AWS Formally Verified AES-XTS Disk Encryption on GitHub

Every file stored on AWS — your documents, backups, database records — is protected by AES-XTS encryption (a special mode designed for disk and storage systems, not general networking). Until now, Amazon could only test that encryption for bugs. As of April 2026, they can formally verify — and prove — it is mathematically correct. That distinction is the difference between “we looked really hard for problems” and “we can guarantee there are none.”

AWS has integrated the world's first formally verified AES-XTS implementation into s2n-bignum — its open-source library for large-number arithmetic (big calculations involving hundreds of digits, essential for encryption) that powers cryptographic operations across AWS infrastructure. Formal verification means a computer program checked every possible execution path and confirmed — using mathematical logic, not guesswork — that the code behaves exactly as designed.

Why Cloud Encryption Testing Has Always Had a Blind Spot

Traditional software testing works by throwing inputs at a program and watching for failures. Try a million combinations, nothing breaks, declare it secure. For a to-do app, that works fine. For encryption code protecting exabytes (billions of gigabytes) of sensitive data across millions of servers, it is not enough.

Testing can only catch the bugs your tests actually trigger. Cryptographic vulnerabilities often hide in rare, specific inputs — the kind standard testing never reaches but a determined attacker can deliberately target. That is how Heartbleed happened: the OpenSSL encryption library passed extensive testing for years before a 2014 researcher found a two-line bug that exposed private keys on 17% of all secure web servers worldwide.

Formal verification takes an entirely different approach:

• Mathematical proof: A verification tool converts code into logical statements and proves those statements hold for every possible input — not just a sample of test cases, but all of them simultaneously
• Assembly-level coverage: AWS verified the actual assembly code (the low-level machine instructions executed directly by CPUs, one step above raw hardware) — not just the high-level design written by engineers
• Zero missed edge cases: The rare inputs that evade testers for years are automatically included in the mathematical proof
• Reproducible results: Unlike a human audit that varies by reviewer, the same proof runs identically every time and can be re-verified after any code change

How AWS Formally Verified AES-XTS — and Why Simplification Was the Breakthrough

The work centers on s2n-bignum (Amazon's open-source cryptographic math library on GitHub), which handles the large-number arithmetic required by encryption algorithms across AWS infrastructure. It powers security for services used by millions of companies worldwide.

AES-XTS (Advanced Encryption Standard in XEX-based tweaked codebook mode — everyone calls it “disk encryption mode”) is the standard algorithm for storage encryption: SSDs, NVMe drives, and cloud storage backends. When a cloud provider says your data is “encrypted at rest,” AES-XTS is often what they mean.

AWS researchers had to simplify and clarify the assembly code before formal verification became possible. The original code, while functional, was too complex for automated reasoning tools to analyze effectively. By restructuring it, the team achieved two wins simultaneously:

• Verifiability: The simplified code could be machine-proven correct for all possible inputs
• Performance: Automated optimization ran alongside verification — the simplified code is both safer and potentially faster

This is the first AES variant ever to achieve formal verification integration in s2n-bignum — a milestone for production cryptographic library verification in cloud infrastructure.

What AES-XTS Formal Verification Means for Your Encrypted AWS Data

If you have ever signed a compliance document claiming your data is “encrypted at rest” on AWS, you were trusting that Amazon's engineers wrote the encryption correctly and that enough reviewers checked it. That trust was well-placed — but it was still trust.

Formal verification changes that sentence. Instead of “we tested it thoroughly,” AWS can now say “a machine proved it correct.” For enterprise security teams and compliance auditors checking standards like SOC 2 (security auditing framework used by cloud providers), ISO 27001 (international information security management standard), or FIPS 140-3 (the U.S. government's cryptographic module certification), mathematical proof is a higher level of assurance than any test suite.

The analogy: imagine asking 1,000 accountants to spot-check your tax calculations versus having software verify every formula against every possible rule. The accountants might catch 99% of errors. The software catches 100%. When the stakes are data security for millions of AWS customers, that 1% gap matters enormously.

Who Should Pay Close Attention to AWS Formal Verification

• Security and compliance teams in regulated industries (healthcare, finance, government) where cryptographic assurance is audited annually
• Anyone managing certifications referencing encryption standards — SOC 2, ISO 27001, FIPS 140-3
• Cryptography engineers and formal methods researchers who can inspect the open-source proofs on GitHub
• Cloud architects deciding where to store sensitive data: AWS now offers cryptographic assurance no other major provider has matched publicly

How to Check AWS's AES-XTS Formal Verification Proof on GitHub

s2n-bignum is available on GitHub under the Apache 2.0 license (free to use, modify, and redistribute commercially — no restrictions attached). If you work in formal methods (the field of using mathematical logic to prove software correctness) or cryptography engineering, the proofs are there for independent review.

# Clone the s2n-bignum repository
git clone https://github.com/awslabs/s2n-bignum.git

# Browse AES-related verified implementations (x86)
ls s2n-bignum/x86_att/

# ARM architecture implementations
ls s2n-bignum/arm/

For non-cryptographers: you do not need to read the proofs yourself. What matters is that they are public, permanent, and independently verifiable by any security researcher anywhere in the world. This is a level of cryptographic transparency most cloud providers have never offered.

You can act on this today: if your security or compliance team needs to demonstrate cryptographic assurance beyond “we passed our pen test,” point them to the s2n-bignum repository and its formal verification proofs. It is the first piece of cloud infrastructure encryption you can actually prove is correct — and it is already protecting your AWS data right now. Managing compliance in a regulated industry? Explore our guides to understand what this means for your next audit.

Related Content — Get Started | Guides | More News