Zulip Chat Archive

Stream: Program verification

Topic: Montgomery and signed Barrett reduction

---

Alix Trieu (Mar 28 2025 at 14:24):

In case this is of interest to others, I have formalized some modular reduction algorithms here https://github.com/atrieu/lean-cryptolib while trying out Lean a couple months ago.

Bas Spitters (Apr 01 2025 at 09:39):

Nice! How does your experience compare to Fiat Cryptography which also contains these components?

Alix Trieu (Apr 01 2025 at 12:12):

I'm not sure what comparison you mean?

Bas Spitters (Apr 02 2025 at 07:43):

I'm curious both any kind of comparison, usability issues, code size, ...
Do you have plans to develop this further? Fiat-Crypto is very well developed and used in industry.

Alix Trieu (Apr 02 2025 at 09:08):

I don't think there is much difference in terms of using the specifications I wrote to verify code in Lean, versus directly using the same specs in Fiat-Crypto to verify code in Rocq. The main strength of Fiat-Crypto in my opinion is that one mostly does not need to do that and can automatically derive correct code. Not much difference in proof size either I think.
As a side note, I also contributed the signed Barrett reduction algorithm to Fiat-Crypto, it took me less than a day of work to prove in Rocq, versus a bit more than a week for the same thing in Lean. But I think that's mostly due to how little I know/knew about Lean/Mathlib.
No immediate future plan, though I will probably add some more stuff when I have time.

---

Last updated: May 02 2025 at 03:31 UTC