Formal verification of Amazon's s2n SSL/TLS library (opens in new tab)

(galois.com)

25 pointsNathanCollins9y ago6 comments

6 comments

Isn't verifying that the math is correct the really easy part of making sure crypto code is safe?

Do you mean as opposed to e.g. verifying the absence of timing attacks? While I agree that verifying the absence timing attacks is probably much harder than what was done here, the difficult part of the s2n verification I linked to was that we verified equivalence between imperative C code and a functional mathematical specification.

guitarbill9y ago

Right, it says "convincing argument that the C implementation does the same thing as the mathematical specification" and "Assuming that we didn’t accidentally program the same “bug” into our Cryptol spec".

My understanding is it's another way of white-box testing the code against specified behaviour, but just that using a (proven?) mathematical specification for algorithms is probably easier than writing unit tests that have to capture all edge cases. (In essence, it sounds like verification software is probably set up to detect such edge cases, which I do think is a good idea, because you only have to program such software once.)

1 more reply

j / k navigate · click thread line to collapse

6 comments

serge2k9y ago

Isn't verifying that the math is correct the really easy part of making sure crypto code is safe?

NathanCollinsOP9y ago

guitarbill9y ago

1 more reply

j / k navigate · click thread line to collapse