EverCrypt: A Fast, Verified, Cross-Platform Cryptographic Provider

Abstract: We present EverCrypt: a comprehensive collection of verified, high-performance cryptographic functionalities available via a carefully designed API. The API provably supports agility (choosing between multiple algorithms for the same functionality) and multiplexing (choosing between multiple implementations of the same algorithm). Through abstraction and zero-cost generic programming, we show how agility can simplify verification without sacrificing performance, and we demonstrate how C and assembly can be com… Show more

“…Although this TCB is significant, it is comparable in scale to similar verification projects like EverCrypt [21]. The highest impact improvement would likely proving the algorithms at arbitrary sizes.…”

“…The Everest project has developed verified C/x86 cryptographic library called EverCrypt [5,10,21,23]. Recent results are extremely impressive, with performance comparable to highly optimised OpenSSL code.…”

“…The verification of cryptographic code has seen huge advances in recent years. Purpose-built libraries such as EverCrypt [21] can now match the performance of hand-tuned OpenSSL. These correct-by-construction libraries may be the future, but as of 2021 they have not yet seen wide mainstream adoption.…”

“…This is in contrast to many other efforts, which target systems that were designed with assurance in mind. For example, Galois and AWS previously verified an Amazon TLS library that was purpose-built as a high-assurance alternative to OpenSSL's TLS support [7], while in the EverCrypt library, code and proof were developed in parallel, and even the API was designed to simplify specifications [21]. We verify legacy code because this is the code that is actually used in AWS-LC and its predecessors.…”

Verified Cryptographic Code for Everybody

“…Although this TCB is significant, it is comparable in scale to similar verification projects like EverCrypt [21]. The highest impact improvement would likely proving the algorithms at arbitrary sizes.…”

“…The Everest project has developed verified C/x86 cryptographic library called EverCrypt [5,10,21,23]. Recent results are extremely impressive, with performance comparable to highly optimised OpenSSL code.…”

“…The verification of cryptographic code has seen huge advances in recent years. Purpose-built libraries such as EverCrypt [21] can now match the performance of hand-tuned OpenSSL. These correct-by-construction libraries may be the future, but as of 2021 they have not yet seen wide mainstream adoption.…”

“…This is in contrast to many other efforts, which target systems that were designed with assurance in mind. For example, Galois and AWS previously verified an Amazon TLS library that was purpose-built as a high-assurance alternative to OpenSSL's TLS support [7], while in the EverCrypt library, code and proof were developed in parallel, and even the API was designed to simplify specifications [21]. We verify legacy code because this is the code that is actually used in AWS-LC and its predecessors.…”

Verified Cryptographic Code for Everybody

“…In the context of F ★ , Dijkstra monads [Swamy et al 2013] have been shown to be an effective way to reason about (impure) programs. Despite the success of these approachesÐthese tools have been used to verify the correctness of applications ranging from concurrent mailbox protocols, to cryptography primitives [Protzenko et al 2020], to Rust library code [Jung et al 2017]Ðthere remain improvements to be made.…”

Dijkstra monads forever: termination-sensitive specifications for interaction trees

IoT, The Internet of Things