Stanford Security Lunch
Spring 2018

Get announcements: Mail Ical

April 04, 2018 Doubly-efficient zkSNARKs without trusted setup

Speaker:  Riad Wahby

Abstract:  We present a zero-knowledge argument for NP with low communication complexity, low concrete cost for both the prover and the verifier, and no trusted setup, based on standard cryptographic assumptions. Communication is proportional to d log G (for d the depth and G the width of the verifying circuit) plus the square root of the witness size. When applied to batched or data-parallel statements, the prover's runtime is linear and the verifier's is sub-linear in the verifying circuit size, both with good constants. In addition, witness-related communication can be reduced, at the cost of increased verifier runtime, by leveraging a new commitment scheme for multilinear polynomials, which may be of independent interest. These properties represent a new point in the tradeoffs among setup, complexity assumptions, proof size, and computational cost. We apply the Fiat-Shamir heuristic to this argument to produce a zero-knowledge succinct non-interactive argument of knowledge (zkSNARK) in the random oracle model, based on the discrete log assumption, which we call Hyrax. We implement Hyrax and evaluate it against five state-of-the-art baseline systems. Our evaluation shows that, even for modest problem sizes, Hyrax gives smaller proofs than all but the most computationally costly baseline, and that its prover and verifier are each faster than three of the five baselines.

Joint work with:  Ioanna Tzialla, abhi shelat, Justin Thaler, and Michael Walfish

April 11, 2018 Rocket: Securing the Web at Compile-time

Speaker:  Sergio Benitez

Abstract:  Rocket is a web framework, written in Rust, that prevents correctness and security bugs at compile-time. It works primarily through compiler extensions, or procedural macros as they're known in Rust. At compile-time, Rocket checks an application's source code and generates additional code that checks or ensures various web security or correctness properties at runtime. These properties range from directory traversal prevention to arbitrary input validation. Rocket was released to the public as an open source project late 2016 and has become the web framework of choice for the Rust programming language. There are over 3,800 projects on GitHub using Rocket, and dozens of companies such as NPM and System76 are using Rocket in production today.

April 18, 2018 Certified defenses against adversarial examples

Speaker:  Aditi Raghunathan

Abstract:  While neural networks have achieved high accuracy on standard image classification benchmarks, their accuracy drops to nearly zero in the presence of small adversarial perturbations to test inputs. Defenses based on regularization and adversarial training have been proposed, but often followed by new, stronger attacks that defeat these defenses. Can we somehow end this arms race? In this work, we study this problem for neural networks with one hidden layer. We first propose a method based on a semidefinite relaxation that outputs a certificate that for a given network and test input, no attack can force the error to exceed a certain value. Second, as this certificate is differentiable, we jointly optimize it with the network parameters, providing an adaptive regularizer that encourages robustness against all attacks. On MNIST, our approach produces a network and a certificate that no that perturbs each pixel by at most \epsilon = 0.1 can cause more than 35% test error.

April 25, 2018 Power side channel analysis, meet deep learning

Speaker:  Jasper van Woudenberg (Riscure)

Abstract:  Power side channel analysis is the art and science of extracting secret information from the measured power consumption of a device. There is a body of research dedicated to various statistical and cryptanalytic methods to model cryptographic key leakage, such that keys can be extracted from noisy power measurements. One main method used in practical side channel analysis is Template Analysis (TA). TA can be trained to model the intermediate state of a cryptographic implementation, e.g. the Hamming Weight of the output of of MixColumns operation in AES. With a trained models, key recovery is possible on an unknown key if the device is leaky. Most research in side channel analysis focuses on methods that assume power measurements have been preprocessed, and TA is no different. In practical analysis, preprocessing itself is strongly dependent on the skills of a human, who needs to perform operations such as alignment, filtering and compression to increase the signal-to-noise ratio. This preprocessing is a learned skill, and without this preprocessing, TA is unlikely to extract a key. Deep learning has shown to be able to perform classification of images and other signals under various transformations, without human preprocessing. As TA is essentially a classification algorithm, our research aims at determining how well a deep learning classifier can replace the combination of TA and a human. In this presentation we introduce the basics of power analysis and deep learning, show our current research results and pose our open questions.

May 02, 2018 Ethereums Surprises

Speaker:  Dieter Shirley CTO CryptoKitties

Abstract:  Join CryptoKitties CTO, Dieter Shirley, for a discussion about the surprises and challenges they faced when building CryptoKitties and developing on the Ethereum blockchain.

May 09, 2018 The Evolving Architecture of the Web

Speaker:  Nick Sullivan (Cloudflare)

Abstract:  The encrypted web is built on top of a few simple protocols: HTTP, TLS, and DNS. These protocols were written with some fundamental assumptions about the architecture of the internet in mind, like the idea that different IP addresses correspond to separate physical machines. However, some of these assumptions are changing, and changing quickly. The popularity of technologies like IP anycast, Layer 4 load balancing, and the consolidation of massive portions of the web behind a small set of reverse proxy services mean that the architecture of the web today is very different than what is taught in computer networking classes. In this talk, I will examine some of the impacts of these changes and how internet standards such as HTTP/2 are being adapted to take advantage of the new architecture. I will also debate the tradeoffs between the complexity added by these changes and the privacy and latency benefits they provide to users of the web.

May 16, 2018 How I learnt to play in the CSP Sandbox

Speaker:  Devdatta Akhawe (Dropbox)

Abstract:  The typical way to isolate untrusted components on the web is to run them in an isolated domain. While very secure, "" is not the best place to host a lot of content like help center, forums, marketing pages. It looks bad and has a bunch of administrative overhead. Instead, an alternative is to use the CSP sandbox directive to isolate untrusted components in the "null" origin but still serve them from your main site. This is a lot easier to deploy and provides a powerful mitigation. This talk will cover how we deployed a CMS on without increasing our XSS risk; some interesting corner cases to think about; and a discussion on upcoming primitives like Suborigins that will make all of this a lot easier.

May 23, 2018 Zether, confidentiality in a smart contract world

Speaker:  Benedikt Bünz


May 30, 2018 TBA

June 06, 2018 TBA