{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:24:45Z","timestamp":1742912685741,"version":"3.40.3"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031377082"},{"type":"electronic","value":"9783031377099"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,7,17]],"date-time":"2023-07-17T00:00:00Z","timestamp":1689552000000},"content-version":"vor","delay-in-days":197,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>We present a certified algebraic abstraction technique for verifying bit-accurate non-linear integer computations. In algebraic abstraction, programs are lifted to polynomial equations in the abstract domain. Algebraic techniques are employed to analyze abstract polynomial programs; SMT QF_BV solvers are adopted for bit-accurate analysis of soundness conditions. We explain how to verify our abstraction algorithm and certify verification results. Our hybrid technique has verified non-linear computations in various security libraries such as <jats:sc>Bitcoin<\/jats:sc> and <jats:sc>OpenSSL<\/jats:sc>. We also report the certified verification of Number-Theoretic Transform programs from the post-quantum cryptosystem <jats:sc>Kyber<\/jats:sc>.<\/jats:p>","DOI":"10.1007\/978-3-031-37709-9_16","type":"book-chapter","created":{"date-parts":[[2023,7,16]],"date-time":"2023-07-16T10:01:21Z","timestamp":1689501681000},"page":"329-349","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Certified Verification for\u00a0Algebraic Abstraction"],"prefix":"10.1007","author":[{"given":"Ming-Hsien","family":"Tsai","sequence":"first","affiliation":[]},{"given":"Yu-Fu","family":"Fu","sequence":"additional","affiliation":[]},{"given":"Jiaxiang","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Xiaomu","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Bow-Yaw","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Bo-Yin","family":"Yang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,7,17]]},"reference":[{"key":"16_CR1","unstructured":"CoqCryptoLine GitHub repository (2023). https:\/\/github.com\/fmlab-iis\/coq-cryptoline"},{"key":"16_CR2","unstructured":"Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMT-LIB). http:\/\/www.smt-lib.org\/ (2016)"},{"key":"16_CR3","unstructured":"Bernstein, D.J., Schwabe, P.: gfverif. http:\/\/gfverif.cryptojedi.org (2015)"},{"key":"16_CR4","doi-asserted-by":"publisher","unstructured":"Bertot, Y., Cast\u00e9ran, P.: Interactive Theorem Proving and Program Development - Coq\u2019Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer, Heidelberg (2004). https:\/\/doi.org\/10.1007\/978-3-662-07964-5","DOI":"10.1007\/978-3-662-07964-5"},{"key":"16_CR5","unstructured":"Biere, A., Fazekas, K., Fleury, M., Heisinger, M.: CaDiCaL, Kissat, Paracooba, Plingeling and treengeling entering the SAT competition 2020. In: Balyo, T., Froleyks, N., Heule, M., Iser, M., Suda, M.J.M. (eds.) Competition 2020 - Solver and Benchmark Descriptions. Department of Computer Science Report Series B, vol. B-2020-1, pp. 50\u201353. University of Helsinki (2020)"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Bos, J., et al.: CRYSTALS - Kyber: a CCA-secure module-lattice-based KEM. In: Smith, M., Piessens, F. (eds.) IEEE European Symposium on Security and Privacy, pp. 353\u2013367. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00032"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Buchberger, B., Winkler, F.: Gr\u00f6bner bases and applications, vol. 17. Cambridge University Press Cambridge (1998)","DOI":"10.1017\/CBO9780511565847"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Erbsen, A., Philipoom, J., Gross, J., Sloan, R., Chlipala, A.: Simple high-level code for cryptographic arithmetic - with proofs, without compromises. In: IEEE Symposium on Security and Privacy, pp. 1202\u20131219. IEEE (2019)","DOI":"10.1109\/SP.2019.00005"},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Fu, Y.F., Liu, J., Shi, X., Tsai, M.H., Wang, B.Y., Yang, B.Y.: Signed cryptographic program verification with typed CryptoLine. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM SIGSAC Conference on Computer and Communications Security, pp. 1591\u20131606. ACM (2019)","DOI":"10.1145\/3319535.3354199"},{"issue":"8","key":"16_CR10","doi-asserted-by":"publisher","first-page":"1062","DOI":"10.1109\/TC.2006.126","volume":"55","author":"M Gok","year":"2006","unstructured":"Gok, M., Schulte, M.J., Arnold, M.G.: Integer multipliers with overflow detection. IEEE Trans. Comput. 55(8), 1062\u20131066 (2006)","journal-title":"IEEE Trans. Comput."},{"issue":"2","key":"16_CR11","first-page":"95","volume":"3","author":"G Gonthier","year":"2010","unstructured":"Gonthier, G., Mahboubi, A.: An introduction to small scale reflection in Coq. J. Formalized Reason. 3(2), 95\u2013152 (2010)","journal-title":"J. Formalized Reason."},{"key":"16_CR12","unstructured":"Google: BoringsSSL (2021). https:\/\/boringssl.googlesource.com\/boringssl\/"},{"key":"16_CR13","doi-asserted-by":"publisher","unstructured":"Greuel, G.M., Pfister, G.: A Singular Introduction to Commutative Algebra. Springer, Heidelberg (2002). https:\/\/doi.org\/10.1007\/978-3-662-04963-1","DOI":"10.1007\/978-3-662-04963-1"},{"key":"16_CR14","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-540-73595-3_5","volume-title":"Automated Deduction \u2013 CADE-21","author":"J Harrison","year":"2007","unstructured":"Harrison, J.: Automating elementary number-theoretic proofs using Gr\u00f6bner bases. In: Pfenning, F. (ed.) CADE 2007. LNCS (LNAI), vol. 4603, pp. 51\u201366. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-73595-3_5"},{"key":"16_CR15","doi-asserted-by":"publisher","first-page":"718","DOI":"10.46586\/tches.v2022.i4.718-750","volume":"2022","author":"V Hwang","year":"2022","unstructured":"Hwang, V., et al.: Verified NTT multiplications for NISTPQC KEM lattice finalists: Kyber, SABER, and NTRU. IACR Trans. Cryptograph. Hardware Embedd. Syst. 2022, 718\u2013750 (2022)","journal-title":"IACR Trans. Cryptograph. Hardware Embedd. Syst."},{"key":"16_CR16","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"237","DOI":"10.1007\/978-3-319-63046-5_15","volume-title":"Automated Deduction \u2013 CADE 26","author":"P Lammich","year":"2017","unstructured":"Lammich, P.: Efficient verified (UN)SAT certificate checking. In: de Moura, L. (ed.) CADE 2017. LNCS (LNAI), vol. 10395, pp. 237\u2013254. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-63046-5_15"},{"key":"16_CR17","doi-asserted-by":"crossref","unstructured":"Liu, J., Shi, X., Tsai, M.H., Wang, B.Y., Yang, B.Y.: Verifying arithmetic in cryptographic C programs. In: Lawall, J., Marinov, D. (eds.) IEEE\/ACM International Conference on Automated Software Engineering, pp. 552\u2013564. IEEE (2019)","DOI":"10.1109\/ASE.2019.00058"},{"key":"16_CR18","unstructured":"Microsoft Research: PQCrypto-SIDH (2022). https:\/\/github.com\/microsoft\/PQCrypto-SIDH"},{"key":"16_CR19","doi-asserted-by":"publisher","first-page":"519","DOI":"10.1090\/S0025-5718-1985-0777282-X","volume":"44","author":"PL Montgomery","year":"1985","unstructured":"Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519\u2013521 (1985)","journal-title":"Math. Comput."},{"key":"16_CR20","unstructured":"Mozilla: Network security services (2021). https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Projects\/NSS"},{"key":"16_CR21","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1016\/j.ipl.2004.05.004","volume":"91","author":"M M\u00fcller-Olm","year":"2004","unstructured":"M\u00fcller-Olm, M., Seidl, H.: Computing polynomial program invariants. Inf. Process. Lett. 91, 233\u2013244 (2004)","journal-title":"Inf. Process. Lett."},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"M\u00fcller-Olm, M., Seidl, H.: Precise interprocedural analysis through linear algebra. In: Leroy, X. (ed.) POPL, pp. 330\u2013341. ACM (2004)","DOI":"10.1145\/982962.964029"},{"key":"16_CR23","unstructured":"OpenSSL: OpenSSL library. https:\/\/github.com\/openssl\/openssl (2021)"},{"key":"16_CR24","unstructured":"Polyakov, A., Tsai, M.H., Wang, B.Y., Yang, B.Y.: Verifying arithmetic assembly programs in cryptographic primitives. In: Schewe, S., Zhang, L. (eds.) International Conference on Concurrency Theory, pp. 1\u201316. LIPIcs, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2018)"},{"key":"16_CR25","unstructured":"PQClean: The PQClean project. https:\/\/github.com\/PQClean\/PQClean (2021)"},{"key":"16_CR26","doi-asserted-by":"publisher","unstructured":"Shi, X., Fu, Y.F., Liu, J., Tsai, M.H., Wang, B.Y., Yang, B.Y.: CoqQFBV: a scalable certified SMT quantifier-free bit-vector solver. In: Silva, A., Leino, K.R.M. (eds.) CAV 2021. LNCS, vol. 12760, pp. 149\u2013171. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-81688-9_7","DOI":"10.1007\/978-3-030-81688-9_7"},{"key":"16_CR27","unstructured":"The Bitcoin Developers: Bitcoin source code (2021). https:\/\/github.com\/bitcoin\/bitcoin"},{"key":"16_CR28","unstructured":"Tsai, M.H., Fu, Y.F., Shi, X., Liu, J., Wang, B.Y., Yang, B.Y.: Automatic certified verification of cryptographic programs with CoqCryptoLine. IACR Cryptol. ePrint Arch. 1116 (2022). https:\/\/eprint.iacr.org\/2022\/1116"},{"key":"16_CR29","doi-asserted-by":"crossref","unstructured":"Tsai, M.H., Wang, B.Y., Yang, B.Y.: Certified verification of algebraic properties on low-level mathematical constructs in cryptographic programs. In: Evans, D., Malkin, T., Xu, D. (eds.) ACM SIGSAC Conference on Computer and Communications Security, pp. 1973\u20131987. ACM (2017)","DOI":"10.1145\/3133956.3134076"}],"container-title":["Lecture Notes in Computer Science","Computer Aided Verification"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-37709-9_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,16]],"date-time":"2023-07-16T10:03:12Z","timestamp":1689501792000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-37709-9_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031377082","9783031377099"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-37709-9_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"17 July 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CAV","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Computer Aided Verification","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Paris","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"35","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cav2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.i-cav.org\/2023\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"hotcrp","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"261","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"67","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"26% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}