ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic
primitives, defined by rewrite rules or by equations. It can prove various security properties …

Computer-aided cryptography is an active area of research that develops and applies
formal, machine-checkable approaches to the design, analysis, and implementation of …

We present a new, completely redesigned, version of F*, a language that works both as a
proof assistant as well as a general-purpose, verification-oriented, effectful programming …

TLS 1.3 is the next version of the Transport Layer Security (TLS) protocol. Its clean-slate
design is a reaction both to the increasing demand for low-latency HTTPS connections and …

HACL* is a verified portable C cryptographic library that implements modern cryptographic
primitives such as the ChaCha20 and Salsa20 encryption algorithms, Poly1305 and HMAC …

The Transport Layer Security (TLS) protocol supports various authentication modes, key
exchange methods, and protocol extensions. Confusingly, each combination may prescribe …

We describe a largely automated and systematic analysis of TLS implementations by what
we call 'protocol state fuzzing': we use state machine learning to infer state machines from …

Remote Attestation (RA) is a distinct security service that allows a trusted verifier (Vrf) to
measure the software state of an untrusted remote prover (Prv). If correctly implemented, RA …

The first edition of this book was published in 2003. Inevitably, certain parts of the book
became outdated quickly. At the same time new developments have continued apace …

An Ironclad App lets a user securely transmit her data to a remote machine with the
guarantee that every instruction executed on that machine adheres to a formal abstract …