Frama-C Justification There recently was a thread in the Frama-C mailing list on verifying the Rijndael cipher, standardized and better-known as AES. Nowadays, AES is mostly famous for being sensitive to timing attacks. An attacker measuring the time it takes to encrypt known plaintext with an unknown key can deduce the...
Read MoreDo you remember the Skein tutorial? It went off to a good start (it started this blog) and then was never really completed. I blame laziness. Looking back at that first post, I notice that indeed, before Boron, we were shipping software without documentation (just think! Ahem). At the time,...
Read MoreA previous post in the value analysis thread in this blog contained this digression: Actually, we can also prevent function Update to keep trace of a previous input buffer, thanks to secondary analyses derived from the value analysis. One of them computes the set of locations written to by a...
Read MoreThis post is in two parts, both of them independently good fits for the title, and still not completely without relation to each other, but that's probably a coincidence. Methodology In this thread, we aim at the verification of low-level properties for the functions in Skein. In the last post,...
Read MoreThis post offers one answer to the second quiz from part 2. For context here are links to part 1 and part 3. The question was: how should we get rid of the last alarm below and conclude that Skein-256 is indeed safe from run-time errors when used in the...
Read More