Verified Correctness and Security of mbedTLS HMAC-DRBG
release_jdo2clillvcxxmcwc7tjfkr43u
by
Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer,
Adam Petcher, Andrew W. Appel
2017
Abstract
We have formalized the functional specification of HMAC-DRBG (NIST 800-90A),
and we have proved its cryptographic security--that its output is
pseudorandom--using a hybrid game-based proof. We have also proved that the
mbedTLS implementation (C program) correctly implements this functional
specification. That proof composes with an existing C compiler correctness
proof to guarantee, end-to-end, that the machine language program gives strong
pseudorandomness. All proofs (hybrid games, C program verification, compiler,
and their composition) are machine-checked in the Coq proof assistant. Our
proofs are modular: the hybrid game proof holds on any implementation of
HMAC-DRBG that satisfies our functional specification. Therefore, our
functional specification can serve as a high-assurance reference.
In text/plain
format
Archived Files and Locations
application/pdf 333.4 kB
file_e33i7hsdlbb7nf4j2dzp33ufnu
|
arxiv.org (repository) web.archive.org (webarchive) |
1708.08542v1
access all versions, variants, and formats of this works (eg, pre-prints)