## Section: Application Domains

### Proofs in cryptography

When we work on cryptography, we are interested in the formal
verification of proofs showing that some cryptographic primitives
provide good guarantees against unwanted access to information. Over
the years we have developed a technique for this kind of reasoning
that relies on a programing logic (close to Hoare logic) with
probabilistic apsects and the capability to establish relations
between several implementations of a problem. The resulting
programming logic is called *probabilistic relational Hoare
logic*.
In more recent work, we
have also started to study questions of *side-channel* attacks,
where we wish to guarantee that opponents cannot gain access to
protected knowledge, even if they observe specific features of
execution, like execution time (to which the answer lies in *constant-time* execution) or partial access to memory bits (to which
the answer lies in *masking*).

For this domain of application, we choose to work with a specific proof tool (EasyCrypt), which combines powerful first-order reasoning and uses of automatic tools, with a specific support for probabilistic relational Hoare Logic. The development of this EasyCrypt proof tool is one of the objectives of our team.

When it comes to formal proofs of resistance to side-channel attack, we contend that it is necessary to verify formally that the compiler used in the production of actually running code respects the resistance properties that were established in formally verified proofs. One of our objectives is to describe such a compiler (Jasmin) and show its strength on a variety of applications.