Verified Correctness and Security of mbedTLS HMAC-DRBG release_jdo2clillvcxxmcwc7tjfkr43u

by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, Andrew W. Appel

Released as a article .

2017  

Abstract

We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security--that its output is pseudorandom--using a hybrid game-based proof. We have also proved that the mbedTLS implementation (C program) correctly implements this functional specification. That proof composes with an existing C compiler correctness proof to guarantee, end-to-end, that the machine language program gives strong pseudorandomness. All proofs (hybrid games, C program verification, compiler, and their composition) are machine-checked in the Coq proof assistant. Our proofs are modular: the hybrid game proof holds on any implementation of HMAC-DRBG that satisfies our functional specification. Therefore, our functional specification can serve as a high-assurance reference.
In text/plain format

Archived Files and Locations

application/pdf  333.4 kB
file_e33i7hsdlbb7nf4j2dzp33ufnu
arxiv.org (repository)
web.archive.org (webarchive)
Read Archived PDF
Preserved and Accessible
Type  article
Stage   submitted
Date   2017-08-28
Version   v1
Language   en ?
arXiv  1708.08542v1
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: 2e103fbe-dfea-4ed6-b88c-2d7c54be0728
API URL: JSON