Pragmatic equivalence and safety checking in Cryptol

Cryptol is programming a language designed for specifying and programming cryptographic algorithms. In order to meet high-assurance requirements, Cryptol comes with a suite of formal-methods based tools allowing users to perform various program verification tasks. In the fully automated mode, Cryptol uses modern off-the-shelf SAT and SMT solvers to perform verification in a push-button manner. In the manual mode, Cryptol produces Isabelle/HOL specifications that can be interactively verified using the Isabelle theorem prover. In this paper, we provide an overview of Cryptol's verification toolset, describing our experiences with building a practical programming environment with dedicated support for formal verification.

[1]  Xiushan Feng,et al.  Formal equivalence checking of software specifications vs. hardware implementations , 2007 .

[2]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[3]  Daniel Kroening,et al.  Decision Procedures - An Algorithmic Point of View , 2008, Texts in Theoretical Computer Science. An EATCS Series.

[4]  John C. Reynolds,et al.  Definitional Interpreters for Higher-Order Programming Languages , 1972, ACM '72.

[5]  Dominique Borrione,et al.  Formal Verification of a SHA-1 Circuit Core Using ACL2 , 2005, TPHOLs.

[6]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[7]  Konrad Slind,et al.  An Embedding of Cryptol in HOL-4 , 2008 .

[8]  Koen Claessen,et al.  QuickCheck: a lightweight tool for random testing of Haskell programs , 2000, ICFP.

[9]  Cesare Tinelli,et al.  Scaling Up the Formal Verification of Lustre Programs with SMT-Based Techniques , 2008, 2008 Formal Methods in Computer-Aided Design.

[10]  John Matthews,et al.  A verifying core for a cryptographic language compiler , 2006, ACL2 '06.

[11]  Konrad Slind,et al.  Proof producing synthesis of arithmetic and cryptographic hardware , 2007, Formal Aspects of Computing.

[12]  Niklas Sörensson,et al.  An Extensible SAT-solver , 2003, SAT.

[13]  Joe Hurd Embedding Cryptol in Higher Order Logic , 2007 .

[14]  Shi-Yu Huang,et al.  Formal Equivalence Checking and Design Debugging , 1998 .

[15]  J. V. Tucker,et al.  Basic Simple Type Theory , 1997 .

[16]  Guodong Li,et al.  Functional Correctness Proofs of Encryption Algorithms , 2005, LPAR.

[17]  J. R. Lewis,et al.  Cryptol: high assurance, retargetable crypto development and validation , 2003, IEEE Military Communications Conference, 2003. MILCOM 2003..

[18]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[19]  Hasan Amjad,et al.  Efficiently checking propositional refutations in HOL theorem provers , 2009, J. Appl. Log..