Verifying Cryptographic Software Correctness with Respect to Reference Implementations

  • José Bacelar Almeida
  • Manuel Barbosa
  • Jorge Sousa Pinto
  • Bárbara Vieira
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5825)


This paper presents techniques developed to check program equivalences in the context of cryptographic software development, where specifications are typically reference implementations. The techniques allow for the integration of interactive proof techniques (required given the difficulty and generality of the results sought) in a verification infrastructure that is capable of discharging many verification conditions automatically. To this end, the difficult results in the verification process (to be proved interactively) are isolated as a set of lemmas. The fundamental notion of natural invariant is used to link the specification level and the interactive proof construction process.


Theorem Prover Stream Cipher Proof Obligation Proof Assistant Reference Implementation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ball, T., Rajamani, S.K.: The slam project: debugging system software via static analysis. In: POPL 2002: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 1–3. ACM, New York (2002)CrossRefGoogle Scholar
  2. 2.
    Barthe, G., D’Argenio, P.R., Rezk, T.: Secure information flow by self-composition. In: CSFW, pp. 100–114. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  3. 3.
    Baudin, P., Filliâtre, J.-C., Marché, C., Monate, B., Moy, Y., Prevosto, V.: ACSL: ANSI/ISO C Specfication Language. In: CEA LIST and INRIA, 2008. Preliminary design (version 1.4), December 12 (2008)Google Scholar
  4. 4.
    Benton, N.: Simple relational correctness proofs for static analyses and program transformations. In: Jones, N.D., Leroy, X. (eds.) POPL, pp. 14–25. ACM, New York (2004)CrossRefGoogle Scholar
  5. 5.
    Computer Aided Cryptography Engineering. EU FP7,
  6. 6.
    Chrzaszcz, J.: Implementation of modules in the Coq system. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 270–286. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Conchon, S., Contejean, E., Kanig, J.: Ergo: a theorem prover for polymorphic first-order logic modulo theories (2006)Google Scholar
  8. 8.
    Cook, S.A.: Soundness and completeness of an axiom system for program verification. SIAM J. Comput. 7(1), 70–90 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Detlefs, D., Nelson, G., Saxe, J.B.: Simplify: a theorem prover for program checking. J. ACM 52(3), 365–473 (2005)CrossRefMathSciNetGoogle Scholar
  10. 10.
    Filliâtre, J.-C., Marché, C.: The Why/Krakatoa/Caduceus platform for deductive program verification. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 173–177. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL 2002: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 58–70. ACM, New York (2002)CrossRefGoogle Scholar
  12. 12.
    Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12, 576–580 (1969)zbMATHCrossRefGoogle Scholar
  13. 13.
    Leivant, D.: Logical and mathematical reasoning about imperative programs. In: POPL, pp. 132–140 (1985)Google Scholar
  14. 14.
    Li, P., Zdancewic, S.: Downgrading policies and relaxed noninterference. In: POPL 2005: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, pp. 158–170. ACM Press, New York (2005)CrossRefGoogle Scholar
  15. 15.
    The OpenSSL Project,
  16. 16.
    Schneier, B.: Applied cryptography: protocols, algorithms, and source code in C, 2nd edn. Wiley, New York (1996)zbMATHGoogle Scholar
  17. 17.
    Terauchi, T., Aiken, A.: Secure information flow as a safety problem. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 352–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    The Coq Development Team. The Coq Proof Assistant Reference Manual – Version V8.2 (2008),

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • José Bacelar Almeida
    • 1
  • Manuel Barbosa
    • 1
  • Jorge Sousa Pinto
    • 1
  • Bárbara Vieira
    • 1
  1. 1.CCTC / Departamento de InformáticaUniversidade do MinhoBragaPortugal

Personalised recommendations