-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kyber: add F* proofs #161
Kyber: add F* proofs #161
Conversation
* script to extract kyber as crate * Make sed invocation portable --------- Co-authored-by: Jonathan Protzenko <[email protected]>
* run hax on proof changes * Add lax and strict typechecking to the CI. --------- Co-authored-by: Franziskus Kiefer <[email protected]> Co-authored-by: xvzcf <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this needs to be rebased and cleaned up a little.
Is there another reason this is a draft?
I disabled CI for now on |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, let's get this in.
Not sure if you want to update the PROOFS.md
before merging.
That file was out of date, so I removed it. The comments on this PR and the remaining issues are the ones that are most relevant. |
This PR adds a new directory
extraction-edited
toproofs/fstar/
with a set of proof for the Kyber implementation.The code in this new directory started as a snapshot of the generated F* code in
proofs/fstar/extraction
but has been hand edited with annotations, invariants, pre- and post-conditions, as well as a functional specification of Kyber.The proofs currently check the following:
Libcrux.Kem.Kyber.Arithmetic
)Libcrux.Kem.Kyber.Constant_time_ops
)However, some parts remain, and we are adding open issues to track them and will address them in future PRs.
In further future work, we will seek to address the following:
extraction-edited
andextraction
by propagating pre- and post- conditions and meaningful annotations to the source Rust codeextraction-edited
under CI