Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Suite of Digital Cryptography Tools, Released Today, Has Been Mathematically Proven To Be Completely Secure and Free of Bugs (quantamagazine.org)

Posted by msmash on from the pushing-the-limits dept.

By making programming more mathematical, a community of computer scientists is hoping to eliminate the coding bugs that can open doors to hackers, spill digital secrets and generally plague modern society. From a report: Now a set of computer scientists has taken a major step toward this goal with the release today of EverCrypt, a set of digital cryptography tools. The researchers were able to prove -- in the sense that you can prove the Pythagorean theorem -- that their approach to online security is completely invulnerable to the main types of hacking attacks that have felled other programs in the past. "When we say proof, we mean we prove that our code can't suffer these kinds of attacks," said Karthik Bhargavan, a computer scientist at Inria in Paris who worked on EverCrypt.

EverCrypt was not written the way most code is written. Ordinarily, a team of programmers creates software that they hope will satisfy certain objectives. Once they finish, they test the code. If it accomplishes the objectives without showing any unwanted behavior, the programmers conclude that the software does what it's supposed to do. Yet coding errors often manifest only in extreme "corner cases" -- a perfect storm of unlikely events that reveals a critical vulnerability. Many of the most damaging hacking attacks in recent years have exploited just such corner cases.

8 of 194 comments (clear)

  1. Completely secure and free of bugs. by olsmeister · · Score: 5, Funny

    Until it's installed on a computer that uses an Intel (tm) processor, that is....

    1. Re:Completely secure and free of bugs. by Red_Forman · · Score: 4, Informative

      I am guessing you never used earlier Windows versions.

  2. Re:But how do you prove the proof by phantomfive · · Score: 4, Insightful

    Generally, you fall back to some very axioms that everyone agrees on. That's the way math works.

    --
    "First they came for the slanderers and i said nothing."
  3. Yes, the code is right, only the code. Not "secure by raymorris · · Score: 4, Informative

    That's true. One can prove that a particular function is correct, that their code is correct. In this case, library code.

    Proving the CPU hardware and microcode is a separate step. Proving the code that USES their library is yet another thing.

    All of these can be done. It's just expensive, so you use the simplest thing that will get the job done - prove a little MCU used as a cryto co-processor, not a complex Intel CPU.

  4. The interesting bit... by ath1901 · · Score: 5, Interesting

    Here's the interesting bit about what they actually did:

    The platform needed the capacity of a traditional software language like C++ and the logical syntax and structure of proof-assistant programs like Isabelle and Coq, which mathematicians have been using for years. No such all-in-one platform existed when the researchers started work on EverCrypt, so they developed one — a programming language called F*. It put the math and the software on equal footing.

    “We unified these things into a single coherent framework so that the distinction between writing programs and doing proofs is really reduced,” said Bhargavan. “You can write software as if you were a software developer, but at same time you can write a proof as if you were a theoretician.”

  5. Re:But how do you prove the proof by K.+S.+Kyosuke · · Score: 4, Informative

    If it comes from a theorem prover, and includes a trace of the proof, then it can be checked with a proof checker. Proof checkers are generally much simpler than theorem provers, because they only need to mechanically check that the proof trace is consistent, whereas a theorem prover has to *find* that trace. Worst case is that you check the steps yourself.

    --
    Ezekiel 23:20
  6. Re:Yes, the code is right, only the code. Not "sec by skids · · Score: 4, Insightful

    Proving the code that USES their library is yet another thing.

    That's the rub. There will be some wrapper written to make parameter exchange automatic, or facilitate finding a VPN gateway, or whatnot, and it'll undo all the hard work in a few lines of hastily coded VB.

    There's a hard and fast requisit for establishing a MITM-proof crypto channel: you have to exchange some keying material safely... whether that's through a CA system or a preshared key or whatever, it simply must be done... and the users will choose the software which skips that step because someone assured them it is taken care of automagically, and well heck, that's much easier.

    --
    Someone had to do it.
  7. Re:Yes, the code is right, only the code. Not "sec by lgw · · Score: 4, Interesting

    It' impossible to prove that your crypto library is invulnerable to side-channel attacks. It is possible, however, to prove it's not vulnerable to common side-channel attacks. That's not nothing.

    Their marketing hyperbole is so over the top, however, that I wouldn't trust them with anything.

    A big problem in general in software crypto is that it's impossible to prove that the random/entropy source provided by the processor is good. There's no software work-around to that - oh, you can try to use I/O timings and so on, but those can be manipulated. Even if the code that generates the mask that is used in the fab is proven correct, we know the NSA is capable of tampering with the mask between code and fab.

    After the Snowden revelations were understood, paranoid crytpo guys reached the point of "I can't only trust a hardware entropy source that I build myself from components I bought myself in person from a random store." That's not exactly productizable, but it's a fair assessment of the threat of the NSA.

    --
    Socialism: a lie told by totalitarians and believed by fools.