Usually, a proof of a theorem contains more knowledge than the mere fact that the theorem is true. For instance, to prove that a graph is Hamiltonian it suffices to exhibit a Hamiltonian tour in it; however, this seems to contain more knowledge than the single bit Hamiltonian/non-Hamiltonian.In this paper a computational complexity theory of the “knowledge” contained in a proof is developed. Zero-knowledge proofs are defined as those proofs that convey no additional knowledge other than the correctness of the proposition in question. Examples of zero-knowledge proof systems are given for the languages of quadratic residuosity and 'quadratic nonresiduosity. These are the first examples of zero-knowledge proofs for languages not known to be efficiently recognizable.

/pdf/the-knowledge-complexity-of-interactive-proof-systems-31apre0ecf.pdf

The knowledge complexity of interactive proof-systems

Smart contracts are computer programs that can be correctly executed by a network of mutually distrusting nodes, without the need of an external trusted authority. Since smart contracts handle and transfer assets of considerable value, besides their correct execution it is also crucial that their implementation is secure against attacks which aim at stealing or tampering the assets. We study this problem in Ethereum, the most well-known and used framework for smart contracts so far. We analyse the security vulnerabilities of Ethereum smart contracts, providing a taxonomy of common programming pitfalls which may lead to vulnerabilities. We show a series of attacks which exploit these vulnerabilities, allowing an adversary to steal money or cause other damage.

A Survey of Attacks on Ethereum Smart Contracts SoK

/pdf/a-survey-of-attacks-on-ethereum-smart-contracts-43l3b2jez9.pdf

A survey of attacks on Ethereum smart contracts.

Permissionless blockchains allow the execution of arbitrary programs (called smart contracts), enabling mutually untrusted entities to interact without relying on trusted third parties. Despite their potential, repeated security concerns have shaken the trust in handling billions of USD by smart contracts. To address this problem, we present Securify, a security analyzer for Ethereum smart contracts that is scalable, fully automated, and able to prove contract behaviors as safe/unsafe with respect to a given property. Securify's analysis consists of two steps. First, it symbolically analyzes the contract's dependency graph to extract precise semantic information from the code. Then, it checks compliance and violation patterns that capture sufficient conditions for proving if a property holds or not. To enable extensibility, all patterns are specified in a designated domain-specific language. Securify is publicly released, it has analyzed >18K contracts submitted by its users, and is regularly used to conduct security audits by experts. We present an extensive evaluation of Securify over real-world Ethereum smart contracts and demonstrate that it can effectively prove the correctness of smart contracts and discover critical violations.

/pdf/securify-practical-security-analysis-of-smart-contracts-3m9isitgew.pdf

Securify: Practical Security Analysis of Smart Contracts

A privacy preserving association rule mining algorithm was introducedThis algorithm preserved privacy of individual values by computing scalar productMeanwhile the algorithm of computing scalar product was given and the security was analyzed

Privacy preserving association rule mining in vertically partitioned data

/pdf/hacl-n-verified-generic-simd-crypto-for-all-your-favorite-2118bgtokm.pdf

HACL×N: Verified Generic SIMD Crypto (for all your favorite platforms)

Model extraction attacks attempt to replicate a target machine learning model from predictions obtained by querying its inference API. Most existing attacks on Deep Neural Networks achieve this by supervised training of the copy using the victim's predictions. An emerging class of attacks exploit algebraic properties of DNNs to obtain high-fidelity copies using orders of magnitude fewer queries than the prior state-of-the-art. So far, such powerful attacks have been limited to networks with few hidden layers and ReLU activations. In this paper we present algebraic attacks on large-scale natural language models in a grey-box setting, targeting models with a pre-trained (public) encoder followed by a single (private) classification layer. Our key observation is that a small set of arbitrary embedding vectors is likely to form a basis of the classification layer's input space, which a grey-box adversary can compute. We show how to use this information to solve an equation system that determines the classification layer from the corresponding probability outputs. We evaluate the effectiveness of our attacks on different sizes of transformer models and downstream tasks. Our key findings are that (i) with frozen base layers, high-fidelity extraction is possible with a number of queries that is as small as twice the input dimension of the last layer. This is true even for queries that are entirely in-distribution, making extraction attacks indistinguishable from legitimate use; (ii) with fine-tuned base layers, the effectiveness of algebraic attacks decreases with the learning rate, showing that fine-tuning is not only beneficial for accuracy but also indispensable for model confidentiality.

/pdf/grey-box-extraction-of-natural-language-models-xibq740dvq.pdf

Grey-box Extraction of Natural Language Models

We report ongoing work towards a verified reference implementation of TLS 1.3 in the F* programming language. Our code supports selected ciphersuites for all versions of TLS from 1.0 to 1.3. It is being developed on http://github.com/mitls as the next version of MITLS, written in F? instead of F#. We intend to prove a strong, joint cryptographic security theorem for TLS 1.3 clients and servers, even when they run alongside older versions of the protocol with weaker security. Our verification approach adapts and extends that of MITLS in several ways: (1) we adopt an idiomatic stateful style that promises higher performance than the pure functional style of MITLS; (2) we seek to prove stronger security properties with fewer ad hoc assumptions; (3) we rely on advanced F? type inference to substantially reduce both the code base and the typed proof annotations. This paper describes our implementation architecture, our new composite state machine for TLS 1.0–1.3, and our target security theorem. By the time of the TRON workshop, we will present concrete verification results for our implementation. As far as we are aware, these will be the first cryptographic proofs for an implementation of TLS 1.3, and a fortiori for an implementation that is backward compatible with older versions of the protocol. We anticipate that our effort will identify early problems and offer implementation guidelines for other TLS libraries.

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/11/tron16.pdf

Towards a Provably Secure Implementation of TLS 1.3

Computer-aided verification provides effective means of analyzing the security of cryptographic primitives. However, it has remained a challenge to achieve fully automated analyses yielding guarantees that hold against computational (rather than symbolic) attacks. This paper meets this challenge for public-key encryption schemes built from trapdoor permutations and hash functions. Using a novel combination of techniques from computational and symbolic cryptography, we present proof systems for analyzing the chosen-plaintext and chosen-ciphertext security of such schemes in the random oracle model. Building on these proof systems, we develop a toolset that bundles together fully automated proof and attack finding algorithms. We use this toolset to build a comprehensive database of encryption schemes that records attacks against insecure schemes, and proofs with concrete bounds for secure ones.

/pdf/fully-automated-analysis-of-padding-based-encryption-in-the-32ydxq7ngp.pdf

Fully Automated Analysis of Padding-Based Encryption in the Computational Model

We present Low*, a language for low-level programming and verification, and its application to high-assurance optimized cryptographic libraries. Low* is a shallow embedding of a small, sequential, well-behaved subset of C in F*, a dependently- typed variant of ML aimed at program verification. Departing from ML, Low* does not involve any garbage collection or implicit heap allocation; instead, it has a structured memory model a la CompCert, and it provides the control required for writing efficient low-level security-critical code. By virtue of typing, any Low* program is memory safe. In addition, the programmer can make full use of the verification power of F* to write high-level specifications and verify the functional correctness of Low* code using a combination of SMT automation and sophisticated manual proofs. At extraction time, specifications and proofs are erased, and the remaining code enjoys a predictable translation to C. We prove that this translation preserves semantics and side-channel resistance. We provide a new compiler back-end from Low* to C and, to evaluate our approach, we implement and verify various cryptographic algorithms, constructions, and tools for a total of about 28,000 lines of code. We show that our Low* code delivers performance competitive with existing (unverified) C cryptographic libraries, suggesting our approach may be applicable to larger-scale low-level software.

/pdf/verified-low-level-programming-embedded-in-f-2mksjxlgct.pdf

Santiago Zanella-Béguelin

Papers

HACL×N: Verified Generic SIMD Crypto (for all your favorite platforms)

Grey-box Extraction of Natural Language Models

Towards a Provably Secure Implementation of TLS 1.3

Fully Automated Analysis of Padding-Based Encryption in the Computational Model

Verified Low-Level Programming Embedded in F*