Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Suite of Digital Cryptography Tools, Released Today, Has Been Mathematically Proven To Be Completely Secure and Free of Bugs (quantamagazine.org)

Posted by msmash on from the pushing-the-limits dept.

By making programming more mathematical, a community of computer scientists is hoping to eliminate the coding bugs that can open doors to hackers, spill digital secrets and generally plague modern society. From a report: Now a set of computer scientists has taken a major step toward this goal with the release today of EverCrypt, a set of digital cryptography tools. The researchers were able to prove -- in the sense that you can prove the Pythagorean theorem -- that their approach to online security is completely invulnerable to the main types of hacking attacks that have felled other programs in the past. "When we say proof, we mean we prove that our code can't suffer these kinds of attacks," said Karthik Bhargavan, a computer scientist at Inria in Paris who worked on EverCrypt.

EverCrypt was not written the way most code is written. Ordinarily, a team of programmers creates software that they hope will satisfy certain objectives. Once they finish, they test the code. If it accomplishes the objectives without showing any unwanted behavior, the programmers conclude that the software does what it's supposed to do. Yet coding errors often manifest only in extreme "corner cases" -- a perfect storm of unlikely events that reveals a critical vulnerability. Many of the most damaging hacking attacks in recent years have exploited just such corner cases.

15 of 194 comments (clear)

  1. Completely secure and free of bugs. by olsmeister · · Score: 5, Funny

    Until it's installed on a computer that uses an Intel (tm) processor, that is....

    1. Re:Completely secure and free of bugs. by Red_Forman · · Score: 4, Informative

      I am guessing you never used earlier Windows versions.

    2. Re:Completely secure and free of bugs. by tepples · · Score: 3, Insightful

      I can imagine a mathematical formalism where every instantiation of a secret key must result in calling a destructor that securely zeroes the key.

    3. Re:Completely secure and free of bugs. by Farmer+Tim · · Score: 3, Informative

      Incredible...I could actually hear the eyes of everyone who suffered through Windows ME rolling at that.

      --
      Blank until /. makes another boneheaded UI decision.
  2. Really, proven free of bugs? by JoeyRox · · Score: 3, Funny

    SImpsons: Sarcasm Detector

  3. Re:But how do you prove the proof by phantomfive · · Score: 4, Insightful

    Generally, you fall back to some very axioms that everyone agrees on. That's the way math works.

    --
    "First they came for the slanderers and i said nothing."
  4. Yes, the code is right, only the code. Not "secure by raymorris · · Score: 4, Informative

    That's true. One can prove that a particular function is correct, that their code is correct. In this case, library code.

    Proving the CPU hardware and microcode is a separate step. Proving the code that USES their library is yet another thing.

    All of these can be done. It's just expensive, so you use the simplest thing that will get the job done - prove a little MCU used as a cryto co-processor, not a complex Intel CPU.

  5. The interesting bit... by ath1901 · · Score: 5, Interesting

    Here's the interesting bit about what they actually did:

    The platform needed the capacity of a traditional software language like C++ and the logical syntax and structure of proof-assistant programs like Isabelle and Coq, which mathematicians have been using for years. No such all-in-one platform existed when the researchers started work on EverCrypt, so they developed one — a programming language called F*. It put the math and the software on equal footing.

    “We unified these things into a single coherent framework so that the distinction between writing programs and doing proofs is really reduced,” said Bhargavan. “You can write software as if you were a software developer, but at same time you can write a proof as if you were a theoretician.”

    1. Re:The interesting bit... by Anubis+IV · · Score: 3, Funny

      F* (pronounced "F star") was the grade my university would give to students who failed a course, but not just for any failure. The F* grade was reserved for those who cheated on an exam, plagiarized papers, or were otherwise caught engaging in unethical behavior. It was a scarlet letter that went on their official transcript, forever branding them as someone you couldn't trust (or as someone who wasn't competent enough to NOT get caught, depending on your outlook).

      As a result, it's kinda hard for me to shake the feeling that there's something untrustworthy about this software.

  6. Re:But how do you prove the proof by K.+S.+Kyosuke · · Score: 4, Informative

    If it comes from a theorem prover, and includes a trace of the proof, then it can be checked with a proof checker. Proof checkers are generally much simpler than theorem provers, because they only need to mechanically check that the proof trace is consistent, whereas a theorem prover has to *find* that trace. Worst case is that you check the steps yourself.

    --
    Ezekiel 23:20
  7. First, we posit a spherical cow... by karlandtanya · · Score: 3, Interesting

    It's possible to be mathematically perfect...in fact, mathematically is pretty much the only way to be "completely" or "perfectly" anything.

    The basic problem with mathematical proofs is that math is an abstraction (the model), and the perfect-and-complete nature of the proof can *only* ever apply to the abstraction. The degree of fidelity to which the model reproduces your particular real situation is another story. Mathematically proving your solution is perfect not meaningful by itself.

    It's a huge red flag the the vendor in this ad is directing our attention to a meaningless mathematical proof of perfection in their product. This strongly suggests to me that there is no valid reason to trust their design.

    Even if we stipulate a "perfect" set of cryptographic algorithms implemented in a mathematically "perfect" set of code, the solution is meaningless without proper implementation and user procedures.

    For example: I've got a great VPN (it uses OpenVPN), but when it fails, all my traffic is suddenly exposed. So I adjust my firewall rules so the only traffic allowed besides that needed to establish the vpn link must go through through tun0. Or use wireguard instead. Until next week when I'm in a factory and I need to talk to some PLCs or I/O modules to configure them, then I turn off the firewall or use the "factory" instead of the "office" setting. Now I have to remember to turn it on again or I won't be protected. etc. etc. etc.

    There are no "magic bullets", and somebody claiming to have one has just saved you the trouble of evaluating them any further.

    --
    "Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
  8. Re:Yes, the code is right, only the code. Not "sec by skids · · Score: 4, Insightful

    Proving the code that USES their library is yet another thing.

    That's the rub. There will be some wrapper written to make parameter exchange automatic, or facilitate finding a VPN gateway, or whatnot, and it'll undo all the hard work in a few lines of hastily coded VB.

    There's a hard and fast requisit for establishing a MITM-proof crypto channel: you have to exchange some keying material safely... whether that's through a CA system or a preshared key or whatever, it simply must be done... and the users will choose the software which skips that step because someone assured them it is taken care of automagically, and well heck, that's much easier.

    --
    Someone had to do it.
  9. Re:Yes, the code is right, only the code. Not "sec by lgw · · Score: 4, Interesting

    It' impossible to prove that your crypto library is invulnerable to side-channel attacks. It is possible, however, to prove it's not vulnerable to common side-channel attacks. That's not nothing.

    Their marketing hyperbole is so over the top, however, that I wouldn't trust them with anything.

    A big problem in general in software crypto is that it's impossible to prove that the random/entropy source provided by the processor is good. There's no software work-around to that - oh, you can try to use I/O timings and so on, but those can be manipulated. Even if the code that generates the mask that is used in the fab is proven correct, we know the NSA is capable of tampering with the mask between code and fab.

    After the Snowden revelations were understood, paranoid crytpo guys reached the point of "I can't only trust a hardware entropy source that I build myself from components I bought myself in person from a random store." That's not exactly productizable, but it's a fair assessment of the threat of the NSA.

    --
    Socialism: a lie told by totalitarians and believed by fools.
  10. Re:Bullshit by CyberSlugGump · · Score: 3, Funny

    Reminds me of the famous Donald Knuth quotation: Beware of bugs in the above code; I have only proved it correct, not tried it.

  11. Re:With Goedel's incompleteness theorem. by k2r · · Score: 3, Informative

    [ ] you understood G”oels incompleteness theorem