hacl-star
FStar
Our great sponsors
hacl-star | FStar | |
---|---|---|
8 | 42 | |
1,578 | 2,558 | |
0.6% | 1.0% | |
9.6 | 9.9 | |
5 days ago | 8 days ago | |
F* | F* | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
hacl-star
-
One step forward, an easier interoperability between Rust and Haskell | IOG Engineering
Nice work. About cryptonite: have IOG considered using crypto primitives provided by HACL*/evercrypt?
-
Let's collect relatively new research programming languages in this thread
Jasmin and F* don't have similar goals, Jasmin is a language designed to precisely express low-level code, while F* is a generalist language for verified programming. There is a subsystem of F* that performs extraction to "readable C code", Karamel (used to be called Kremlin), but you get the usual limitations of C code as a high-level assembler, and also an embedded assembly layer built on Vale. Project Everest therefore generates artifacts that are a mix of C and assembly, rather than a new low-level language design as Jasmin.
-
Ten Years of TypeScript
Traditional design by contract checks the contracts at runtime. They can be understood as a form of dynamic typing with quite complicated types, which may be equivalent to refinement types
But you can check contracts at compile time too. It's quite the same thing as static typing with something like refinement types. That's because, while with contracts we can add preconditions like "the size of this array passed as parameter must be a prime number", with refinement types we can define the type of arrays whose size is a prime number, and then have this type as the function argument. (likewise, postconditions can be modeled by the return type of the function)
See for example this Rust library: https://docs.rs/contracts/latest/contracts/
It will by default check the contracts at runtime, but has an option to check them at compile time with https://github.com/facebookexperimental/MIRAI
Now, this Rust library isn't generally understood as creating another type system on top of Rust, but we could do the legwork to develop a type theory that models how it works, and show the equivalence.
Or, another example, Liquid Haskell: https://ucsd-progsys.github.io/liquidhaskell/ it implements a variant of refinement types called liquid types, which is essentially design by contract checked at compile type. In this case, the type theory is already developed. I expect Liquid Haskell to be roughly comparable to Rust's contracts checked by MIRAI.
Now, what we could perhaps say is that refinement types are so powerful that they don't feel like regular types! And, while that's true, there are type systems even more powerful: dependent types used in languages like Coq, Lean and F* to prove mathematical theorems (your type is a theorem, and your code, if it typechecks, is a proof of that theorem).
Dependent types were leveraged to create a verified TLS implementation that mathematically proves the absence of large class of bugs, miTLS https://www.mitls.org/ (they discovered a number of vulnerabilities in TLS implementations and proved that their implementation isn't vulnerable), and HACL* https://github.com/hacl-star/hacl-star a verified crypto implementation used by Firefox and Wireguard. They are part of Project Everest https://project-everest.github.io/ which aims to develop provably secure communications software.
-
Securing your crypto wallet in a way that gives respect to what cryptography actually is
With that said, it's a very good thought to make sure that the software you're using is actually secure before trusting it. Personally, I think it's safe to use GnuPG and KeePass/Bitwarden, which have all been audited by the likes of Cure53, but if you're really paranoid, you could always use a formally-verified implementation of your desired algorithm (many are supplied in HACL*, for example)... In this case, I use the term "formally-verified" to mean that the implementation is mathematically proven to guarantee the properties of the algorithm (i.e., there are no "bugs" that affect output at the implementation level)...
-
How We Proved the Eth2 Deposit Contract Is Free of Runtime Errors
CompCert is also very impressive. It's not, however, free software / open source (the source is available though)
https://www.absint.com/compcert/structure.htm
A problem with both seL4 and CompCert is that the code written to express the proofs is huge, much larger than code that actually does stuff. This puts a ceiling on the size of the projects we can verify.
F* is a language that tries to address that, by finding proofs with z3, a smt prover; z3 can't prove everything on its own but it cuts down proof code by orders of magnitude. They have written a verified cryptography stack and TLS stack, and want to write a whole verified http stack.
https://github.com/project-everest/hacl-star
https://project-everest.github.io/
F* (through Low, a verified low-level subset of F) can extract verified code to C, which is kind of the inverse than the seL4 proof: seL4 begins with C code and enriches it with proofs of correctness; hacl* (a verified crypto F* lib) begins with a proven correct F* code and extracts C code (I gather the actual crypto primitives is compiled directly to asm code because C has some problems with constant time stuff). This enables hacl* to make bindings to other languages that can just call C code, like this Rust binding
https://github.com/franziskuskiefer/evercrypt-rust
Also this F* stuff is all free software / open source, so it might become a very prevalent crypto and TLS stack
-
Awesome Rust Cryptography list compiled by the Rust Cryptography Interest Group (RCIG)
This is SO exciting!!! Ituses https://github.com/project-everest/hacl-star - a formally verified cryptography library. And it compiles down to C code, so I suppose it's fast.
-
Formal is fast: performance analysis and tuning of SPARKNaCl
Whats cool with that project and overlaps with SPARKNaCI would be the HACL* Library. Its purpose is to provide a formally verified library of modern cryptographic algorithms all written in a subset of F* called Low* and compiled to C using a compiler called KreMLin. The outputs of this are already being used Firefox, see here & here.
-
A Memory Safe TLS Module for the Apache HTTP Server
Reminds me a little of the Everest project. Sadly, I'm not seeing much recent Everest activity on their web page or github.
FStar
- Lean4 helped Terence Tao discover a small bug in his recent paper
-
The Deep Link Equating Math Proofs and Computer Programs
I don't think something that specific exists. There are a very large number of formal methods tools, each with different specialties / domains.
For verification with proof assistants, [Software Foundations](https://softwarefoundations.cis.upenn.edu/) and [Concrete Semantics](http://concrete-semantics.org/) are both solid.
For verification via model checking, you can check out [Learn TLA+](https://learntla.com/), and the more theoretical [Specifying Systems](https://lamport.azurewebsites.net/tla/book-02-08-08.pdf).
For more theory, check out [Formal Reasoning About Programs](http://adam.chlipala.net/frap/).
And for general projects look at [F*](https://www.fstar-lang.org/) and [Dafny](https://dafny.org/).
-
If You've Got Enough Money, It's All 'Lawful'
Don't get me wrong, there are times when Microsoft got it right the first time that was technically far superior to their competitors. Windows IOCP was theoretically capable of doing C10K as far back in 1994-95 when there wasn't any hardware support yet and UNIX world was bickering over how to do asynchronous I/O. Years later POSIX came up with select which was a shoddy little shit in comparison. Linux caved in finally only as recently as 2019 and implemented io_uring. Microsoft research has contributed some very interesting things to computer science like Z3 SAT solver and in collaboration with INRIA made languages like F* and Low* for formal specification and verification. But all this dwarfs in comparison to all the harm they did.
-
What are the current hot topics in type theory and static analysis?
Most of the proof assistants out there: Lean, Coq, Dafny, Isabelle, F*, Idris 2, and Agda. And the main concepts are dependent types, Homotopy Type Theory AKA HoTT, and Category Theory. Warning: HoTT and Category Theory are really dense, you're going to really need to research them.
-
Why is there no simple C-like functional programming language?
F* is a dependently typed language that can be transpiled to idiomatic C via the KReMLin compiler. It’s very ML-ish to write and you can leave out some proofs. It also has the benefit of being used to write a formally verified TLS implementation that’s in wide use throughout industry.
-
[Media] Genetic algorithm simulation - Smart rockets (code link in comments)
As I said, dependent types attempt to solve this problem. F* is a language where you can express complex logic as a type. The catch is, these types are checked by an SMT solver. If the solver can satisfy the type checking, then great, and you move on. If it can’t, you have no idea why, and either have to guess or manually write the proof anyway. Contrast this with Standard ML which has a proof of the soundness of its type system.
-
Prop v0.42 released! Don't panic! The answer is... support for dependent types :)
So kind of like F*? https://www.fstar-lang.org/
-
old languages compilers
F*
-
Pegasus spyware was used to hack reporters’ phones. I’m suing its creators; When you’re infected by Pegasus, spies effectively hold a clone of your phone – we’re fighting back.
Nevermind that academia has come up with far safer ways to do a few things but social norms & inertia prevent their wider adoption (well okay, it also has a barrier to entry in the education required to use it but I don't think someone with the knowledge to meaningfully contribute to an OS kernel can be considered uneducated nor unable to learn).
-
[Hobby] Amateur Generalist Programmer Seeking to Put Bugfixing Skills to Good Use
Maybe that's a little off topic here, but if you like fixing bugs, i suspect you might also enjoy showing that there are no bugs at all. Check out languages like F* https://www.fstar-lang.org/ It's a proof-oriented programming language. You can use it to write code that has no bugs at all. And you once you're done, can convert F* to C or other languages.
What are some alternatives?
acsl-by-example - Public snapshots of "ACSL by Example"
coq - Coq is a formal proof management system. It provides a formal language to write mathematical definitions, executable algorithms and theorems together with an environment for semi-interactive development of machine-checked proofs.
evercrypt-rust - Rust bindings for HACL & Evercrypt
lean - Lean Theorem Prover
RCIG_Coordination_Repo - A Coordination repo for all things Rust Cryptography oriented
dafny - Dafny is a verification-aware programming language
practical-fm - A gently curated list of companies using verification formal methods in industry
koka - Koka language compiler and interpreter
MIRAI - Rust mid-level IR Abstract Interpreter
stepmania - Advanced rhythm game for Windows, Linux and OS X. Designed for both home and arcade use.
karamel - KaRaMeL is a tool for extracting low-level F* programs to readable C code
VisualFSharp - The F# compiler, F# core library, F# language service, and F# tooling integration for Visual Studio