EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider

Jonathan Protzenko, Bryan Parno, Aymeric Fromherz, C. Hawblitzel, M. Polubelova, K. Bhargavan, Benjamin Beurdouche, Joonwon Choi, Antoine Delignat-Lavaud, C. Fournet, T. Ramananandro, Aseem Rastogi, N. Swamy, C. Wintersteiger, Santiago Zanella Béguelin
{"title":"EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider","authors":"Jonathan Protzenko, Bryan Parno, Aymeric Fromherz, C. Hawblitzel, M. Polubelova, K. Bhargavan, Benjamin Beurdouche, Joonwon Choi, Antoine Delignat-Lavaud, C. Fournet, T. Ramananandro, Aseem Rastogi, N. Swamy, C. Wintersteiger, Santiago Zanella Béguelin","doi":"10.1109/SP40000.2020.00114","DOIUrl":null,"url":null,"abstract":"We present EverCrypt: a comprehensive collection of verified, high-performance cryptographic functionalities available via a carefully designed API. The API provably supports agility (choosing between multiple algorithms for the same functionality) and multiplexing (choosing between multiple implementations of the same algorithm). Through abstraction and zero-cost generic programming, we show how agility can simplify verification without sacrificing performance, and we demonstrate how C and assembly can be composed and verified against shared specifications. We substantiate the effectiveness of these techniques with new verified implementations (including hashes, Curve25519, and AES-GCM) whose performance matches or exceeds the best unverified implementations. We validate the API design with two high-performance verified case studies built atop EverCrypt, resulting in line-rate performance for a secure network protocol and a Merkle-tree library, used in a production blockchain, that supports 2.7 million insertions/sec. Altogether, EverCrypt consists of over 124K verified lines of specs, code, and proofs, and it produces over 29K lines of C and 14K lines of assembly code.","PeriodicalId":6849,"journal":{"name":"2020 IEEE Symposium on Security and Privacy (SP)","volume":"47 1","pages":"983-1002"},"PeriodicalIF":0.0000,"publicationDate":"2020-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"75","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP40000.2020.00114","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 75

Abstract

We present EverCrypt: a comprehensive collection of verified, high-performance cryptographic functionalities available via a carefully designed API. The API provably supports agility (choosing between multiple algorithms for the same functionality) and multiplexing (choosing between multiple implementations of the same algorithm). Through abstraction and zero-cost generic programming, we show how agility can simplify verification without sacrificing performance, and we demonstrate how C and assembly can be composed and verified against shared specifications. We substantiate the effectiveness of these techniques with new verified implementations (including hashes, Curve25519, and AES-GCM) whose performance matches or exceeds the best unverified implementations. We validate the API design with two high-performance verified case studies built atop EverCrypt, resulting in line-rate performance for a secure network protocol and a Merkle-tree library, used in a production blockchain, that supports 2.7 million insertions/sec. Altogether, EverCrypt consists of over 124K verified lines of specs, code, and proofs, and it produces over 29K lines of C and 14K lines of assembly code.
EverCrypt:一个快速,经过验证的跨平台加密提供商
我们介绍EverCrypt:通过精心设计的API提供的经过验证的高性能加密功能的综合集合。可以证明,该API支持敏捷性(在实现相同功能的多种算法之间进行选择)和多路复用(在同一算法的多种实现之间进行选择)。通过抽象和零成本泛型编程,我们展示了敏捷性如何在不牺牲性能的情况下简化验证,并演示了C语言和汇编语言如何根据共享规范进行组合和验证。我们用新的经过验证的实现(包括哈希、Curve25519和AES-GCM)证实了这些技术的有效性,这些实现的性能与最好的未经验证的实现相匹配或超过。我们通过构建在EverCrypt之上的两个高性能验证案例研究来验证API设计,从而获得安全网络协议和默克尔树库的线率性能,用于生产区块链,支持270万次插入/秒。总而言之,EverCrypt由超过124K的规格、代码和证明验证行组成,它产生了超过29K行的C语言和14K行的汇编代码。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信