A Coq proof of the correctness of X25519 in TweetNaCl
Contributors
Researchers:
- 1. Radboud University & MPI Security and Privacy
- 2. Timmy Weerwag
- 3. Radboud University
Description
Source code for the paper: A Coq proof of the correctness of X25519 in TweetNaCl.
We formally prove that the C implementation of the X25519 key-exchange protocol in the TweetNaCl library is correct. We prove both that it correctly implements the protocol from Bernstein’s 2006 paper, as standardized in RFC 7748, as well as the absence of undefined behavior like arithmetic overflows and array out of bounds errors. We also formally prove, based on the work of Bartzia and Strub, that X25519 is mathematically correct, i.e., that it correctly computes scalar multiplication on the elliptic curve Curve25519. The proofs are all computer-verified using the Coq theorem prover. To establish the link between C and Coq we use the Verified Software Toolchain (VST).
Files
Files
(349.3 MB)
Name | Size | Download all |
---|---|---|
md5:531d20c4e1ee9e3dc07b5e2f78d29b3c
|
349.3 MB | Download |