Verifying Constant-Time Implementations in a Verified Compilation Toolchain

Alix Trieu 1
1 CELTIQUE - Software certification with semantic analysis
Inria Rennes – Bretagne Atlantique , IRISA_D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Side-channel attacks are an especially dangerous form of attack. In this thesis, we focus on the timing side-channel. A program is said to be constant-time if it is not vulnerable to timing attacks. We present in this thesis two methods relying on static analysis in order to ensure that a program is constant-time. These methods use formal verification in order to gain the highest possible level of assurance by relying on a verified compilation toolchain made up of the CompCert compiler and the Verasco static analyzer. We also propose a proof methodology in order to ensure that a compiler preserves constant-time security during compilation.
Complete list of metadatas
Contributor : Alix Trieu <>
Submitted on : Thursday, December 20, 2018 - 3:55:43 PM
Last modification on : Tuesday, February 19, 2019 - 2:50:03 PM


Files produced by the author(s)


  • HAL Id : tel-01944510, version 2


Alix Trieu. Verifying Constant-Time Implementations in a Verified Compilation Toolchain. Computer Science [cs]. Université Rennes 1, 2018. English. ⟨tel-01944510v2⟩



Record views


Files downloads