OSS Crypto Tool Gets 3x Faster Redesign
Verifpal, an open-source tool for verifying cryptography protocols, announced a major redesign of its analysis engine. By simplifying its core logic, the tool is now easier for engineers to reason about and runs three times faster, highlighting how deep engineering for clarity and performance directly improves developer experience.
Verifpal is the creation of Dr. Nadim Kobeissi, an applied cryptographer who also runs Symbolic Software, a Paris-based cryptography consulting firm. The tool originated from his Ph.D. research and is aimed at making formal verification accessible to real-world engineers and students, not just academics. The project's philosophy is to lower the barrier to entry for cryptographic analysis by using an intuitive modeling language that mirrors how developers would naturally describe a protocol. To prevent common mistakes, Verifpal intentionally omits the ability for users to define their own cryptographic primitives, instead providing a set of built-in, well-understood ones. The recent performance boost comes from a complete rewrite of Verifpal in Rust, chosen for its memory safety and performance characteristics. This follows a history of continuous development, including the earlier addition of a Visual Studio Code extension for live analysis and diagram visualizations, integrating directly into a developer's workflow. Verifpal is a free and open-source project under a GPLv3 license. It has been used to formally verify security properties for widely-used protocols like Signal, TLS 1.3, and Telegram, demonstrating its real-world applicability. The founder, Nadim Kobeissi, sustains this open-source work alongside a commercial consultancy that has conducted over 200 security audits for clients.
