Periodic Reporting for period 4 - CIRCUS (An end-to-end verification architecture for building Certified Implementations of Robust, Cryptographically Secure web applications)
Periodo di rendicontazione: 2020-10-01 al 2021-03-31
However, despite their widespread use, their security guarantees remain poorly understood, resulting in subtle implementation bugs and insecure deployments.
For example, a series of attacks, some discovered by our team, has shown that many popular modes of the TLS are obsolete and no longer reliable.
In response to these attacks and other weaknesses, the cryptographic community is proposing a series of new standards for cryptographic algorithms and protocols.
Our team contributed to a new version of TLS that has been published by the IETF and is being implemented by all web browsers and servers.
These new mechanisms hold much promise but need careful scrutiny.
The goal of CIRCUS was to bring together state-of-the-art research in software verification and cryptographic protocol analysis that can be applied to these mechanisms.
We aimed to develop new tools and techniques that make it possible to verify the security of emerging security protocols like TLS 1.3 to develop high-assurance high-performance libraries that implement modern
cryptographic algorithms and protocols, and to enable new web applications that can rely on these verified mechanisms to provide strong and proven security and privacy guarantees to all Internet users.
WP1: From verified F* code to efficient C and WebAssembly programs
We developed the theoretical foundations for writing efficient stateful code in the F* verification-oriented programming language
in a way that the code can be compiled to programs in the C programming language. We designed and developed a compiler, called KreMLin,
from F* to C and used it to implement a full cryptographic library called HACL* as well as implementations of TLS 1.3 and Signal. Subsequently,
we extended KreMLin to compile F* code to WebAssembly, a new runtime environment for the Web. This work resulted in papers at ICFP 2017, IEEE S&P 2019, and ICFP 2020.
WP2: HACL* - A Verified Modern Cryptographic Library
We designed and developed HACL*: the first cryptographic library in C to be verified for memory safety, functional correctness, and side-channel resistance.
Our library includes a full suite of modern cryptographic algorithms and can be used as a drop-in replacement for crypto libraries currently used in protocol libraries
and web applications. Our code is not only verified, it is as fast as state-of-the-art handwritten C code. In subsequent work, we extended HACL* with verified assembly code.
We also developed and incorporated a new methodology called HACLxN for verifying vectorized cryptographic code that relies on the single-instruction multiple-data (SIMD) parallelism provided by modern processors.
The HACL* library is now being used in production software including Mozilla Firefox, the WireGuard VPN, the Linux kernel, the Tezos blockchain, the Microsoft WinQuic stack, and ElectionGuard.
As such, this library is a significant achievement, both for research and technological transfer. Our work on HACL* was published at ACM CCS 2017, IEEE S&P 2020, and ACM CCS 2020.
WP3: The Design, Analysis, and Implementation of the TLS 1.3 Standard
We participated in the design and standardization of the TLS 1.3 protocol, and our work is acknowledged in the TLS 1.3 standard.
We published detailed proofs of the TLS 1.3 protocol using verification tools developed in our research group at INRIA.
Our work on TLS 1.3 resulted in two publications at IEEE S&P 2017, one of which was awarded the Distinguished Paper Award.
WP4: New Verification Tools for Cryptographic Web Applications
We developed a novel verification framework called ProScript that
papers at IEEE Euro S&P 2017 and IEEE S&P 2017.
We also developed a compiler from the F* programming language to WebAssembly and used this compiler to develop
a verified cryptographic library and verified protocol implementation in WebAssembly, resulting in a paper at IEEE S&P 2019.
WP5: Landmark Case Studies for Cryptographic Protocol Verification
We analyzed implementations of the Signal protocol, used by popular messaging
applications like WhatsApp and Skype, esulting in publications
at IEEE Euro S&P 2017, IEEE S&P 2019, and IEEE Euro S&P 2021.
We developed a mechanized cryptographic proof of the WireGuard VPN
protocol used in the Linux Kernel with CryptoVerif, resulting in a paper
at IEEE Euro S&P 2019 .
We also designed a new encryption standard called HPKE and published
its formal analysis at EUROCRYPT 2021.
Our cryptographic library pushes the state-of-the-art for fast verified crypto and is already widely used in mainstream software applications like the Firefox web browser and the Linux kernel. We plan to work on improving the performance of this library even more using SIMD vectorization. We are also working on implementing and verifying more advanced cryptographic constructions, including multi-party computation and post-quantum cryptography.
After the success of TLS 1.3 we are participating in the design and standardization of a new secure messaging protocol at the IETF called Messaging Layer Security (MLS). We designed the core protocol mechanism in MLS and are helping analyze this important upcoming standard.