Microsoft: Formal Verification of Rust Cryptography in SymCrypt with AI Agents and Lean
Microsoft has published verified cryptographic code for SHA-3 and ML-KEM integrated into SymCrypt, using a combination of the Rust language, the Lean proof assistant, and the Aeneas toolchain — with AI agents accelerating the writing of mathematical proofs.
This article was generated using artificial intelligence from primary sources.
Two Layers of Guarantee Instead of One
Formal verification is a mathematical proof that code behaves exactly according to its specification — not just for tested cases, but for every possible input. Microsoft has built a dual protection into SymCrypt, its foundational cryptographic library that underpins Windows, Azure, and other products: the Rust language eliminates an entire class of memory-management errors (memory-safety bugs), while the Lean proof assistant confirms functional correctness — that the algorithm operates exactly as the standard requires.
Lean is a tool that verifies mathematical proofs through its own trusted kernel. Unlike unit tests that cover selected scenarios, a Lean proof covers absolutely all possible inputs. The combination of these two layers makes verified code significantly more robust than the conventional approach.
What Has Already Been Verified?
Microsoft has published verified code for SHA-3, a widely used hashing algorithm, and for ML-KEM — a post-quantum key exchange algorithm standardized by NIST in 2024. ML-KEM is particularly important because it is designed to withstand attacks from quantum computers, which could break RSA and ECDH that currently protect the vast majority of internet traffic.
On the roadmap are AES-GCM (symmetric encryption), FrodoKEM, and ML-DSA — two more post-quantum algorithms. The common denominator of all these algorithms is their complexity and the high cost of error: an implementation flaw in cryptography typically does not cause a program crash, but rather a silent vulnerability that can be exploited.
AI Agents Accelerate Proof Writing
Writing Lean proofs for cryptographic code is slow and demanding. Microsoft uses AI agents to accelerate this process: agents propose proofs that are then independently verified through Lean’s trusted kernel. The key difference from ordinary code generation is that AI output must pass mathematical verification — it is not enough to look correct. This means errors by AI agents cannot go unnoticed.
Integration into SymCrypt makes this approach practically relevant today, not merely an academic experiment. The toolchain Microsoft uses — Aeneas — translates Rust code into a form that Lean can analyze, bridging the gap between production code and formal methods.
Frequently Asked Questions
- What is formal verification and why is it important for cryptography?
- Formal verification is a mathematical proof that code behaves exactly according to its specification — for every possible input, not just tested cases. In cryptography this is critical because even minor flaws can compromise the security of an entire system.
- What is Lean and what role does it play in Microsoft's project?
- Lean is a proof assistant — a software tool that verifies mathematical proofs through its own trusted kernel. Microsoft uses it to confirm the functional correctness of Rust cryptographic code in SymCrypt.
Sources
📬 AI news in your inbox
A daily digest built your way — pick topics, sources and cadence. One-click unsubscribe.
Related news
arXiv:2607.09532: Statistically Undetectable Backdoors in Deep Neural Networks (ICML 2026)
arXiv:2607.08395: Token-Flow Firewall — runtime monitoring that protects long-running AI agents and reduces attack success rate to 12.5%
arXiv:2607.08173: 'Overthinking' — Amplified Reasoning Forces Reasoning Models to Reveal Learned Secrets, New Extraction Attack at ICML 2026