Name
Abstract | ||
|---|---|---|
We formally prove that the C implementation of the X25519 key-exchange protocol in the TweetNaCl library is correct. We prove both that it correctly implements the protocol from Bernstein's 2006 paper, as standardized in RFC 7748, as well as the absence of undefined behavior like arithmetic overflows and array out-of-bounds errors. We also formally prove, based on the work of Bartzia and Strub, that X25519 is mathematically correct, i.e., that it correctly computes scalar multiplication on the elliptic curve Curve25519. The proofs are all computer-verified using the Coq theorem prover. To establish the link between C and Coq we use the Verified Software Toolchain (VST). |
Year | DOI | Venue |
|---|---|---|
2021 | 10.1109/CSF51468.2021.00023 | 2021 IEEE 34th Computer Security Foundations Symposium (CSF) |
Keywords | DocType | Volume |
Formal-Verification,x22519,Coq,Secure-implementations,Proofs | Conference | 2021 |
ISSN | ISBN | Citations |
1940-1434 | 978-1-7281-7608-6 | 0 |
PageRank | References | Authors |
0.34 | 0 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Peter Schwabe | 1 | 0 | 0.34 |
| Benoît Viguier | 2 | 0 | 0.34 |
| Timmy Weerwag | 3 | 0 | 0.34 |
| Freek Wiedijk | 4 | 381 | 43.24 |