Verifiable ASICs

A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In contrast to the usual VC setup, here the prover and verifier together must impose less overhead than the alternative of executing directly on the trusted platform. We instantiate this approach by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT and Allspice interactive proof protocols, and required new observations about CMT, careful hardware design, and attention to architectural challenges. For a class of real computations, Zebra meets or exceeds the performance of executing directly on the trusted platform

Doubly-efficient zkSNARKs without trusted setup

We present a zero-knowledge argument for NP with low communication complexity, low concrete cost for both the prover and the verifier, and no trusted setup, based on standard cryptographic assumptions. Communication is proportional to $d\cdot\log G$ (for $d$ the depth and $G$ the width of the verifying circuit) plus the square root of the witness size. When applied to batched or data-parallel statements, the prover\u27s runtime is linear and the verifier\u27s is sub-linear in the verifying circuit size, both with good constants. In addition, witness-related communication can be reduced, at the cost of increased verifier runtime, by leveraging a new commitment scheme for multilinear polynomials, which may be of independent interest. These properties represent a new point in the tradeoffs among setup, complexity assumptions, proof size, and computational cost. We apply the Fiat-Shamir heuristic to this argument to produce a zero-knowledge succinct non-interactive argument of knowledge (zkSNARK) in the random oracle model, based on the discrete log assumption, which we call Hyrax. We implement Hyrax and evaluate it against five state-of-the-art baseline systems. Our evaluation shows that, even for modest problem sizes, Hyrax gives smaller proofs than all but the most computationally costly baseline, and that its prover and verifier are each faster than three of the five baselines

DDoS defense by offense

This article presents the design, implementation, analysis, and experimental evaluation of speak-up, a defense against application-level distributed denial-of-service (DDoS), in which attackers cripple a server by sending legitimate-looking requests that consume computational resources (e.g., CPU cycles, disk). With speak-up, a victimized server encourages all clients, resources permitting, to automatically send higher volumes of traffic. We suppose that attackers are already using most of their upload bandwidth so cannot react to the encouragement. Good clients, however, have spare upload bandwidth so can react to the encouragement with drastically higher volumes of traffic. The intended outcome of this traffic inflation is that the good clients crowd out the bad ones, thereby capturing a much larger fraction of the server's resources than before. We experiment under various conditions and find that speak-up causes the server to spend resources on a group of clients in rough proportion to their aggregate upload bandwidths, which is the intended result.National Science Foundation (U.S.) (NSF grant CNS-0225660)National Science Foundation (U.S.) (NSF grant CNS-0520241)United States. Dept. of Defense (National Security Science and Engineering Faculty Fellowship

A Brief Overview of the NEBULA Future Internet Architecture

NEBULA is a proposal for a Future Internet Architecture. It is based on the assumptions that: (1) cloud computing will comprise an increasing fraction of the application workload offered to an Internet, and (2) that access to cloud computing resources will demand new architectural features from a network. Features that we have identified include dependability, security, flexibility and extensibility, the entirety of which constitute resilience.NEBULA provides resilient networking services using ultrareliable routers, an extensible control plane and use of multiple paths upon which arbitrary policies may be enforced. We report on a prototype system, Zodiac, that incorporates these latter two features

Efficient Verifiable Computation of XOR for Biometric Authentication

This work addresses the security and privacy issues in remotebiometric authentication by proposing an efficient mechanism to verifythe correctness of the outsourced computation in such protocols.In particular, we propose an efficient verifiable computation of XORingencrypted messages using an XOR linear message authenticationcode (MAC) and we employ the proposed scheme to build a biometricauthentication protocol. The proposed authentication protocol is bothsecure and privacy-preserving against malicious (as opposed to honest-but-curious) adversaries. Specifically, the use of the verifiable computation scheme together with an homomorphic encryption protects the privacy of biometric templates against malicious adversaries. Furthermore, in order to achieve unlinkability of authentication attempts, while keeping a low communication overhead, we show how to apply Oblivious RAM and biohashing to our protocol. We also provide a proof of security for the proposed solution. Our simulation results show that the proposed authentication protocol is efficient

Randomized comparison of the effects of the vitamin D(3 )adequate intake versus 100 mcg (4000 IU) per day on biochemical responses and the wellbeing of patients

BACKGROUND: For adults, vitamin D intake of 100 mcg (4000 IU)/day is physiologic and safe. The adequate intake (AI) for older adults is 15 mcg (600 IU)/day, but there has been no report focusing on use of this dose. METHODS: We compared effects of these doses on biochemical responses and sense of wellbeing in a blinded, randomized trial. In Study 1, 64 outpatients (recruited if summer 2001 25(OH)D <61 nmol/L) were given 15 or 100 mcg/day vitamin D in December 2001. Biochemical responses were followed at subsequent visits that were part of clinical care; 37 patients completed a wellbeing questionnaire in December 2001 and February 2002. Subjects for Study 2 were recruited if their 25(OH)D was <51 nmol/L in summer 2001. 66 outpatients were given vitamin D; 51 completed a wellbeing questionnaire in both December 2002 and February 2003. RESULTS: In Study 1, basal summer 25-hydroxyvitamin D [25(OH)D] averaged 48 ± 9 (SD) nmol/L. Supplementation for more than 6 months produced mean 25(OH)D levels of 79 ± 30 nmol/L for the 15 mcg/day group, and 112 ± 41 nmol/L for the 100 mcg/day group. Both doses lowered plasma parathyroid hormone with no effect on plasma calcium. Between December and February, wellbeing score improved more for the 100-mcg/day group than for the lower-dosed group (1-tail Mann-Whitney p = 0.036). In Study 2, 25(OH)D averaged 39 ± 9 nmol/L, and winter wellbeing scores improved with both doses of vitamin D (two-tail p < 0.001). CONCLUSION: The highest AI for vitamin D brought summertime 25(OH)D to >40 nmol/L, lowered PTH, and its use was associated with improved wellbeing. The 100 mcg/day dose produced greater responses. Since it was ethically necessary to provide a meaningful dose of vitamin D to these insufficient patients, we cannot rule out a placebo wellbeing response, particularly for those on the lower dose. This work confirms the safety and efficacy of both 15 and 100 mcg/day vitamin D(3 )in patients who needed additional vitamin D