Stanford Security Lunch
Spring 2018

Get announcements:

April 04, 2018 Doubly-efficient zkSNARKs without trusted setup

Speaker:  Riad Wahby

Abstract:  We present a zero-knowledge argument for NP with low communication complexity, low concrete cost for both the prover and the verifier, and no trusted setup, based on standard cryptographic assumptions. Communication is proportional to d log G (for d the depth and G the width of the verifying circuit) plus the square root of the witness size. When applied to batched or data-parallel statements, the prover's runtime is linear and the verifier's is sub-linear in the verifying circuit size, both with good constants. In addition, witness-related communication can be reduced, at the cost of increased verifier runtime, by leveraging a new commitment scheme for multilinear polynomials, which may be of independent interest. These properties represent a new point in the tradeoffs among setup, complexity assumptions, proof size, and computational cost. We apply the Fiat-Shamir heuristic to this argument to produce a zero-knowledge succinct non-interactive argument of knowledge (zkSNARK) in the random oracle model, based on the discrete log assumption, which we call Hyrax. We implement Hyrax and evaluate it against five state-of-the-art baseline systems. Our evaluation shows that, even for modest problem sizes, Hyrax gives smaller proofs than all but the most computationally costly baseline, and that its prover and verifier are each faster than three of the five baselines.

Joint work with:  Ioanna Tzialla, abhi shelat, Justin Thaler, and Michael Walfish

April 11, 2018 Rocket: Securing the Web at Compile-time

Speaker:  Sergio Benitez

Abstract:  Rocket is a web framework, written in Rust, that prevents correctness and security bugs at compile-time. It works primarily through compiler extensions, or procedural macros as they're known in Rust. At compile-time, Rocket checks an application's source code and generates additional code that checks or ensures various web security or correctness properties at runtime. These properties range from directory traversal prevention to arbitrary input validation. Rocket was released to the public as an open source project late 2016 and has become the web framework of choice for the Rust programming language. There are over 3,800 projects on GitHub using Rocket, and dozens of companies such as NPM and System76 are using Rocket in production today.

April 18, 2018 Certified defenses against adversarial examples

Speaker:  Aditi Raghunathan

Abstract:  While neural networks have achieved high accuracy on standard image classification benchmarks, their accuracy drops to nearly zero in the presence of small adversarial perturbations to test inputs. Defenses based on regularization and adversarial training have been proposed, but often followed by new, stronger attacks that defeat these defenses. Can we somehow end this arms race? In this work, we study this problem for neural networks with one hidden layer. We first propose a method based on a semidefinite relaxation that outputs a certificate that for a given network and test input, no attack can force the error to exceed a certain value. Second, as this certificate is differentiable, we jointly optimize it with the network parameters, providing an adaptive regularizer that encourages robustness against all attacks. On MNIST, our approach produces a network and a certificate that no that perturbs each pixel by at most \epsilon = 0.1 can cause more than 35% test error.

April 25, 2018 Power side channel analysis, meet deep learning

Speaker:  Jasper van Woudenberg (Riscure)

Abstract:  Power side channel analysis is the art and science of extracting secret information from the measured power consumption of a device. There is a body of research dedicated to various statistical and cryptanalytic methods to model cryptographic key leakage, such that keys can be extracted from noisy power measurements. One main method used in practical side channel analysis is Template Analysis (TA). TA can be trained to model the intermediate state of a cryptographic implementation, e.g. the Hamming Weight of the output of of MixColumns operation in AES. With a trained models, key recovery is possible on an unknown key if the device is leaky. Most research in side channel analysis focuses on methods that assume power measurements have been preprocessed, and TA is no different. In practical analysis, preprocessing itself is strongly dependent on the skills of a human, who needs to perform operations such as alignment, filtering and compression to increase the signal-to-noise ratio. This preprocessing is a learned skill, and without this preprocessing, TA is unlikely to extract a key. Deep learning has shown to be able to perform classification of images and other signals under various transformations, without human preprocessing. As TA is essentially a classification algorithm, our research aims at determining how well a deep learning classifier can replace the combination of TA and a human. In this presentation we introduce the basics of power analysis and deep learning, show our current research results and pose our open questions.

May 02, 2018 Ethereums Surprises

Speaker:  Dieter Shirley CTO CryptoKitties

Abstract:  Join CryptoKitties CTO, Dieter Shirley, for a discussion about the surprises and challenges they faced when building CryptoKitties and developing on the Ethereum blockchain.

May 09, 2018 The Evolving Architecture of the Web

Speaker:  Nick Sullivan (Cloudflare)

Abstract:  The encrypted web is built on top of a few simple protocols: HTTP, TLS, and DNS. These protocols were written with some fundamental assumptions about the architecture of the internet in mind, like the idea that different IP addresses correspond to separate physical machines. However, some of these assumptions are changing, and changing quickly. The popularity of technologies like IP anycast, Layer 4 load balancing, and the consolidation of massive portions of the web behind a small set of reverse proxy services mean that the architecture of the web today is very different than what is taught in computer networking classes. In this talk, I will examine some of the impacts of these changes and how internet standards such as HTTP/2 are being adapted to take advantage of the new architecture. I will also debate the tradeoffs between the complexity added by these changes and the privacy and latency benefits they provide to users of the web.

May 16, 2018 How I learnt to play in the CSP Sandbox

Speaker:  Devdatta Akhawe (Dropbox)

Abstract:  The typical way to isolate untrusted components on the web is to run them in an isolated domain. While very secure, "" is not the best place to host a lot of content like help center, forums, marketing pages. It looks bad and has a bunch of administrative overhead. Instead, an alternative is to use the CSP sandbox directive to isolate untrusted components in the "null" origin but still serve them from your main site. This is a lot easier to deploy and provides a powerful mitigation. This talk will cover how we deployed a CMS on without increasing our XSS risk; some interesting corner cases to think about; and a discussion on upcoming primitives like Suborigins that will make all of this a lot easier.

May 23, 2018 No talk Oakland Conference

May 30, 2018 Zether, confidentiality in a smart contract world

Speaker:  Benedikt Bünz

Abstract:  Ethereum is one of the most popular cryptocurrencies with market capitalization second only to Bitcoin. Unlike Bitcoin and many related currencies, it natively supports \emph{smart contracts} -- an arbitrary piece of code that sits on the blockchain and facilitates fine-grained control over distribution of assets. Unfortunately, as of today, there is no fully-decentralized way to conduct transactions privately on such a powerful platform. In this paper, we propose \emph{Zether}, a private payment mechanism that is fully compatible with Ethereum and can provide both confidentiality (by hiding payment amounts) and anonymity (by hiding the identities of senders and recipients) to Ethereum smart contracts. In our design, we take an account-based approach similar to Ethereum for efficiency and usability. Such a model raises several interesting challenges not encountered in the UTXO model, Bitcoin's model of transactions. We show how to handle these challenges by adding only a small transaction overhead to existing smart contracts. We implement Zether as an Ethereum smart contract using the elliptic-curve cryptography operations natively supported by Ethereum, and show the practicality of our design by measuring the amount of \emph{gas} used by the Zether contract. We finally demonstrate the versatility of Zether by showing how it can add provable privacy to common applications such as sealed-bid auctions, payment channels, etc.

June 06, 2018 Certified Robustness to Adversarial Examples with Differential Privacy

Speaker:  Mathias Lécuyer

Abstract:  Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interrest,with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best-effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to norm-bounded attacks, but they either do not scale to large datasets or are limited in the types of models they can support. In this talk, we present a novel connection between robustness against adversarial examples and differential privacy, which allows us to build the first certified defense that both scales to large networks and datasets (such as Google’s Inception network for ImageNet) and applies broadly to arbitrary model types

June 13, 2018 Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware

Speaker:  Florian Tramer

Abstract:  As Machine Learning (ML) gets applied to security-critical or sensitive domains, there is a growing need for integrity and privacy guarantees for ML computations running in untrusted environments. A pragmatic solution comes from Trusted Execution Environments, which use hardware and software protections to isolate sensitive computations from the untrusted software stack. However, these isolation guarantees come at a price in performance, compared to untrusted alternatives. This paper initiates the study of high performance execution of Deep Neural Networks (DNNs) in trusted environments by efficiently partitioning computations between trusted and untrusted devices. Building upon a simple secure outsourcing scheme for matrix multiplication, we propose Slalom, a framework that outsources execution of all linear layers in a DNN from any trusted environment (e.g., SGX, TrustZone or Sanctum) to a faster co-located device. We evaluate Slalom by executing DNNs in an Intel SGX enclave, which selectively outsources work to an untrusted GPU. For two canonical DNNs, VGG16 and MobileNet, we obtain 20x and 6x increases in throughput for verifiable inference, and 10x and 3.5x for verifiable and private inference.

Joint work with:  Dan Boneh