@atomb atomb released this Aug 1, 2018 · 2 commits to release/2.6.0 since this release

Assets 12

This release includes several significant language additions, including unbounded integers and parameterized modules, along with many smaller improvements and bug fixes.


  • Cryptol now has types for unbounded integers (Integer) and, relatedly, integers modulo a constant value (Z n), which can be used for more natural encodings of many public-key algorithms, among many other use cases.

  • Modules can now take types and values (including functions) as parameters. Importing modules can instantiate these parameters, and proofs about parameterized modules can leave parameters abstract (and therefore prove properties for all possible concrete parameters).

  • Constraint synonyms can be used to group together collections of commonly-used constraints.

  • Signed operations now exist for arithmetic (/$ and %$), comparison (>$, <$, <=$, and >=$), and shifting (>>$).

  • Operations for chaining arithmetic now exist. The carry function returns True if addition of its arguments would result in unsigned overflow, the scarry function does the same for signed overflow, and the sborrow function checks for overflow on signed subtraction.

  • The new type operators /^ and %^ perform ceiling division and modulus, respectively. These can be particularly useful in computing the number of fixed-size blocks needed to store a message of a
    particular size, for instance, or conversely to compute the amount of padding needed to fill up an integral number of blocks.

  • The new type operator != allows the constraint that two types are not equal.

  • The experimental new :extract-coq command will export the currently-defined environment in a form usable with the Coq definition of Cryptol's operational semantics.

  • The new :ast command prints out the internal form of the AST for a given expression.

  • Underscores are allowed in numeric literals, and can be used to group digits for greater readability.


  • The Cryptol::Extras module has been merged with the Prelude, now that it type-checks more quickly. Removing a Cryptol::Extras import should be enough to get older modules to work with this release.

  • Several new type classes now exist: Logic for bitwise logical operations, Zero for the zero primitive, and SignedCmp for signed comparison operations. Some functions with explicit type signatures may now require additional constraints.

  • Numeric literals and enumerations can now be used with any type that is a member of the new Literal class, which includes [n], Integer, and Z n.

  • Type checker and interpreter performance is generally better. Please report regressions as issues on GitHub.

  • The :help command now works with built-in types, commands, and :set options.

  • Defaulting warnings and error messages use more meaningful variable names.

  • Many bugs have been fixed.

@atomb atomb released this Jul 25, 2017

Assets 14

Cryptol 2.5.0

This release includes a re-written interpreter which is generally faster and has fewer strictness-related edge cases, major enhancements to the performance of the type checker, and a variety of smaller additions and bug fixes.


  • New update and updates functions provide an efficient, built-in
    way to replace elements of a vector.

  • New trace and traceVal functions print messages as they are being
    evaluated, which can be helpful for debugging.

  • New short-cutting operators /\, \/ and ==> now exist. The older
    && and || operators are strict, and have higher precedence.

  • New experimental :eval command evaluates an expression using
    a reference interpreter, which we created to ultimately serve as the
    official definition of the Cryptol semantics. This interpreter is less
    efficient than the normal one, but written in a very direct style meant
    to clearly describe the meaning of each language construct. For this
    release, the semantics of the reference interpreter are not considered
    final and still subject to change.

  • New prover-stats setting in the REPL, when enabled, causes the
    :prove and :sat commands to print information about the time taken
    and prover used to coplete a proof.

  • The :help command now shows information about precedence and fixity
    of operators.

  • The cryptol executable returns a non-zero exit code when proofs

  • New prelude function: iterate

  • New example: MISTY1


  • The main Cryptol interpreter has been re-written in monadic style,
    which allows much greater control over the order of evaluation, and
    generally improves performance.

  • The type-checker has had a major overhaul, improving performance
    dramatically in many cases.

  • Overall, performance is generally better.

  • New command line option --color makes use of color text output

  • With :set ascii=on, the REPL now prints quotation marks around

  • Cryptol now depends on version 7.0 or greater of the SBV library.


  • Fix an off by one error in the implementation of split.

  • Fix a typo in the implementation of the >> operator.

  • Fix the pdiv and pmod primitives in the special case where the
    length of the dividend is less than the degree of the divisor polynomial.

  • Fix an issue where literal sequences of bit values were being
    incorrectly reversed.

  • Various documentation fixes.

  • Close issues #138, #268, #334, #362, #373, #388, #395

@acfoltzer acfoltzer released this Jul 6, 2016

Assets 12

Cryptol 2.4.0

This is primarily a maintenance release to support GHC 8.0.1 and drop
support for the GHC 7.8 series, and to roll up a number of smaller
improvements and fixes. Highlights are below, and a comprehensive list
of closed issues is available on GitHub.


  • Added convenient aliases to the prelude: a prefix complement
    operator ~, and a base-2 logarithm type alias lg2.
  • New library functions in a new module Cryptol::Extras. We
    intend to eventually move these functions into the prelude, but at
    the moment they take too long to typecheck for them to be loaded
    so frequently (tracking this as issue #302).
  • A new command line option --command/-c specifies
    commands to be run after the interpreter loads. Multiple commands
    can be specified, and will be run in order. For example:
cryptol Foo.cry --command ':set prover=abc' --command ':prove'
  • Added :readByteArray and :writeByteArray to read and
    write raw byte sequences from files, for example:
Cryptol> :writeByteArray /tmp/foo "hello world"
Cryptol> :readByteArray /tmp/foo
Cryptol> it
"hello world"
  • Added new examples: A51, Bivium, Trivium, Minilock
  • The Windows installer now offers a choice of destination
    directory, and can add the installation directory to the user's


  • Dropped support for GHC 7.8.4 and earlier.
  • The symbolic simulator now takes advantage of an SBV feature that
    can lead to signifcant performance improvements when selecting
    from tables of constant values.
  • The random primitive now takes a 256-bit seed, rather than the
    previous 32-bit seed. This avoids inconsistencies between
    platforms with different machine word sizes.
  • The splitBy function in the prelude has been removed in favor of
    just using split, which has an identical type.
  • Improved documentation and book, notably adding a section about
    using modules, and more syntax details.
  • Improved the parser to allow for more flexible use of prefix
  • Improved formatting of output for several commands and error


  • Fixed certain keywords, such as if and else, not appearing as
    tab-completion results.
  • Fixed incorrect behavior of shifts and rotates by greater than
  • Fixed the prelude not loading when a module specified at the
    command line fails to load.
  • Fixed type-correctness of certain generated SMTLIB code from the
    symbolic simulator.
  • Fixed a performance regression caused by unnecessarily-parallel
    runtime settings.

@acfoltzer acfoltzer released this Jan 20, 2016

Assets 12

Cryptol 2.3.0

General Improvements Made

  • Added new typechecker solver and typechecker improvements.

The major feature of this release is a revised constraint solver
for typechecking, and improvements to how the typechecker
generates and propagates constraints. In many cases, the
typechecker will now accept simpler type signatures and require
fewer extraneous "obvious" constraints.

If an existing definition fails to typecheck with the new solver,
try simplifying or eliminating its signature. Some of the
constraints added only to satisfy the earlier typechecker may no
longer be necessary or checkable.

Despite the improvements, we are still aware of some bugs with the
new solver. If you run into trouble, see
the relevant tickets.

  • Made the fixity of primitives more consistent with their
    counterparts in other languages.
  • Fixed some incorrect strictness in primitives.
  • Fixed some pretty-printing bugs that caused commands like :type
    to print results with invalid Cryptol syntax.
  • Improved Windows installer, allowing installation to custom
    locations, and adding the executables' directory to the user's
  • Numerous performance and stability fixes.

Features Added

  • Added an interpreter option :set tc-solver to allow configuration
    of the SMT solver used during typechecking.
  • Added support for docstrings on Cryptol definitions. Docstring
    syntax is the same as block comment syntax, but with more than one
    * opening the block, for example:
/** This is the docstring of foo */
foo x = x + 1

With this example loaded, typing :help foo will display the both
the type and the docstring for foo.

  • Added :writeByteArray and :readByteArray interpreter commands
    which allow the interpreter to write values of type [n][8] to a
    file, and then read those values back in (currently binding the
    result to the it variable).
  • Added support for UTF-8 in identifiers, and set the locale of the
    interpreter to UTF-8. If you encounter errors reading in your old
    Cryptol files, make sure they are encoded as UTF-8.
  • Added experimental cryptol-server executable, which can be built
    by passing -fserver to a Cabal build, or by prefixing a Makefile
    build with CRYPTOL_SERVER=1. The interface to this server is
    very unstable, but to see an example of it in use, see

Examples Added

  • 3DES
  • ChaCha20
  • FNV-a1
  • SIV (RFC5297)
  • Salsa20
  • MiniLock (including SHA256, Blake2s, Curve25519, SCrypt, PBKDF2, Salsa20, Poly1305)


  • Even-Mansour


  • Coins
  • Fox-Chicken-Corn
  • Marble
  • NQueens

@acfoltzer acfoltzer released this Apr 10, 2015

Assets 12

Cryptol 2.2.2

This is a minor release:

  • Added an upper bound on sbv to avoid breakage with the new version 4.3 (we're using 4.3 in the development version as of 711ba43)
  • Remove vestigial references to the defunct configure script and require Cabal 1.20 (#197)
  • Tweak README.md to clarify CVC4 installation requirements

Note that in addition to the binaries posted here, Mac users can now use Homebrew to install both the latest stable release and the latest development version of Cryptol.

@acfoltzer acfoltzer released this Mar 26, 2015 · 915 commits to releases since this release

Assets 12

Cryptol 2.2.1

This is a minor release to address a few issues that arose with Hackage and Homebrew distributions, and to add an Ubuntu 14.04 LTS binary.

  • Added an upper bound on base to make Hackage happy
  • Fixed an edge case when installing the LICENSE files with a PREFIX set in the Makefile
  • Fixed invalid Haddock syntax (#195)