Accompanying materials include links to the Security Research blog, the GitHub repo, and verification documents and tools to encourage wider cryptographic review.

The framework uses Cryptol, SAW, and Isabelle to validate against FIPS standards, covering C code and ARM64 across Apple Silicon.

The workflow blends conventional testing, simulation, independent review, and Apple’s formal verification, aided by a Cryptol-to-Isabelle translator and supporting Isabelle theories for reproducibility.

Apple has formalized verification for its corecrypto post-quantum effort, releasing ML-KEM and ML-DSA with proven mathematical correctness and alignment to FIPS 203 and FIPS 204 for independent expert evaluation.

The verification workflow converts portable C into Cryptol, uses SAW to verify against the Cryptol model, and translates Cryptol into Isabelle to prove equivalence with specifications.

This approach could raise industry standards for auditing and trust in large-scale software, potentially changing secure system design practices.

Algorithm inclusion criteria emphasize security, secure design, performance, and compact parameters, followed by secure, optimized, and correct implementations.

Proofs involve thousands of steps and substantial Isabelle library work, including ARM64 equivalence to C implementations.

Open access to the verification methodology, tools, and theories is provided, with resources to reproduce or build on Apple’s results.

The verification emphasizes preventing timing leaks and microarchitectural side channels, leveraging Data Independent Timing and Pointer Authentication.

Verifications caught issues conventional testing missed, such as a missing ML-DSA step and a repaired third-party proof, underscoring formal verification’s value.

Apple stresses rapid evolution and tooling compatibility to maintain correctness as corecrypto updates proceed, ensuring high assurance without sacrificing performance.