Comments (6)
Nice PDF presented at Black Hat conference 2015 on finding BigNum vulnerabilities: https://comsecuris.com/slides/slides-bignum-bhus2015.pdf
from constantine.
Formally verified crypto code generated from Coq.
Thesis: http://adam.chlipala.net/theses/andreser_meng.pdf
Crafting Certified Elliptic CurveCryptography Implementations in Coq
Paper: http://adam.chlipala.net/papers/FiatCryptoSP19/FiatCryptoSP19.pdf
Repo: https://github.com/mit-plv/fiat-crypto
from constantine.
Using Z3 for formally verifying bignum implementation and example on an OpenSSL CVE: https://kryptoslogic.blogspot.com/2015/01/openssls-squaring-bug-and-opportunistic.html
Also: http://crypto.di.uminho.pt/CACE/ from the paper: Practical realisation and elimination of an ECC-related software bug attack. https://eprint.iacr.org/2011/633.pdf
from constantine.
Formally verified crypto assembly primitives using Dafny (and Z3): https://project-everest.github.io/assets/vale2017.pdf
from constantine.
Using Why3
https://eprint.iacr.org/2021/415.pdf - Efficient Verification of Optimized Code Correct High-speed X25519
Frama-C which inspired Dr.Nim uses Why3 in the backend.
from constantine.
Cryptoline can verify assembler for cryptography:
It works directly on the compiler internal representation (Gimple for GCC, LLVM IR for LLVM)
Jasmin can generate formally-verified assembly:
- https://formosa-crypto.org/
- https://dl.acm.org/doi/pdf/10.1145/3133956.3134078
- https://blog.cloudflare.com/post-quantum-easycrypt-jasmin/
Like Vale, it also uses Dafny+Z3 for formal verification and the Jasmin compiler itself is written in Coq.
from constantine.
Related Issues (20)
- Add test using verkle-test-vectors for computing the correct Pedersen Commitment
- EIP-7594: Data Availability Sampling HOT 1
- Tests for Scalar Deserialize by Ignacio
- wrong result with `scalarMul` in G2 curve HOT 3
- Refine scalar decomposition for GLV/GLS endomorphism acceleration HOT 2
- IPAProof and Multiproof Ser/De
- Enhancement of `generateChallengeScalar()` in Verkle Cryptography API
- Implement SAFE (Sponge API for Field Elements)
- Tracking compiler inefficiencies
- precomp square root in constant time HOT 2
- Sage script for dlog precomp constants calculation HOT 2
- Polynomial refactoring
- Another G2 MSM wrong result HOT 5
- IPA / Verkle tree cleanups
- MacOS CI: Now running on ARM64 CPUs HOT 2
- Nim 2.0.x devel: static generic typeclass type mismatch HOT 3
- Banderwagon: clearing cofactors
- Bandersnatch/wagon Curve25519: fast subgroup checks
- EIP-2537: Potential memory leak in G1 and G2 MSM
- Followup: Go API for BLS signatures HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from constantine.