![]() ![]() This strips away configurability when designing protocols and applications, as we are only limited to what the library offers (i.e HACL* doesn’t implement Bitcoin’s secp256k1 curve).ĭue to its ability to exhaustively explore all paths in a program, using symbolic execution to analyze cryptographic libraries can be very beneficial. Just use a verified implementation! Instead of trying to prove our code, let’s just use something that is already formally verified, like Project Everest’s HACL* library. ![]() This requires learning purely academic tools and languages, and having a sound translation. We can lift source code into cryptographic models that can be verified with proof languages. In addition, since they are random tools, they aren’t exactly “formal verification,” so much as a sotchastic approximation thereof. This is not optimal for coverage, as finding deeper classes of bugs requires time. We can use fuzz testing tools like AFL and libFuzzer. There are a few ways we could check our crypto for verification: Therefore, by ensuring verification, we are also ensuring functional correctness of our implementation. This is crucial, since crypto implementations often introduce new classes of bugs like bignum vulnerabilities, which can appear probabilistically. When choosing and implementing crypto, our trust should lie in whether or not the implementation is formally verified. While it can be used as a security tool to discover bugs, it also can be used as a framework for cryptographic verification. Sandshrew is a first step for crypto developers to easily create powerful unit test cases for their implementations, backed by advancements in symbolic execution. I analyzed various implementation-level bugs in cryptographic libraries, and built a prototype Manticore-based concolic unit testing tool, Sandshrew, that analyzed C cryptographic primitives under a symbolic and concrete environment. For my winternship and springternship at Trail of Bits, I researched novel techniques for symbolic execution on cryptographic protocols. ![]()
0 Comments
Leave a Reply. |