Verifiable ASICs: trustworthy hardware with untrusted components
Size: px
Start display at page:

Download "Verifiable ASICs: trustworthy hardware with untrusted components"

Transcription

1 Verifiable ASICs: trustworthy hardware with untrusted components Riad S. Wahby, Max Howald, Siddharth Garg, abhi shelat, and Michael Walfish Stanford University New York University The Cooper Union The University of Virginia April 8, 2016

2 You (probably) shouldn t trust your hardware...

3 You (probably) shouldn t trust your hardware...

4 You (probably) shouldn t trust your hardware...

5 You (probably) shouldn t trust your hardware because fabs sometimes make mistakes

6 You (probably) shouldn t trust your hardware because fabs sometimes make mistakes [Tehranipoor and Koushanfar. A survey of hardware Trojan taxonomy and detection. IEEE DTC, 2010.]

7 What s a chip designer to do? Post-fab testing Hardware obfuscation Trusted manufacturer [Bhunia, Hsiao, Banga, and Narasimhan. Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE, Aug ]

8 What s a chip designer to do? Post-fab testing Hardware obfuscation Trusted manufacturer [Bhunia, Hsiao, Banga, and Narasimhan. Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE, Aug ]

9 What s a chip designer to do? Post-fab testing Hardware obfuscation Trusted manufacturer but a fab is expensive and hard to build... [Bhunia, Hsiao, Banga, and Narasimhan. Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE, Aug ]

10 What s a chip designer to do? Post-fab testing Hardware obfuscation Trusted manufacturer but a fab is expensive and hard to build so trusted fab might have 10 8 worse performance! [Bhunia, Hsiao, Banga, and Narasimhan. Hardware Trojan attacks: threat analysis and countermeasures. Proc. IEEE, Aug ]

11 Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

12 Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

13 Problem statement: verifiable ASICs Principal Ψ specs for P,V

14 Problem statement: verifiable ASICs Supplier (foundry, processor vendor, etc.) Principal Ψ specs for P,V Foundry

15 Problem statement: verifiable ASICs Supplier (foundry, processor vendor, etc.) V Principal Ψ specs for P,V Integrator P Foundry

16 Problem statement: verifiable ASICs Supplier (foundry, processor vendor, etc.) Principal Ψ specs for P,V Integrator Foundry Operator V P

17 Problem statement: verifiable ASICs Operator V P

18 Problem statement: verifiable ASICs Operator V x P

19 Problem statement: verifiable ASICs Operator V x y P

20 Problem statement: verifiable ASICs Operator V x y proof P

21 Problem statement: verifiable ASICs Operator V x y proof P P is efficient, but can deviate arbitrarily from the protocol

22 Problem statement: verifiable ASICs Operator V x y proof P P is efficient, but can deviate arbitrarily from the protocol Honest P always convinces V that y = Ψ(x)

23 Problem statement: verifiable ASICs Operator V x y proof P P is efficient, but can deviate arbitrarily from the protocol Honest P always convinces V that y = Ψ(x) V must catch dishonest P except with negligible probability

24 Problem statement: verifiable ASICs Operator V x y proof P P is efficient, but can deviate arbitrarily from the protocol Honest P always convinces V that y = Ψ(x) V must catch dishonest P except with negligible probability P cannot attack or disable V, or communicate with outside world (see paper for more discussion)

25 Problem statement: verifiable ASICs Operator V x y proof P P is efficient, but can deviate arbitrarily from the protocol Honest P always convinces V that y = Ψ(x) V must catch dishonest P except with negligible probability P cannot attack or disable V, or communicate with outside world (see paper for more discussion) Goal: V and P together should outperform Ψ executed in trusted substrate

26 Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

27 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover verifier prover program, inputs outputs [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

28 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover verifier prover program, inputs outputs + proof Idea: checking proof should be easier for verifier than executing program [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

29 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: Interactive arguments [Pepper12, Ginger12, Zaatar13] [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

30 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: Interactive arguments [Pepper12, Ginger12, Zaatar13] Non-interactive arguments (SNARKs) [PGHR13, BCGTV13, BCTV14] [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

31 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: Interactive arguments [Pepper12, Ginger12, Zaatar13] Non-interactive arguments (SNARKs) [PGHR13, BCGTV13, BCTV14] Interactive proofs [CMT12, TRMP12, Allspice13, Tha13] [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

32 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: Interactive arguments [Pepper12, Ginger12, Zaatar13] + Low round complexity + Mild cryptograhic assumptions Non-interactive arguments (SNARKs) [PGHR13, BCGTV13, BCTV14] Interactive proofs [CMT12, TRMP12, Allspice13, Tha13] [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

33 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: Interactive arguments [Pepper12, Ginger12, Zaatar13] + Low round complexity + Mild cryptograhic assumptions Non-interactive arguments (SNARKs) [PGHR13, BCGTV13, BCTV14] + Public verifiability, zero knowledge Non-falsifiable cryptographic assumptions [GW10] Interactive proofs [CMT12, TRMP12, Allspice13, Tha13] [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

34 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover Recent work is in three strands: Interactive arguments [Pepper12, Ginger12, Zaatar13] + Low round complexity + Mild cryptograhic assumptions Non-interactive arguments (SNARKs) [PGHR13, BCGTV13, BCTV14] + Public verifiability, zero knowledge Non-falsifiable cryptographic assumptions [GW10] Interactive proofs [CMT12, TRMP12, Allspice13, Tha13] + Simple and efficient prover and verifier + Information theoretic guarantees (no crypto) [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

35 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: Arguments (interactive & non-interactive) Computation must be expressed as an arithmetic circuit Interactive proofs Computation must be expressed as an arithmetic circuit [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

36 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: Arguments (interactive & non-interactive) Computation must be expressed as an arithmetic circuit generalized boolean circuit over F p + Interactive proofs Computation must be expressed as an arithmetic circuit [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

37 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: Arguments (interactive & non-interactive) Computation must be expressed as an arithmetic circuit + Arithmetic circuit can have arbitrary connectivity, shape Interactive proofs Computation must be expressed as an arithmetic circuit Arithmetic circuit must be layered, depth width [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

38 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: Arguments (interactive & non-interactive) Computation must be expressed as an arithmetic circuit + Arithmetic circuit can have arbitrary connectivity, shape layered vs. unlayered Interactive proofs Computation must be expressed as an arithmetic circuit Arithmetic circuit must be layered, depth width [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

39 Probabilistic proof systems, briefly A weak verifier checks the work of a powerful prover For all systems, expressiveness is somewhat limited: Arguments (interactive & non-interactive) Computation must be expressed as an arithmetic circuit + Arithmetic circuit can have arbitrary connectivity, shape depth = 3 width = 8 Interactive proofs Computation must be expressed as an arithmetic circuit Arithmetic circuit must be layered, depth width [Walfish and Blumberg. Verifying computations without reexecuting them: from theoretical possibility to near practicality. CACM, Feb ]

40 Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

41 Zebra s starting point: Interactive proofs Zebra is an IP-based protocol [CMT12, Allspice13] (We discuss why not arguments in the paper)

42 Zebra s starting point: Interactive proofs

43 Zebra s starting point: Interactive proofs 1. V sends inputs

44 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y

45 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y

46 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y

47 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y y

48 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires y

49 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P

50 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer

51 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer 5. V iterates

52 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer 5. V iterates

53 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer 5. V iterates

54 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer 5. V iterates, ends up with claim about inputs

55 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer 5. V iterates, ends up with claim about inputs 6. V checks consistency with the inputs

56 Zebra s starting point: Interactive proofs 1. V sends inputs 2. P evaluates circuit, returns output y 3. V constructs polynomial relating y to values of last layer s input wires 4. V cross-examines P, ends up with claim about second-last layer 5. V iterates, ends up with claim about inputs 6. V checks consistency with the inputs V s work is O(depth log width)

57 Pipelined proving in Zebra V questions P about Ψ(x 1 ) s output layer. Ψ(x 1 )

58 Pipelined proving in Zebra V questions P about Ψ(x 1 ) s output layer. Simultaneously, P returns Ψ(x 2 ). Ψ(x 2 ) Ψ(x 1 )

59 Pipelined proving in Zebra V questions P about Ψ(x 1 ) s next layer Ψ(x 1 )

60 Pipelined proving in Zebra V questions P about Ψ(x 1 ) s next layer, and Ψ(x 2 ) s output layer. Ψ(x 1 ) Ψ(x 2 )

61 Pipelined proving in Zebra V questions P about Ψ(x 1 ) s next layer, and Ψ(x 2 ) s output layer. Meanwhile, P returns Ψ(x 3 ). Ψ(x 3 ) Ψ(x 1 ) Ψ(x 2 )

62 Pipelined proving in Zebra This process continues until the pipeline is full. Ψ(x 1 ) Ψ(x 2 ) Ψ(x 3 ) Ψ(x 4 )

63 Pipelined proving in Zebra This process continues until the pipeline is full. Ψ(x 1 ) Ψ(x 2 ) Ψ(x 3 ) Ψ(x 4 ) Ψ(x 5 )

64 Pipelined proving in Zebra This process continues until the pipeline is full. V and P can complete one proof in each time step. Ψ(x 1 ) Ψ(x 2 ) Ψ(x 3 ) Ψ(x 4 ) Ψ(x 5 ) Ψ(x 6 ) Ψ(x 7 ) Ψ(x 8 )

65 Other hardware optimizations V Input (x) queries responses queries responses queries responses Sub-prover, layer d 1 prove.. Sub-prover, layer 1 prove Sub-prover, layer 0 prove P Output (y)

66 Other hardware optimizations Proving machinery Sub-prover circuit P s work is mainly local to each gate

67 Other hardware optimizations Sub-prover circuit Remaining sub-prover machinery gate prover gate prover gate prover gate prover P s work is mainly local to each gate P s design leverages this with gate prover circuits

68 Other hardware optimizations Sub-prover circuit Remaining sub-prover machinery gate prover gate prover gate prover gate prover P s work is mainly local to each gate P s design leverages this with gate prover circuits Gate provers reuse work from previous rounds by maintaining local state

69 Other hardware optimizations Sub-prover circuit Remaining sub-prover machinery gate prover gate prover gate prover gate prover P s work is mainly local to each gate P s design leverages this with gate prover circuits Gate provers reuse work from previous rounds by maintaining local state Further low-level and protocol optimizations (see paper)

70 Architectural challenges and limitations Interaction between V and P requires a lot of bandwidth

71 Architectural challenges and limitations Interaction between V and P requires a lot of bandwidth Zebra uses 3D integration

72 Architectural challenges and limitations Interaction between V and P requires a lot of bandwidth Zebra uses 3D integration IP protocol requires precomputation for most Ψ [Allspice13]

73 Architectural challenges and limitations Interaction between V and P requires a lot of bandwidth Zebra uses 3D integration IP protocol requires precomputation for most Ψ [Allspice13] Zebra amortizes precomputations over many V-P pairs

74 Architectural challenges and limitations Interaction between V and P requires a lot of bandwidth Zebra uses 3D integration IP protocol requires precomputation for most Ψ [Allspice13] Zebra amortizes precomputations over many V-P pairs Several other details (see paper)

75 Roadmap 1. Problem statement: verifiable ASICs 2. Probabilistic proof systems, briefly 3. Zebra: a system for verifiable ASICs 4. Implementation and evaluation

76 Evaluation How does Zebra perform on computations of real world interest? Number theoretic transform Curve25519 point multiplication

77 Evaluation How does Zebra perform on computations of real world interest? Number theoretic transform Curve25519 point multiplication Goal: V and P together should outperform Ψ executed in trusted substrate

78 Implementation and method Zebra s implementation includes a compiler that produces synthesizable Verilog for P two V implementations (software and Verilog) library to generate V s precomputations Verilog simulator extensions to support either hardware and software V interacting with P design

79 Implementation and method Zebra s implementation includes a compiler that produces synthesizable Verilog for P two V implementations (software and Verilog) library to generate V s precomputations Verilog simulator extensions to support either hardware and software V interacting with P design For our evaluation, we build a detailed cost model based on analysis, simulation results, and published chip designs (see paper)

80 Implementation and method Zebra s implementation includes a compiler that produces synthesizable Verilog for P two V implementations (software and Verilog) library to generate V s precomputations Verilog simulator extensions to support either hardware and software V interacting with P design For our evaluation, we build a detailed cost model based on analysis, simulation results, and published chip designs (see paper) Baseline: direct implementation of Ψ in same technology as V Assumption: computation is efficient as an arithmetic circuit

81 Implementation and method Zebra s implementation includes a compiler that produces synthesizable Verilog for P two V implementations (software and Verilog) library to generate V s precomputations Verilog simulator extensions to support either hardware and software V interacting with P design For our evaluation, we build a detailed cost model based on analysis, simulation results, and published chip designs (see paper) Baseline: direct implementation of Ψ in same technology as V Assumption: computation is efficient as an arithmetic circuit Metric: energy required to execute Ψ

82 Number theoretic transform Performance relative to native baseline (higher is better) log 2 (NTT size)

83 Curve25519 point multiplication Performance relative to native baseline (higher is better) Parallel Curve25519 point multiplications

84 Recap Zebra enables verifiable ASICs. + Untrusted P improves the performance of trusted V

85 Recap Zebra enables verifiable ASICs. + Untrusted P improves the performance of trusted V + First built system in the probabilistic proof literature where total cost of V + P is better than baseline

86 Recap Zebra enables verifiable ASICs. + Untrusted P improves the performance of trusted V + First built system in the probabilistic proof literature where total cost of V + P is better than baseline But this improvement is modest

87 Recap Zebra enables verifiable ASICs. + Untrusted P improves the performance of trusted V + First built system in the probabilistic proof literature where total cost of V + P is better than baseline But this improvement is modest, and Zebra has limitations: does not apply to all computations precomputations must be amortized computation needs to be big enough needs large gap between trusted and untrusted technology

88 Recap Zebra enables verifiable ASICs. + Untrusted P improves the performance of trusted V + First built system in the probabilistic proof literature where total cost of V + P is better than baseline But this improvement is modest, and Zebra has limitations: does not apply to all computations precomputations must be amortized computation needs to be big enough needs large gap between trusted and untrusted technology Zebra is a first step there are plenty of improvements to be made!

Similar documents

Efficient RAM and control flow in verifiable outsourced computation

Efficient RAM and control flow in verifiable outsourced computation Efficient RAM and control flow in verifiable outsourced computation Riad S. Wahby, Srinath Setty, Zuocheng Ren, Andrew J. Blumberg, and Michael Walfish New York University The University of Texas at Austin

More information

Implementations of probabilistic proofs for verifiable outsourcing: survey and next steps

Implementations of probabilistic proofs for verifiable outsourcing: survey and next steps Implementations of probabilistic proofs for verifiable outsourcing: survey and next steps Srinath Setty Microsoft Research (Thanks to Michael Walfish for some of the slides.) without executing f, can check

More information

Making verifiable computation a systems problem

Making verifiable computation a systems problem Making verifiable computation a systems problem Michael Walfish The University of Texas at Austin From a systems perspective, it is an exciting time for this area! When we started there were no implementations

More information

PCPs and Succinct Arguments

PCPs and Succinct Arguments COSC 544 Probabilistic Proof Systems 10/19/17 Lecturer: Justin Thaler PCPs and Succinct Arguments 1 PCPs: Definitions and Relationship to MIPs In an MIP, if a prover is asked multiple questions by the

More information

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramèr (joint work with Dan Boneh) Stanford security lunch June 13 th Trusted execution of ML: 3 motivating

More information

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware Florian Tramèr (joint work with Dan Boneh) Intel, Santa Clara August 30 th 2018 Trusted execution of ML: 3 motivating

More information

Verifying computations without reexecuting them: from theoretical possibility to near practicality

Verifying computations without reexecuting them: from theoretical possibility to near practicality Electronic Colloquium on Computational Complexity, Report No. 165 (2013) Verifying computations without reexecuting them: from theoretical possibility to near practicality Michael Walfish and Andrew J.

More information

Cryptographic protocols

Cryptographic protocols Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital

More information

Incentivized Delivery Network of IoT Software Updates Based on Proofs-of-Distribution

Incentivized Delivery Network of IoT Software Updates Based on Proofs-of-Distribution Incentivized Delivery Network of IoT Software Updates Based on Proofs-of-Distribution Oded Leiba, Yechiav Yitzchak, Ron Bitton, Asaf Nadler, Asaf Shabtai Ben-Gurion University of the Negev IoT Units (billions)

More information

Functional Programming in Hardware Design

Functional Programming in Hardware Design Functional Programming in Hardware Design Tomasz Wegrzanowski Saarland University Tomasz.Wegrzanowski@gmail.com 1 Introduction According to the Moore s law, hardware complexity grows exponentially, doubling

More information

Verifiable Computation with Massively Parallel Interactive Proofs

Verifiable Computation with Massively Parallel Interactive Proofs Verifiable Computation with Massively Parallel Interactive Proofs Justin Thaler, Mike Roberts, Michael Mitzenmacher, and Hanspeter Pfister Harvard University, School of Engineering and Applied Sciences

More information

vsql: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases

vsql: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases vsql: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases Yupeng Zhang, Daniel Genkin, Jonathan Katz, Dimitrios Papadopoulos and Charalampos Papamanthou Verifiable Databases client SQL database

More information

Overview. CSE372 Digital Systems Organization and Design Lab. Hardware CAD. Two Types of Chips

Overview. CSE372 Digital Systems Organization and Design Lab. Hardware CAD. Two Types of Chips Overview CSE372 Digital Systems Organization and Design Lab Prof. Milo Martin Unit 5: Hardware Synthesis CAD (Computer Aided Design) Use computers to design computers Virtuous cycle Architectural-level,

More information

PCH Framework for IP Runtime Security Verification

PCH Framework for IP Runtime Security Verification PCH Framework for IP Runtime Security Verification Xiaolong Guo, Raj Gautam Dutta, Jiaji He, and Yier Jin Department of Electrical and Computer Engineering, University of Florida School of Microelectronics,

More information

Pinocchio: Nearly Practical Verifiable Computation. Bryan Pano, Jon Howell, Craig Gentry, Mariana Raykova

Pinocchio: Nearly Practical Verifiable Computation. Bryan Pano, Jon Howell, Craig Gentry, Mariana Raykova Pinocchio: Nearly Practical Verifiable Computation Bryan Pano, Jon Howell, Craig Gentry, Mariana Raykova Presentated by Phd@ECE,UMD Hui Zhang wayne.huizhang@gmail.com Introduction Outsourcing complex computation

More information

Verifying computations with state (extended version) *

Verifying computations with state (extended version) * Verifying computations with state (extended version) * Benjamin Braun, Ariel J. Feldman, Zuocheng Ren, Srinath Setty, Andrew J. Blumberg, and Michael Walfish The University of Texas at Austin University

More information

Program Representations (1)

Program Representations (1) Program Representations (1) Bar-Ilan Winter School on Verifiable Computation Class 7 January 5, 2016 Michael Walfish Dept. of Computer Science, Courant Institute, NYU Let s clarify a few things from class

More information

Overview of Verifiable Computing Techniques Providing Private and Public Verification

Overview of Verifiable Computing Techniques Providing Private and Public Verification Overview of Verifiable Computing Techniques Providing Private and Public D5.8 Document Identification Date May 4, 2016 Status Final Version 1.0 Related WP WP5 Document Reference Related Deliverable(s)

More information

Research Statement. Yehuda Lindell. Dept. of Computer Science Bar-Ilan University, Israel.

Research Statement. Yehuda Lindell. Dept. of Computer Science Bar-Ilan University, Israel. Research Statement Yehuda Lindell Dept. of Computer Science Bar-Ilan University, Israel. lindell@cs.biu.ac.il www.cs.biu.ac.il/ lindell July 11, 2005 The main focus of my research is the theoretical foundations

More information

CSA E0 312: Secure Computation October 14, Guest Lecture 2-3

CSA E0 312: Secure Computation October 14, Guest Lecture 2-3 CSA E0 312: Secure Computation October 14, 2015 Guest Lecture 2-3 Guest Instructor: C. Pandu Rangan Submitted by: Cressida Hamlet 1 Introduction Till now we have seen only semi-honest parties. From now

More information

CS 151 Complexity Theory Spring Final Solutions. L i NL i NC 2i P.

CS 151 Complexity Theory Spring Final Solutions. L i NL i NC 2i P. CS 151 Complexity Theory Spring 2017 Posted: June 9 Final Solutions Chris Umans 1. (a) The procedure that traverses a fan-in 2 depth O(log i n) circuit and outputs a formula runs in L i this can be done

More information

Final report: Non-Interactive Zero Knowledge Protocol for Verifiable Computing

Final report: Non-Interactive Zero Knowledge Protocol for Verifiable Computing Final report: Non-Interactive Zero Knowledge Protocol for Verifiable Computing Part A abstract description of the project: In this project we implemented a zero knowledge protocol for verifiable computing.

More information

Memory Bandwidth and Low Precision Computation. CS6787 Lecture 9 Fall 2017

Memory Bandwidth and Low Precision Computation. CS6787 Lecture 9 Fall 2017 Memory Bandwidth and Low Precision Computation CS6787 Lecture 9 Fall 2017 Memory as a Bottleneck So far, we ve just been talking about compute e.g. techniques to decrease the amount of compute by decreasing

More information

Vlad Kolesnikov Bell Labs

Vlad Kolesnikov Bell Labs Vlad Kolesnikov Bell Labs DIMACS/Northeast Big Data Hub Workshop on Privacy and Security for Big Data Apr 25, 2017 You are near Starbucks; here is a special Legislation may require user consent each time

More information

Lecture 7. s.t. e = (u,v) E x u + x v 1 (2) v V x v 0 (3)

Lecture 7. s.t. e = (u,v) E x u + x v 1 (2) v V x v 0 (3) COMPSCI 632: Approximation Algorithms September 18, 2017 Lecturer: Debmalya Panigrahi Lecture 7 Scribe: Xiang Wang 1 Overview In this lecture, we will use Primal-Dual method to design approximation algorithms

More information

Understanding Sources of Inefficiency in General-Purpose Chips

Understanding Sources of Inefficiency in General-Purpose Chips Understanding Sources of Inefficiency in General-Purpose Chips Rehan Hameed Wajahat Qadeer Megan Wachs Omid Azizi Alex Solomatnikov Benjamin Lee Stephen Richardson Christos Kozyrakis Mark Horowitz GP Processors

More information

CS261: A Second Course in Algorithms Lecture #16: The Traveling Salesman Problem

CS261: A Second Course in Algorithms Lecture #16: The Traveling Salesman Problem CS61: A Second Course in Algorithms Lecture #16: The Traveling Salesman Problem Tim Roughgarden February 5, 016 1 The Traveling Salesman Problem (TSP) In this lecture we study a famous computational problem,

More information

RTL Coding General Concepts

RTL Coding General Concepts RTL Coding General Concepts Typical Digital System 2 Components of a Digital System Printed circuit board (PCB) Embedded d software microprocessor microcontroller digital signal processor (DSP) ASIC Programmable

More information

Adam Chlipala University of California, Berkeley ICFP 2006

Adam Chlipala University of California, Berkeley ICFP 2006 Modular Development of Certified Program Verifiers with a Proof Assistant Adam Chlipala University of California, Berkeley ICFP 2006 1 Who Watches the Watcher? Program Verifier Might want to ensure: Memory

More information

A VARIETY OF ICS ARE POSSIBLE DESIGNING FPGAS & ASICS. APPLICATIONS MAY USE STANDARD ICs or FPGAs/ASICs FAB FOUNDRIES COST BILLIONS

A VARIETY OF ICS ARE POSSIBLE DESIGNING FPGAS & ASICS. APPLICATIONS MAY USE STANDARD ICs or FPGAs/ASICs FAB FOUNDRIES COST BILLIONS architecture behavior of control is if left_paddle then n_state

More information

A Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:

A Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean: A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. Zero Knowledge Protocols 3. Each statement is derived via the derivation rules.

More information

Zero Knowledge Protocols. c Eli Biham - May 3, Zero Knowledge Protocols (16)

Zero Knowledge Protocols. c Eli Biham - May 3, Zero Knowledge Protocols (16) Zero Knowledge Protocols c Eli Biham - May 3, 2005 442 Zero Knowledge Protocols (16) A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms.

More information

Annotations For Sparse Data Streams

Annotations For Sparse Data Streams Annotations For Sparse Data Streams Justin Thaler, Simons Institute, UC Berkeley Joint Work with: Amit Chakrabarti, Dartmouth Graham Cormode, University of Warwick Navin Goyal, Microsoft Research India

More information

Improving Logic Obfuscation via Logic Cone Analysis

Improving Logic Obfuscation via Logic Cone Analysis Improving Logic Obfuscation via Logic Cone Analysis Yu-Wei Lee and Nur A. Touba Computer Engineering Research Center University of Texas, Austin, TX 78712 ywlee@utexas.edu, touba@utexas.edu Abstract -

More information

Analyzing Bitcoin Security. Philippe Camacho

Analyzing Bitcoin Security. Philippe Camacho Analyzing Bitcoin Security Philippe Camacho philippe.camacho@dreamlab.net Universidad Católica, Santiago de Chile 15 of June 2016 Bitcoin matters Map Blockchain Design Known Attacks Security Models Double

More information

PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE

PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University

More information

Multi-Theorem Preprocessing NIZKs from Lattices

Multi-Theorem Preprocessing NIZKs from Lattices Multi-Theorem Preprocessing NIZKs from Lattices Sam Kim and David J. Wu Stanford University Soundness: x L, P Pr P, V (x) = accept = 0 No prover can convince honest verifier of false statement Proof Systems

More information

Memory Bandwidth and Low Precision Computation. CS6787 Lecture 10 Fall 2018

Memory Bandwidth and Low Precision Computation. CS6787 Lecture 10 Fall 2018 Memory Bandwidth and Low Precision Computation CS6787 Lecture 10 Fall 2018 Memory as a Bottleneck So far, we ve just been talking about compute e.g. techniques to decrease the amount of compute by decreasing

More information

1 A Tale of Two Lovers

1 A Tale of Two Lovers CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.

More information

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation Yehuda Lindell Department of Computer Science and Applied Math, Weizmann Institute of Science, Rehovot, Israel. lindell@wisdom.weizmann.ac.il

More information

The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web

The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web The Efficient Server Audit Problem, Deduplicated Re-execution, and the Web Cheng Tan, Lingfan Yu, Joshua B. Leners*, and Michael Walfish NYU Department of Computer Science, Courant Institute *Two Sigma

More information

HaTCh: State-of-the-Art in Hardware Trojan Detection

HaTCh: State-of-the-Art in Hardware Trojan Detection CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 9a HaTCh follows http://arxiv.org/abs/1605.08413 and https://eprint.iacr.org/2014/943.pdf HaTCh: State-of-the-Art in Hardware Trojan Detection Marten

More information

Verifying Real-World Security Protocols from finding attacks to proving security theorems

Verifying Real-World Security Protocols from finding attacks to proving security theorems Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis

More information

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong

CS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation

More information

CSC 5930/9010 Modern Cryptography: Digital Signatures

CSC 5930/9010 Modern Cryptography: Digital Signatures CSC 5930/9010 Modern Cryptography: Digital Signatures Professor Henry Carter Fall 2018 Recap Implemented public key schemes in practice commonly encapsulate a symmetric key for the rest of encryption KEM/DEM

More information

Verifying computations with state

Verifying computations with state Verifying computations with state Benjamin Braun, Ariel J. Feldman, Zuocheng Ren, Srinath Setty, Andrew J. Blumberg, and Michael Walfish The University of Texas at Austin University of Pennsylvania Abstract

More information

Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data

Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data Recursive Composition and Bootstrapping for SNARKs and Proof-Carrying Data Nir Bitansky nirbitan@tau.ac.il Tel Aviv University Alessandro Chiesa alexch@csail.mit.edu MIT Ran Canetti canetti@tau.ac.il Boston

More information

Rational Oblivious Transfer

Rational Oblivious Transfer Rational Oblivious Transfer Xiong Fan xfan@cs.umd.edu Kartik Nayak kartik1507@gmail.com May 14, 2014 Abstract Oblivious transfer is widely used in secure multiparty computation. In this paper, we propose

More information

- Presentation 25 minutes + 5 minutes for questions. - Presentation is on Wednesday, 11:30-12:00 in B05-B06

- Presentation 25 minutes + 5 minutes for questions. - Presentation is on Wednesday, 11:30-12:00 in B05-B06 Information: - Presentation 25 minutes + 5 minutes for questions. - Presentation is on Wednesday, 11:30-12:00 in B05-B06 - Presentation is after: Abhi Shelat (fast two-party secure computation with minimal

More information

Programmable Logic Devices HDL-Based Design Flows CMPE 415

Programmable Logic Devices HDL-Based Design Flows CMPE 415 HDL-Based Design Flows: ASIC Toward the end of the 80s, it became difficult to use schematic-based ASIC flows to deal with the size and complexity of >5K or more gates. HDLs were introduced to deal with

More information

Digital System Design Lecture 2: Design. Amir Masoud Gharehbaghi

Digital System Design Lecture 2: Design. Amir Masoud Gharehbaghi Digital System Design Lecture 2: Design Amir Masoud Gharehbaghi amgh@mehr.sharif.edu Table of Contents Design Methodologies Overview of IC Design Flow Hardware Description Languages Brief History of HDLs

More information

Formal methods for software security

Formal methods for software security Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality

More information

Lecture 18 - Chosen Ciphertext Security

Lecture 18 - Chosen Ciphertext Security Lecture 18 - Chosen Ciphertext Security Boaz Barak November 21, 2005 Public key encryption We now go back to public key encryption. As we saw in the case of private key encryption, CPA security is not

More information

ACL2 Challenge Problem: Formalizing BitCryptol April 20th, John Matthews Galois Connections

ACL2 Challenge Problem: Formalizing BitCryptol April 20th, John Matthews Galois Connections ACL2 Challenge Problem: Formalizing BitCryptol April 20th, 2005 John Matthews Galois Connections matthews@galois.com Roadmap SHADE verifying compiler Deeply embedding Cryptol semantics in ACL2 Challenge

More information

Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers

Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers Non-Interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers Rosario Gennaro Craig Gentry Bryan Parno February 1, 2010 bstract Verifiable Computation enables a computationally weak

More information

Efficient Data Structures for Tamper-Evident Logging

Efficient Data Structures for Tamper-Evident Logging Efficient Data Structures for Tamper-Evident Logging Scott A. Crosby Dan S. Wallach Rice University Everyone has logs Tamper evident solutions Current commercial solutions Write only hardware appliances

More information

Chapter 1 Overview of Digital Systems Design

Chapter 1 Overview of Digital Systems Design Chapter 1 Overview of Digital Systems Design SKEE2263 Digital Systems Mun im/ismahani/izam {munim@utm.my,e-izam@utm.my,ismahani@fke.utm.my} February 8, 2017 Why Digital Design? Many times, microcontrollers

More information

Hardware/Software Partitioning for SoCs. EECE Advanced Topics in VLSI Design Spring 2009 Brad Quinton

Hardware/Software Partitioning for SoCs. EECE Advanced Topics in VLSI Design Spring 2009 Brad Quinton Hardware/Software Partitioning for SoCs EECE 579 - Advanced Topics in VLSI Design Spring 2009 Brad Quinton Goals of this Lecture Automatic hardware/software partitioning is big topic... In this lecture,

More information

Lecture 6: Arithmetic and Threshold Circuits

Lecture 6: Arithmetic and Threshold Circuits IAS/PCMI Summer Session 2000 Clay Mathematics Undergraduate Program Advanced Course on Computational Complexity Lecture 6: Arithmetic and Threshold Circuits David Mix Barrington and Alexis Maciel July

More information

Side channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut

Side channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:

More information

Efficient Private Information Retrieval

Efficient Private Information Retrieval Efficient Private Information Retrieval K O N S T A N T I N O S F. N I K O L O P O U L O S T H E G R A D U A T E C E N T E R, C I T Y U N I V E R S I T Y O F N E W Y O R K K N I K O L O P O U L O S @ G

More information

Secure Multi-Party Computation Without Agreement

Secure Multi-Party Computation Without Agreement Secure Multi-Party Computation Without Agreement Shafi Goldwasser Department of Computer Science The Weizmann Institute of Science Rehovot 76100, Israel. shafi@wisdom.weizmann.ac.il Yehuda Lindell IBM

More information

Lecture 10, Zero Knowledge Proofs, Secure Computation

Lecture 10, Zero Knowledge Proofs, Secure Computation CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last

More information

Indistinguishable Proofs of Work or Knowledge

Indistinguishable Proofs of Work or Knowledge Indistinguishable Proofs of Work or Knowledge Foteini Baldimtsi, Aggelos Kiayias, Thomas Zacharias, Bingsheng Zhang ASIACRYPT 2016 8th December, Hanoi, Vietnam Motivation (ZK) Proofs of Knowledge - PoK

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Michael J. Fischer Lecture 4 September 11, 2017 CPSC 467, Lecture 4 1/23 Analyzing Confidentiality of Cryptosystems Secret ballot elections Information protection Adversaries

More information

vsql: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases

vsql: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases 2017 IEEE Symposium on Security and Privacy vsql: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases Yupeng Zhang, Daniel Genkin,, Jonathan Katz, Dimitrios Papadopoulos, and Charalampos

More information

Application to More Efficient Obfuscation

Application to More Efficient Obfuscation Lattice-Based SNARGs and Their Application to More Efficient Obfuscation Dan Boneh, Yuval Ishai, Amit Sahai, and David J. Wu Program Obfuscation [BGIRSVY01, GGHRSW13] Indistinguishability obfuscation (io)

More information

Today. Lecture 4: Last time. The EM algorithm. We examine clustering in a little more detail; we went over it a somewhat quickly last time

Today. Lecture 4: Last time. The EM algorithm. We examine clustering in a little more detail; we went over it a somewhat quickly last time Today Lecture 4: We examine clustering in a little more detail; we went over it a somewhat quickly last time The CAD data will return and give us an opportunity to work with curves (!) We then examine

More information

INDUSTRIAL ZERO-KNOWLEDGE PROVING SYSTEM

INDUSTRIAL ZERO-KNOWLEDGE PROVING SYSTEM INDUSTRIAL ZERO-KNOWLEDGE PROVING SYSTEM INTRODUCTION Consider what we might mean by the term industrial proving system. The broad functionality is clear. An organization, motivated by the competing aims

More information

Multi-Party 2 Computation Part 1

Multi-Party 2 Computation Part 1 ECRYPT.NET Cloud Summer School Multi-Party 2 Computation Part 1 Claudio Orlandi, Aarhus University Plan for the next 3 hours Part 1: Secure Computation with a Trusted Dealer Warmup: One-Time Truth Tables

More information

Design Verification Lecture 01

Design Verification Lecture 01 M. Hsiao 1 Design Verification Lecture 01 Course Title: Verification of Digital Systems Professor: Michael Hsiao (355 Durham) Prerequisites: Digital Logic Design, C/C++ Programming, Data Structures, Computer

More information

Outline. Proof Carrying Code. Hardware Trojan Threat. Why Compromise HDL Code?

Outline. Proof Carrying Code. Hardware Trojan Threat. Why Compromise HDL Code? Outline Proof Carrying Code Mohammad Tehranipoor ECE6095: Hardware Security & Trust University of Connecticut ECE Department Hardware IP Verification Hardware PCC Background Software PCC Description Software

More information

Architecture and Partitioning - Architecture

Architecture and Partitioning - Architecture Architecture and Partitioning - Architecture Architecture Management, Marketing and Senior Project Engineers work together to define product requirements. The product requirements will set cost, size and

More information

Pricing of Derivatives by Fast, Hardware-Based Monte-Carlo Simulation

Pricing of Derivatives by Fast, Hardware-Based Monte-Carlo Simulation Pricing of Derivatives by Fast, Hardware-Based Monte-Carlo Simulation Prof. Dr. Joachim K. Anlauf Universität Bonn Institut für Informatik II Technische Informatik Römerstr. 164 53117 Bonn E-Mail: anlauf@informatik.uni-bonn.de

More information

Advanced FPGA Design Methodologies with Xilinx Vivado

Advanced FPGA Design Methodologies with Xilinx Vivado Advanced FPGA Design Methodologies with Xilinx Vivado Alexander Jäger Computer Architecture Group Heidelberg University, Germany Abstract With shrinking feature sizes in the ASIC manufacturing technology,

More information

The design of a programming language for provably correct programs: success and failure

The design of a programming language for provably correct programs: success and failure The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts

More information

An Interface Specification Language for Automatically Analyzing Cryptographic Protocols

An Interface Specification Language for Automatically Analyzing Cryptographic Protocols An Interface Specification Language for Automatically Analyzing Cryptographic Protocols Internet Society Symposium on Network and Distributed System Security February 10-11, 1997 San Diego Princess Resort,

More information

Testing & Verification of Digital Circuits ECE/CS 5745/6745. Hardware Verification using Symbolic Computation

Testing & Verification of Digital Circuits ECE/CS 5745/6745. Hardware Verification using Symbolic Computation Testing & Verification of Digital Circuits ECE/CS 5745/6745 Hardware Verification using Symbolic Computation Instructor: Priyank Kalla (kalla@ece.utah.edu) 3 Credits Mon, Wed 1:25-2:45pm, WEB 2250 Office

More information

Masking vs. Multiparty Computation: How Large is the Gap for AES?

Masking vs. Multiparty Computation: How Large is the Gap for AES? Masking vs. Multiparty Computation: How Large is the Gap for AES? Vincent Grosso 1, François-Xavier Standaert 1, Sebastian Faust 2. 1 ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Belgium.

More information

Cryptographically Sound Implementations for Typed Information-Flow Security

Cryptographically Sound Implementations for Typed Information-Flow Security FormaCrypt, Nov 30. 2007 Cryptographically Sound Implementations for Typed Information-Flow Security Cédric Fournet Tamara Rezk Microsoft Research INRIA Joint Centre http://msr-inria.inria.fr/projects/sec/cflow

More information

Trojan-tolerant Hardware & Supply Chain Security in Practice

Trojan-tolerant Hardware & Supply Chain Security in Practice Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge

More information

THE globalization of the semiconductor supply chain

THE globalization of the semiconductor supply chain IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 12, NO. 2, FEBRUARY 2017 405 Eliminating the Hardware-Software Boundary: A Proof-Carrying Approach for Trust Evaluation on Computer Systems

More information

Argon2 for password hashing and cryptocurrencies

Argon2 for password hashing and cryptocurrencies Argon2 for password hashing and cryptocurrencies Alex Biryukov, Daniel Dinu, Dmitry Khovratovich University of Luxembourg 2nd April 2016 Motivation Password-based authentication Keyless password authentication:

More information

Lecture 4a. CMOS Fabrication, Layout and Simulation. R. Saleh Dept. of ECE University of British Columbia

Lecture 4a. CMOS Fabrication, Layout and Simulation. R. Saleh Dept. of ECE University of British Columbia Lecture 4a CMOS Fabrication, Layout and Simulation R. Saleh Dept. of ECE University of British Columbia res@ece.ubc.ca 1 Fabrication Fabrication is the process used to create devices and wires. Transistors

More information

Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions

Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions Bounded-Concurrent Secure Two-Party Computation Without Setup Assumptions Yehuda Lindell IBM T.J.Watson Research 19 Skyline Drive, Hawthorne New York 10532, USA lindell@us.ibm.com ABSTRACT In this paper

More information

An Automated Tool for Evaluating Hardware Trojans and Detection Methods

An Automated Tool for Evaluating Hardware Trojans and Detection Methods Int'l Conf. Security and Management SAM'16 213 An Automated Tool for Evaluating Hardware Trojans and Detection Methods Nicholas Houghton, Samer Moein, Fayez Gebali, and T. Aaron Gulliver Department of

More information

Verilog. What is Verilog? VHDL vs. Verilog. Hardware description language: Two major languages. Many EDA tools support HDL-based design

Verilog. What is Verilog? VHDL vs. Verilog. Hardware description language: Two major languages. Many EDA tools support HDL-based design Verilog What is Verilog? Hardware description language: Are used to describe digital system in text form Used for modeling, simulation, design Two major languages Verilog (IEEE 1364), latest version is

More information

Securing FPGA-Based Obsolete Component Replacement for Legacy Systems

Securing FPGA-Based Obsolete Component Replacement for Legacy Systems Securing FPGA-Based Obsolete Component Replacement for Legacy Systems Zhiming Zhang 1, Laurent Njilla 2, Charles Kamhoua 3, Kevin Kwiat 2, and Qiaoyan Yu 1 1 Department of Electrical and Computer Engineering,

More information

"On the Capability and Achievable Performance of FPGAs for HPC Applications"

On the Capability and Achievable Performance of FPGAs for HPC Applications "On the Capability and Achievable Performance of FPGAs for HPC Applications" Wim Vanderbauwhede School of Computing Science, University of Glasgow, UK Or in other words "How Fast Can Those FPGA Thingies

More information

Notes for Lecture 5. 2 Non-interactive vs. Interactive Key Exchange

Notes for Lecture 5. 2 Non-interactive vs. Interactive Key Exchange COS 597C: Recent Developments in Program Obfuscation Lecture 5 (9/29/16) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 5 1 Last Time Last time, we saw that we can get public

More information

FPGA introduction 2008

FPGA introduction 2008 FPGA introduction 2008 ecos is a registered trademark of ecoscentric Limited Øyvind Harboe, General Manager, Zylin AS What is an FPGA? Field Programmable Gate Array Not necessarily reprogrammable (anti-fuse,

More information

Defining Encryption. Lecture 2. Simulation & Indistinguishability

Defining Encryption. Lecture 2. Simulation & Indistinguishability Defining Encryption Lecture 2 Simulation & Indistinguishability Roadmap First, Symmetric Key Encryption Defining the problem We ll do it elaborately, so that it will be easy to see different levels of

More information

Implementing MATLAB Algorithms in FPGAs and ASICs By Alexander Schreiber Senior Application Engineer MathWorks

Implementing MATLAB Algorithms in FPGAs and ASICs By Alexander Schreiber Senior Application Engineer MathWorks Implementing MATLAB Algorithms in FPGAs and ASICs By Alexander Schreiber Senior Application Engineer MathWorks 2014 The MathWorks, Inc. 1 Traditional Implementation Workflow: Challenges Algorithm Development

More information

EE 466/586 VLSI Design. Partha Pande School of EECS Washington State University

EE 466/586 VLSI Design. Partha Pande School of EECS Washington State University EE 466/586 VLSI Design Partha Pande School of EECS Washington State University pande@eecs.wsu.edu Lecture 18 Implementation Methods The Design Productivity Challenge Logic Transistors per Chip (K) 10,000,000.10m

More information

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017

SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and

More information

Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority

Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority Bounded-Concurrent Secure Multi-Party Computation with a Dishonest Majority Rafael Pass Massachusetts Institute of Technology pass@csail.mit.edu June 4, 2004 Abstract We show how to securely realize any

More information

Lecture 12. Algorand

Lecture 12. Algorand Lecture 12 Algorand Proof-of-Stake Virtual Mining Proof of Stake Bitcoin uses proof of work to address sybil attacks and implement consensus Philosophy: Chance of winning in a block mining round proportional

More information

ESE534: Computer Organization. Previously. Today. Preclass. Why Registers? Latches, Registers

ESE534: Computer Organization. Previously. Today. Preclass. Why Registers? Latches, Registers ESE534: Computer Organization Previously Day 4: January 25, 2012 Sequential Logic (FSMs, Pipelining, FSMD) Boolean Logic Gates Arithmetic Complexity of computations E.g. area and delay for addition 1 2

More information

A Security Infrastructure for Trusted Devices

A Security Infrastructure for Trusted Devices Infrastructure () A Security Infrastructure for Trusted Devices Mahalingam Ramkumar Mississippi State University, MS Nasir Memon Polytechnic University, Brooklyn, NY January 31, 2005 Infrastructure ()

More information

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback