From 027663a121a3874051281030008eb539bcc976e6 Mon Sep 17 00:00:00 2001 From: Luke Kenneth Casson Leighton Date: Mon, 27 Jan 2020 15:12:28 +0000 Subject: [PATCH] add nlnet formal project link --- nlnet_2019_formal.mdwn | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/nlnet_2019_formal.mdwn b/nlnet_2019_formal.mdwn index 8b4368d14..1d3cbb407 100644 --- a/nlnet_2019_formal.mdwn +++ b/nlnet_2019_formal.mdwn @@ -1,5 +1,7 @@ # NL.net proposal 2019-10-032 +* NLNet Project Page + ## Project name The Libre RISC-V SoC, Formal Correctness Proofs @@ -156,4 +158,17 @@ all picked up the story. The list is updated and maintained here: # Management Summary -The Libre RISC-V SoC Project, https://nlnet.nl/project/Libre-RISCV/, is funded by NLNet to reach ASIC-proven status. As of Dec 2019 It has been in development for a year, and writing comprehensive unit tests has been both a critical part of that process and a major part of the time taken. Formal Mathematical Proofs turn out to be critical for several reasons: firstly, they are simpler to read and much more comprehensive (100% coverage), saving hugely on development and maintenance; secondly, they're mathematically inviolate. From a security and trust perspective, both aspects are extremely important. Firstly: security mistakes are often accidental due to complexity: a reduction in complexity helps avoid mistakes. Secondly: independent auditing of the processor is a matter of running the formal proofs. This proposal therefore not only saves on development time, it helps us meet the goal of developing a privacy-respecting processor in a way that is *independently* verifiable. +The Libre RISC-V SoC Project, https://nlnet.nl/project/Libre-RISCV/, is +funded by NLNet to reach ASIC-proven status. As of Dec 2019 It has been +in development for a year, and writing comprehensive unit tests has been +both a critical part of that process and a major part of the time taken. +Formal Mathematical Proofs turn out to be critical for several reasons: +firstly, they are simpler to read and much more comprehensive (100% +coverage), saving hugely on development and maintenance; secondly, +they're mathematically inviolate. From a security and trust perspective, +both aspects are extremely important. Firstly: security mistakes are +often accidental due to complexity: a reduction in complexity helps +avoid mistakes. Secondly: independent auditing of the processor is a +matter of running the formal proofs. This proposal therefore not only +saves on development time, it helps us meet the goal of developing a +privacy-respecting processor in a way that is *independently* verifiable. -- 2.30.2