Viewing Results for Category: Cryptography (1 of 1 Pages)

Part two: Specifying HMAC in Cryptol

This is the last in a series of three blog posts detailing the use of SAW and Cryptol to prove the correctness of the HMAC implementation in Amazon’s s2n TLS library. Part one: Verifying s2n HMAC with SAW. Part three: Proving Program Equivalence with SAW. In the first post, we described how we proved equivalence between a mathematical description […]

Read More

Part one: Verifying s2n HMAC with SAW

In June 2015, Amazon introduced its s2n library, an open-source TLS library that prioritizes simplicity. A stated benefit of this simplicity is ease of auditing and testing. Galois recently collaborated with Amazon to show that this benefit extends to verifiability by proving the correctness of s2n’s implementation of the keyed-Hash Message Authentication Code (HMAC) algorithm. To construct this […]

Read More

New BSD-Licensed SAW Release

A new release of the Software Analysis Workbench (SAW) is now available! This release includes a large collection of new features and bug fixes enabling verification of a wider variety of Java and LLVM programs. A list of changes is available here, along with binaries for a variety of platforms. Additionally, this release changes the […]

Read More

Applying Cryptol and SAW to Minilock Primitives

To commemorate the public release of the Software Analysis Workbench (SAW), it seemed fitting to blog about some recent work specifying algorithms in Cryptol and proving properties, leveraging SAW along the way. Cryptol, Galois’s domain specific language for describing cryptographic algorithms, has frequently been demonstrated over individual algorithms and toy problems. Our blog is covered […]

Read More

Announcing the Software Analysis Workbench

We are pleased to announce a public preview of the Software Analysis Workbench. The Software Analysis Workbench (SAW) provides the ability to formally verify properties of code written in C, Java, and Cryptol. It leverages automated SAT and SMT solvers to make this process as automated as possible, and provides a scripting language, called SAW […]

Read More

The “FREAK” TLS/SSL flaw, and related thoughts

“Formal verification methods…should be considered the prime choice for verification of complex and mission-critical software ecosystems.” New vulnerabilities in the software infrastructure we all depend on for privacy are discovered frequently. Thus it was not surprising when an INRIA, MSR, and IMDEA team announced discovery of a significant TLS/SSL vulnerability. The surprise in this announcement was […]

Read More

Computing on private and secure data: An article for the IEEE

Dr. David Archer, our cryptography research lead, and Prof. Kurt Rolloff of the New Jersey Institute of Technology recently wrote an article for the IEEE Security and Privacy magazine on the topic of computing on sensitive, encrypted data without decrypting it. The new, groundbreaking process of computing on encrypted data has major implications for businesses that would […]

Read More

Block Ciphers, Homomorphically, And Then Some

Following up on our recent post, Block Ciphers, Homomorphically, we have some new results. In our previous post, we reported on two experiments: a single block-at-a-time evaluation of SIMON 64/128 computed with the HElib homomorphic encryption library, and a parallel, 1800 block-at-a-time evaluation of the same cipher. Our results on the latter have not changed: 1800 […]

Read More

Block Ciphers, Homomorphically

by Brent Carmer and David W. Archer, PhD Our team at Galois, Inc. is interested in making secure computation practical. Much of our secure computation work has focused on linear secret sharing (LSS, a form of multi-party computation) and the platform we’ve built on that technology. However, we’ve also done a fair bit of comparison […]

Read More