), Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem P. de Roever (Eds.), Vol. Vol. 4111. Springer, 364--387. https://doi.org/10.1007/11804192_17

Digital Library

[8]

Gilles Barthe, Gustavo Betarte, Juan Diego Campo, Carlos Daniel Luna, and David Pichardie. 2014. System-level Non-interference for Constant-time Cryptography ACM CCS 14, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM Press, 1267--1279.

[9]

Evmorfia-Iro Bartzia and Pierre-Yves Strub 2014. A Formal Library for Elliptic Curves in the Coq Proof Assistant Interactive Theorem Proving - 5th International Conference, ITP 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, July 14--17, 2014. Proceedings (Lecture Notes in Computer Science), Gerwin Klein and Ruben Gamboa (Eds.), Vol. Vol. 8558. Springer, 77--92. https://doi.org/10.1007/978-3-319-08970-6_6

[10]

Lennart Beringer, Adam Petcher, Katherine Q. Ye, and Andrew W. Appel 2015. Verified Correctness and Security of OpenSSL HMAC 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12--14, 2015., Jaeyeon Jung and Thorsten Holz (Eds.). USENIX Association, 207--221. https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/beringer

[11]

Dan Bernstein. Writing high-speed software. (????). http://cr.yp.to/qhasm.html

[12]

Daniel J. Bernstein. 2005. Cache-timing attacks on AES. (2005). shownotehttp://cr.yp.to/antiforgery/cachetiming-20050414.pdf.

[13]

Daniel J. Bernstein. 2006. Curve25519: New Diffie-Hellman Speed Records PKC 2006 (LNCS), Moti Yung, Yevgeniy Dodis, Aggelos Kiayias, and Tal Malkin (Eds.), Vol. Vol. 3958. Springer, Heidelberg, 207--228.

[14]

Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang 2011. High-Speed High-Security Signatures. In CHES 2011 (LNCS), Bart Preneel and Tsuyoshi Takagi (Eds.), Vol. Vol. 6917. Springer, Heidelberg, 124--142.

[15]

Dan Berstein and Peter Schwabe 2015. gfverif: fast and easy verification of finite-field arithmetic. (2015). http://gfverif.cryptojedi.org/

[16]

Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Catalin Hritcu, Jonathan Protzenko, Tahina Ramananandro, Aseem Rastogi, Nikhil Swamy, Peng Wang, Santiago Zanella Béguelin, and Jean Karim Zinzindohoué. 2017. Verified Low-Level Programming Embedded in F. CoRR Vol. abs/1703.00053 (2017). http://arxiv.org/abs/1703.00053

[17]

Barry Bond, Chris Hawblitzel, Manos Kapritsos, K. Rustan M. Leino, Jacob R. Lorch, Bryan Parno, Ashay Rane, Srinath Setty, and Laure Thompson 2017. Vale: Verifying High-Performance Cryptographic Assembly Code 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/bond

[18]

Billy Bob Brumley, Manuel Barbosa, Dan Page, and Frederik Vercauteren 2012. Practical Realisation and Elimination of an ECC-Related Software Bug Attack CT-RSA 2012 (LNCS), Orr Dunkelman (Ed.), Vol. Vol. 7178. Springer, Heidelberg, 171--186.

[19]

Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Yang, and Shang-Yi Yang. 2014. Verifying Curve25519 Software. In ACM CCS 14, Gail-Joon Ahn, Moti Yung, and Ninghui Li (Eds.). ACM Press, 299--309.

Digital Library

[20]

Leonardo Mendoncca de Moura and Nikolaj Bjørner 2008. Z3: An Efficient SMT Solver. In Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29-April 6, 2008. Proceedings (Lecture Notes in Computer Science), C. R. Ramakrishnan and Jakob Rehof (Eds.), Vol. Vol. 4963. Springer, 337--340. https://doi.org/10.1007/978-3-540-78800-3_24

[21]

Vijay D'Silva, Mathias Payer, and Dawn Xiaodong Song. 2015. The Correctness-Security Gap in Compiler Optimization 2015 IEEE Symposium on Security and Privacy Workshops, SPW 2015, San Jose, CA, USA, May 21--22, 2015. IEEE Computer Society, 73--87. https://doi.org/10.1109/SPW.2015.33

[22]

Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, and Adam Chlipala 2017. Systematic Synthesis of Elliptic Curve Cryptography Implementations. (2017). https://people.csail.mit.edu/jgross/personal-website/papers/2017-fiat-crypto-pldi-draft.pdf

[23]

Shay Gueron and Vlad Krasnov 2013. The fragility of AES-GCM authentication algorithm. Cryptology ePrint Archive, Report 2013/157. (2013). http://eprint.iacr.org/2013/157.

[24]

Darrel Hankerson, Alfred Menezes, and Scott Vanstone. 2004. Guide to elliptic curve cryptography. (2004).

[25]

Jacques-Henri Jourdan, François Pottier, and Xavier Leroy. 2012. Validating LR(1) Parsers. In European Symposium on Programming (ESOP). Springer, 397--416.

Digital Library

[26]

Thierry Kaufmann, Hervé Pelletier, Serge Vaudenay, and Karine Villegas 2016. When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015. In Cryptology and Network Security - 15th International Conference, CANS 2016, Milan, Italy, November 14--16, 2016, Proceedings (Lecture Notes in Computer Science), Sara Foresti and Giuseppe Persiano (Eds.), Vol. Vol. 10052. 573--582. https://doi.org/10.1007/978-3-319-48965-0_36

Digital Library

[27]

K. Rustan M. Leino. 2010. Dafny: An Automatic Program Verifier for Functional Correctness Logic for Programming, Artificial Intelligence, and Reasoning - 16th International Conference, LPAR-16, Dakar, Senegal, April 25-May 1, 2010, Revised Selected Papers (Lecture Notes in Computer Science), Edmund M. Clarke and Andrei Voronkov (Eds.), Vol. Vol. 6355. Springer, 348--370. https://doi.org/10.1007/978--3--642--17511--4_20

[28]

Xavier Leroy. 2006. Formal certification of a compiler back-end, or: programming a compiler with a proof assistant 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2006. ACM, 42--54.

[29]

George C. Necula. Translation validation for an optimizing compiler. ACM sigplan notices (2000), Vol. Vol. 35. ACM, 83--94.

Digital Library

[30]

Aina Niemetz, Mathias Preiner, and Armin Biere 2014 (published 2015). Boolector 2.0 system description. Journal on Satisfiability, Boolean Modeling and Computation Vol. 9 (2014 (published 2015)), 53--58.

[31]

Adam Petcher and Greg Morrisett 2015. The Foundational Cryptography Framework. In Principles of Security and Trust - 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings (Lecture Notes in Computer Science), Riccardo Focardi and Andrew C. Myers (Eds.), Vol. Vol. 9036. Springer, 53--72. https://doi.org/10.1007/978-3-662-46666-7_4

Digital Library

[32]

Massimiliano Poletto and Vivek Sarkar 1999. Linear scan register allocation. Vol. 21, 5 (1999), 895--913.

Digital Library

[33]

Bruno Rodrigues, Fernando Magno Quint ao Pereira, and Diego F. Aranha. 2016. Sparse representation of implicit flows with applications to side-channel detection Proceedings of the 25th International Conference on Compiler Construction, CC 2016, Barcelona, Spain, March 12--18, 2016, Ayal Zaks and Manuel V. Hermenegildo (Eds.). ACM, 110--120. https://doi.org/10.1145/2892208.2892230

Digital Library

[34]

Katherine Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel 2017. Verified correctness and security of mbedTLS HMAC-DRBG ACM CCS 2017.

[35]

Jean Karim Zinzindohoué, Karthikeyan Bhargavan, Jonathan Protzenko, and Benjamin Beurdouche. 2017. HACL*: A Verified Modern Cryptographic Library. IACR Cryptology ePrint Archive Vol. 2017 (2017), 536. http://eprint.iacr.org/2017/536

[36]

Jean Karim Zinzindohoué, Evmorfia-Iro Bartzia, and Karthikeyan Bhargavan 2016. A Verified Extensible Library of Elliptic Curves. IEEE 29th Computer Security Foundations Symposium, CSF 2016, Lisbon, Portugal, June 27 - July 1, 2016. IEEE Computer Society, 296--309. https://doi.org/10.1109/CSF.2016.28

Cited By

Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Barthe GBöhme MCauligi SChuengsatiansup CGenkin DGuarnieri MMateos Romero DSchwabe PWu DYarom YLuo BLiao XXu JKirda ELie D(2024)Testing Side-channel Security of Cryptographic Implementations against Future MicroarchitecturesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670319(1076-1090)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670319
Erbsen APhilipoom JJamner DLin AGruetter SPit-Claudel CChlipala A(2024)Foundational Integration Verification of a Cryptographic ServerProceedings of the ACM on Programming Languages10.1145/36564468:PLDI(1704-1729)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656446
Show More Cited By

Index Terms

Jasmin: High-Assurance and High-Speed Cryptography
1. Security and privacy
  1. Formal methods and theory of security
    1. Logic and verification
  2. Software and application security
    1. Software security engineering

Recommendations

A formally verified sequentializer for lustre-like concurrent synchronous data-flow programs
ICSE-C '17: Proceedings of the 39th International Conference on Software Engineering Companion

Synchronous data-flow languages (SDFL), such as Lustre [1], is a concurrent language that has been widely used in safety-critical systems. Verified compilers for such languages are crucial in generating trustworthy object code. A good approach is to ...
Compositional Verification of Efficient Masking Countermeasures against Side-Channel Attacks

Masking is one of the most effective countermeasures for securely implementing cryptographic algorithms against power side-channel attacks, the design of which however turns out to be intricate and error-prone. While techniques have been proposed to ...
A New Second-Order Side Channel Attack Based on Linear Regression

Since the preliminary works of Kocher et al. in the nineties, studying and enforcing the resistance of cryptographic implementations against side channel analysis (SCA) is became a dynamic and prolific area of embedded security. Stochastic attacks, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

October 2017

2682 pages

ISBN:9781450349468

DOI:10.1145/3133956

General Chair:
Bhavani Thuraisingham
The University of Texas at Dallas, USA
,
Program Chairs:
David Evans
University of Virginia
,
Tal Malkin
Columbia University
,
Dongyan Xu
Purdue University

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

ONR
Cátedra PT-FLAD em Smart Cities & Smart Governance
Google Chrome University
North Portugal Regional Operational Programme (NORTE 2020)

Conference

CCS '17

Sponsor:

SIGSAC

CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security

October 30 - November 3, 2017

Texas, Dallas, USA

Acceptance Rates

CCS '17 Paper Acceptance Rate 151 of 836 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

72
Total Citations
View Citations
1,724
Total Downloads

Downloads (Last 12 months)533
Downloads (Last 6 weeks)86

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ruan HNoller YTizpaz-Niari SChattopadhyay SRoychoudhury A(2024)Timing Side-Channel Mitigation via Automated Program RepairACM Transactions on Software Engineering and Methodology10.1145/367816933:8(1-27)Online publication date: 16-Jul-2024
https://dl.acm.org/doi/10.1145/3678169
Barthe GBöhme MCauligi SChuengsatiansup CGenkin DGuarnieri MMateos Romero DSchwabe PWu DYarom YLuo BLiao XXu JKirda ELie D(2024)Testing Side-channel Security of Cryptographic Implementations against Future MicroarchitecturesProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670319(1076-1090)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670319
Erbsen APhilipoom JJamner DLin AGruetter SPit-Claudel CChlipala A(2024)Foundational Integration Verification of a Cryptographic ServerProceedings of the ACM on Programming Languages10.1145/36564468:PLDI(1704-1729)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656446
Haselwarter PHvass BHansen LWinterhalter THriţcu CSpitters BTimany ATraytel DPientka BBlazy S(2024)The Last Yard: Foundational End-to-End Verification of High-Speed CryptographyProceedings of the 13th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3636501.3636961(30-44)Online publication date: 9-Jan-2024
https://dl.acm.org/doi/10.1145/3636501.3636961
Sun PSong FChen YChen T(2024)EasyBC: A Cryptography-Specific Language for Security Analysis of Block Ciphers against Differential CryptanalysisProceedings of the ACM on Programming Languages10.1145/36328718:POPL(848-881)Online publication date: 5-Jan-2024
https://dl.acm.org/doi/10.1145/3632871
Mosier NNemati HMitchell JTrippel C(2024)Serberus: Protecting Cryptographic Code from Spectres at Compile-Time2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00048(4200-4219)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00048
Masuda MKameyama Y(2024)Program generation meets program verificationScience of Computer Programming10.1016/j.scico.2023.103035232:COnline publication date: 27-Feb-2024
https://dl.acm.org/doi/10.1016/j.scico.2023.103035
Hwang V(2024)Formal Verification of Emulated Floating-Point Arithmetic in FalconAdvances in Information and Computer Security10.1007/978-981-97-7737-2_7(125-141)Online publication date: 13-Sep-2024
https://doi.org/10.1007/978-981-97-7737-2_7
Samyuktha MBorkar PRebeiro C(2024)High Speed High Assurance Implementations of Multivariate Quadratic Based SignaturesSecurity, Privacy, and Applied Cryptography Engineering10.1007/978-3-031-80408-3_12(196-200)Online publication date: 9-Dec-2024
https://doi.org/10.1007/978-3-031-80408-3_12
Almeida JArranz Olmos SBarbosa MBarthe GDupressoir FGrégoire BLaporte VLéchenet JLow COliveira TPacheco HQuaresma MSchwabe PStrub P(2024)Formally Verifying KyberAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68379-4_12(384-421)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68379-4_12
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents