{"id":20009882,"url":"https://github.com/plsyssec/ct-wasm","last_synced_at":"2025-11-28T03:03:34.287Z","repository":{"id":53380605,"uuid":"153179454","full_name":"PLSysSec/ct-wasm","owner":"PLSysSec","description":"Constant-Time WebAssembly","archived":false,"fork":false,"pushed_at":"2018-10-16T08:10:33.000Z","size":52,"stargazers_count":24,"open_issues_count":0,"forks_count":1,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-03-02T01:44:10.070Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PLSysSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-15T20:47:12.000Z","updated_at":"2023-05-12T02:12:56.000Z","dependencies_parsed_at":"2022-09-13T17:20:14.993Z","dependency_job_id":null,"html_url":"https://github.com/PLSysSec/ct-wasm","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/PLSysSec/ct-wasm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fct-wasm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fct-wasm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fct-wasm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fct-wasm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PLSysSec","download_url":"https://codeload.github.com/PLSysSec/ct-wasm/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PLSysSec%2Fct-wasm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27292971,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-28T02:00:06.623Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T07:17:22.859Z","updated_at":"2025-11-28T03:03:34.254Z","avatar_url":"https://github.com/PLSysSec.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"./logo.png\"/\u003e\n\n------------\n\n#\tCT-Wasm: Type-driven Secure Cryptography for the Web Ecosystem\n\nThis repository contains all the code and data necessary for building CT-Wasm\nand reproducing the results presented in [our paper](https://arxiv.org/abs/1808.01348).\n\n## Abstract\n\nA significant amount of both client and server-side cryptography is implemented\nin JavaScript. Despite widespread concerns about its security, no other\nlanguage has been able to match the convenience that comes from its ubiquitous\nsupport on the \"web ecosystem\" - the wide variety of technologies that\ncollectively underpin the modern World Wide Web. With the new introduction of\nthe WebAssembly bytecode language (Wasm) into the web ecosystem, we have a\nunique opportunity to advance a principled alternative to existing JavaScript\ncryptography use cases which does not compromise this convenience.\n\nConstant-Time WebAssembly (CT-Wasm) is a type-driven strict extension\nto WebAssembly which facilitates the verifiably secure implementation of\ncryptographic algorithms. CT-Wasm's type system ensures that code written in\nCT-Wasm is both information flow secure and resistant to timing side channel\nattacks; like base Wasm, these guarantees are verifiable in linear time.\nBuilding on an existing Wasm mechanization, we mechanize the full CT-Wasm\nspecification, prove soundness of the extended type system, implement a\nverified type checker, and give several proofs of the language's security\nproperties. Our security proofs use a novel representation of abstract\ninformation leakage based on quotient types.\n\nWe provide two implementations of CT-Wasm: an OCaml reference interpreter and a\nnative implementation for Node.js and Chromium that extends Google's V8 engine.\nWe also implement a CT-Wasm to Wasm rewrite tool that allows developers to reap\nthe benefits of CT-Wasm's type system today, while developing cryptographic\nalgorithms for base Wasm environments. We evaluate the language, our\nimplementations, and supporting tools by porting several cryptographic\nprimitives---Salsa20, SHA-256, and TEA - and the full TweetNaCl library. We\nfind that CT-Wasm is fast, expressive, and generates code that we\nexperimentally measure to be constant-time.\n\n## Reproducing Evaluation Results\nWe provide automated scripts for reproducing the evaluation results in the\n[`ct-wasm-ports`](https://github.com/PLSysSec/ct-wasm-ports) repository. This repository contains a collection of programs\nported to CT-Wasm.\n\nFirst, install prequisites:\n\n### Build Prequisites\n\n- git\n- node\n- python3 + numpy\n- GNU coreutils\n\n\n#### Transitive Dependencies\n\n(Copied from their respective projects)\n\n**Node.js w/ CT-WASM**\n\n - gcc and g++ 4.9.4 or newer, or\n - clang and clang++ 3.4.2 or newer (macOS: latest Xcode Command Line Tools)\n - Python 2.6 or 2.7\n - GNU Make 3.81 or newer\n\n**Reference Interpreter**\n\n- Ocaml \u003e= 4.05\n- ocamlbuild\n- Ocaml num library (for extracted verified compiler). OPAM users can install the num library with: `opam install num`\n\n### Building Evalutation Suite\n\nSimply clone the repository and enter the `eval` directory:\n\n```bash\ngit clone https://github.com/PLSysSec/ct-wasm-ports\ncd ct-wasm-ports/eval\n```\n\n*All subsequent make commands below should be performed within this directory*\n\n#### Validation Performance\nWe measure the performance of our validator as implemented in the Node.js runtime (`ct_node`) against a baseline (but\ninstrumented) Node.js. The following command will build `ct_node` and `node` (as necessary), and measure the time to validate a series of CT-Wasm programs.\n\n```bash\nmake validation\n```\n\nThe output can be found in `results/validation_timing.csv`, measured in milliseconds.\nBy default, we validation each CT-Wasm program, 10,000 times. If you wish to tweak this number, simply set the `VAL_TRIALS` environment variable like so:\n\n```\nVAL_TRIALS=3000 make validation\n```\n\nIf you've already generated the `csv` you will need to move or delete it for\nthe `make` command to run.\n\n#### Runtime Performance\nWe measure performance of our `ct_node` implementation of CT-Wasm against a\nbaseline `node`. The following command will build both and execute various\nalgorithms, measuring each 10,000 times:\n\n```\nmake runtimes\n```\n\nResults can be found in `results/crypto_benchmarks.csv` measured in cycles.\nSalsa20 and SHA-256 measure the cycles to encrypt 4KB, while TEA measures the\ncycles to encrypt 8 bytes.\n\n#### Statistical Timing for Security with dudect\nWe empirically measure the timing characteristics using a modified version of\n[dudect](https://github.com/oreparaz/dudect), which works by collecting samples for a fixed amount of time. By\ndefault, that time is 10 seconds. The following command will build our [modified dudect](https://github.com/PLSysSec/dudect) and our extended Node.js (`ct_node`) if not already built, and will collect the data into `results/dudect`:\n\n```bash\nDUDE_TIMEOUT=10 make dudect\n```\n\nwhere `DUDE_TIMEOUT` is the sampling time in seconds. The `make` command will\nnot do anything if you have results already present on disk.\n\n#### Bytecode Size Overhead\nThe following command will translate a variety of programs written in CT-Wasm\nto bytecode and measure their size:\n\n```\nmake bytecode_sizes\n```\n\nThe output can be found in `results/file_sizes.csv`.\n\n#### Node TweetNacl Benchmarks\n[TweetNacl](https://github.com/TorstenStueber/TweetNacl-WebAssembly) ships with a series of benchmarks that measure the performance of its various APIs. These benchmarks take a while to execute. We run their benchmarks a number of times (10 bellow), taking the median value, like so:\n\n```\nTWEET_TRIALS=10 make tweetnacl\n```\n\nThis will store the results in `results/node_tweetnacl.csv`.\n\n### Mechanized Proofs\n\nOur mechanization effort and instructions for running Isabelle are described in the  [`ct-wasm-proofs`](https://github.com/PLSysSec/ct-wasm-proofs) repository.\n\n## CT-Wasm Implementations\n\nThough the evaluation scripts above pull the Node.js implementation of CT-Wasm, we include references to all our implementations for completeness:\n\n- [Reference interpreter](https://github.com/PLSysSec/ct-wasm-spec)\n- [Node.js implementation](https://github.com/PLSysSec/ct-wasm-node)\n- [Chromium implementation](https://github.com/PLSysSec/ct-wasm-chromium)\n\nOur implementations fork existing projects, so unless otherwise highlighted,\nyou should follow the standard build and installation process.\n\nFor convenience, we provide [binary\nreleases](https://github.com/PLSysSec/ct-wasm-spec/releases/artifact) for macOS\nand 64 bit Linux. Other platforms should work, but are untested and will need\nto build from source.\n\nThese releases contain 3 binaries:\n\n - `ct_node`: a version of Node.js that natively supports the use of CT-Wasm.\n - `ct2wasm`: tool for removing secrecy labels. Since this is built in the interpreter the `-strip` flag is required.\n - `ct_wasm_spec`: a build of the spec interpreter. The interpreter supports simple secrecy inference via the `-r` flag.\n\n\n### Source Distribution\n\nCT-Wasm efforts are split across a few different repositories. The evaluation step pulls from these directly. We include the links for complteness.\n\n - [`ct-wasm-node`](https://github.com/PLSysSec/ct-wasm-node): An implementation of CT-Wasm Node.js/V8.\n - [`ct-wasm-spec`](https://github.com/PLSysSec/ct-wasm-spec): Reference OCaml implementation CT-Wasm with accompanying label stripping and label inference tools.\n - [`ct-wasm-ports`](https://github.com/PLSysSec/ct-wasm-ports): Crypto algorithm implementations and evaluation scripts.\n - [`tweetnacl-ctwasm`](https://github.com/PLSysSec/tweetnacl-ctwasm): A port of the TweetNacl library with secrecy annotations.\n - [`ct-wasm-proofs`](https://github.com/PLSysSec/ct-wasm-proofs): Mechanizations (in Isabelle) of all proofs in the paper.\n - [`dudect`](https://github.com/PLSysSec/dudect): A fork of dudect that's compatible with our instrumented Node.js.\n - [`ct-wasm-chromium`](https://github.com/PLSysSec/ct-wasm-chromium): V8 patches (same as Node.js) for Chromium.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplsyssec%2Fct-wasm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplsyssec%2Fct-wasm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplsyssec%2Fct-wasm/lists"}