Verifiable ASICs

A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In contrast to the usual VC setup, here the prover and verifier together must impose less overhead than the alternative of executing directly on the trusted platform. We instantiate this approach by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT and Allspice interactive proof protocols, and required new observations about CMT, careful hardware design, and attention to architectural challenges. For a class of real computations, Zebra meets or exceeds the performance of executing directly on the trusted platform

Doubly-efficient zkSNARKs without trusted setup

We present a zero-knowledge argument for NP with low communication complexity, low concrete cost for both the prover and the verifier, and no trusted setup, based on standard cryptographic assumptions. Communication is proportional to $d\cdot\log G$ (for $d$ the depth and $G$ the width of the verifying circuit) plus the square root of the witness size. When applied to batched or data-parallel statements, the prover\u27s runtime is linear and the verifier\u27s is sub-linear in the verifying circuit size, both with good constants. In addition, witness-related communication can be reduced, at the cost of increased verifier runtime, by leveraging a new commitment scheme for multilinear polynomials, which may be of independent interest. These properties represent a new point in the tradeoffs among setup, complexity assumptions, proof size, and computational cost. We apply the Fiat-Shamir heuristic to this argument to produce a zero-knowledge succinct non-interactive argument of knowledge (zkSNARK) in the random oracle model, based on the discrete log assumption, which we call Hyrax. We implement Hyrax and evaluate it against five state-of-the-art baseline systems. Our evaluation shows that, even for modest problem sizes, Hyrax gives smaller proofs than all but the most computationally costly baseline, and that its prover and verifier are each faster than three of the five baselines

Corepressor/coactivator paradox: potential constitutive coactivation by corepressor splice variants

The functional consequences of the interaction of transcriptional coregulators with the human thyroid hormone receptor (TR) in mammalian cells are complex. We have used the yeast, Saccharomyces cerevisiae, which lack endogenous nuclear receptors (NRs) and NR coregulators, as a model to decipher mechanisms regulating transcriptional activation by TR. In effect, this system allows the reconstitution of TR mediated transcription complexes by the expression of specific combinations of mammalian proteins in yeast. In this yeast system, human adenovirus 5 early region 1A (E1A), a natural N-CoR splice variant (N-CoR(I)) or an artificial N-CoR truncation (N-CoR(C)) coactivate unliganded TRs and these effects are inhibited by thyroid hormone (TH). E1A contains a short peptide sequence that resembles known corepressor-NR interaction motifs (CoRNR box motif, CBM), and this motif is required for TR binding and coactivation. N-CoR(I) and N-CoR(C) contain three CBMs, but only the C-terminal CBM1 is critical for coactivation. These observations in a yeast model system suggest that E1A and N-CoR(I) are naturally occurring TR coactivators that bind in the typical corepressor mode. These findings also raise the possibility that alternative splicing events which form corepressor proteins containing only C-terminal CBM motifs could represent a novel mechanism in mammalian cells for regulating constitutive transcriptional activation by TRs

Full accounting for verifiable outsourcing

Systems for verifiable outsourcing incur costs for a prover, a verifier, and precomputation; outsourcing makes sense when the combination of these costs is cheaper than not outsourcing. Yet, when prior works impose quantitative thresholds to analyze whether outsourcing is justified, they generally ignore prover costs. Verifiable ASICs (VA)---in which the prover is a custom chip---is the other way around: its cost calculations ignore precomputation. This paper describes a new VA system, called Giraffe; charges Giraffe for all three costs; and identifies regimes where outsourcing is worthwhile. Giraffe’s base is an interactive proof geared to data-parallel computation. Giraffe makes this protocol asymptotically optimal for the prover and improves the verifier\u27s main bottleneck by almost 3x, both of which are of independent interest. Giraffe also develops a design template that produces hardware designs automatically for a wide range of parameters, introduces hardware primitives molded to the protocol’s data flows, and incorporates program analyses that expand applicability. Giraffe wins even when outsourcing several tens of sub-computations, scales to 500x larger computations than prior work, and can profitably outsource parts of programs that are not worthwhile to outsource in full

DDoS defense by offense

This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.National Science Foundation (U.S.) (NSF grant CNS-0225660)National Science Foundation (U.S.) (NSF grant CNS-0520241)United States. Dept. of Defense (National Security Science and Engineering Faculty Fellowship

Obesity and treatment meanings in bariatric surgery candidates: a qualitative study

Background This study used a qualitative approach to comprehend how the morbid obese conceptualize and deal with obesity and obesity treatment, with the particular aim of exploring the expectations and beliefs about the exigencies and the impact of bariatric surgery. Methods The study population included 30 morbid obese patients (20 women and 10 men) with a mean age of 39.17 years (SD = 8.81) and a mean body mass index of 47.5 (SD = 8.2) interviewed individually before surgery using open-ended questions. The interviews were audiotaped, transcribed, and then coded according to grounded analysis methodology. Results Three main thematic areas emerged from the data: obesity, eating behavior, and treatment. Obesity is described as a stable and hereditary trait. Although participants recognize that personal eating behavior exacerbates this condition, patients see their eating behavior as difficult to change and control. Food seems to be an ever-present dimension and a coping strategy, and to follow an adequate diet plan is described as a huge sacrifice. Bariatric surgery emerges as the only treatment for obesity, and participants highlight this moment as the beginning of a new life where health professionals have the main role. Bariatric surgery candidates see their eating behavior as out of their control, and to commit to its demands is seen as a big sacrifice. For these patients, surgery is understood as a miracle moment that will change their lives without requiring an active role or their participation. Conclusion According to these results, it is necessary to validate them with qualitative and quantitative studies; it is necessary to promote a new awareness of the weight loss process and to empower patients before and after bariatric surgery.Bolsa de doutoramento SFRH/BD/37069/2007 da Fundação para a Ciência e a Tecnologia (FCT

A Brief Overview of the NEBULA Future Internet Architecture

NEBULA is a proposal for a Future Internet Architecture. It is based on the assumptions that: (1) cloud computing will comprise an increasing fraction of the application workload offered to an Internet, and (2) that access to cloud computing resources will demand new architectural features from a network. Features that we have identified include dependability, security, flexibility and extensibility, the entirety of which constitute resilience.NEBULA provides resilient networking services using ultrareliable routers, an extensible control plane and use of multiple paths upon which arbitrary policies may be enforced. We report on a prototype system, Zodiac, that incorporates these latter two features

Efficient Verifiable Computation of XOR for Biometric Authentication

This work addresses the security and privacy issues in remotebiometric authentication by proposing an efficient mechanism to verifythe correctness of the outsourced computation in such protocols.In particular, we propose an efficient verifiable computation of XORingencrypted messages using an XOR linear message authenticationcode (MAC) and we employ the proposed scheme to build a biometricauthentication protocol. The proposed authentication protocol is bothsecure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient