Formally verifying Kyber Episode IV: Implementation correctness

dc.contributor.author José Bacelar Almeida en
dc.contributor.author Hugo Pereira Pacheco en
dc.contributor.other 5598 en
dc.contributor.other 5647 en
dc.date.accessioned 2024-01-27T21:13:29Z
dc.date.available 2024-01-27T21:13:29Z
dc.date.issued 2023 en
dc.description.abstract <jats:p>In this paper we present the first formally verified implementations of Kyber and, to the best of our knowledge, the first such implementations of any post-quantum cryptosystem. We give a (readable) formal specification of Kyber in the EasyCrypt proof assistant, which is syntactically very close to the pseudocode description of the scheme as given in the most recent version of the NIST submission. We present high-assurance open-source implementations of Kyber written in the Jasmin language, along with machine-checked proofs that they are functionally correct with respect to the EasyCrypt specification. We describe a number of improvements to the EasyCrypt and Jasmin frameworks that were needed for this implementation and verification effort, and we present detailed benchmarks of our implementations, showing that our code achieves performance close to existing hand-optimized implementations in C and assembly.</jats:p> en
dc.identifier P-00Y-N1D en
dc.identifier.uri https://repositorio.inesctec.pt/handle/123456789/14777
dc.language eng en
dc.rights info:eu-repo/semantics/openAccess en
dc.title Formally verifying Kyber Episode IV: Implementation correctness en
dc.type en
dc.type Publication en
Files
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
P-00Y-N1D.pdf
Size:
679.32 KB
Format:
Adobe Portable Document Format
Description: