Enforcing Language Semantics Using Proof-Carrying Data

Sound reasoning about the behavior of programs relies on program execution adhering to the language semantics. However, in a distributed computation, when a value is sent from one party to another, the receiver faces the question of whether the value is well-traced: could it have been produced by a computation that respects the language semantics? If not, then accepting the non-well-traced value may invalidate the receiver’s reasoning, leading to bugs or vulnerabilities. Proof-Carrying Data (PCD) is a recently-introduced cryptographic mechanism that allows messages in a distributed computation to be accompanied by proof that the message and the history leading to it complies with a specified predicate. Using PCD, a verifier can be convinced that the predicate held throughout the distributed computation, even in the presence of malicious parties, and at a verification cost that is independent of the size of the computation producing the value. Unfortunately, previous approaches to using PCD required tailoring a specialized predicate for each application, using an inconvenient formalism and with little methodological support. We connect these two threads by introducing a novel, PCD-based approach to enforcing language semantics in distributed computations. We show how to construct an object-oriented language runtime that ensures that objects received from potentially untrusted parties are well-traced with respect to a set of class definitions. Programmers can then soundly reason about program behavior, despite values received from untrusted parties, without needing to be aware of the underlying cryptographic techniques.

[1]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[2]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[3]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[4]  Bennet S. Yee,et al.  Native Client: A Sandbox for Portable, Untrusted x86 Native Code , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[5]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[6]  Ivan Damgård,et al.  Linear zero-knowledge—a note on efficient zero-knowledge proofs and arguments , 1997, STOC '97.

[7]  James Cheney,et al.  Region-based memory management in cyclone , 2002, PLDI '02.

[8]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[9]  Helger Lipmaa,et al.  Progression-Free Sets and Sublinear Pairing-Based Non-Interactive Zero-Knowledge Arguments , 2012, TCC.

[10]  Manish Mahajan,et al.  Proof carrying code , 2015 .

[11]  Eran Tromer,et al.  Proof-Carrying Data and Hearsay Arguments from Signature Cards , 2010, ICS.

[12]  Limin Jia,et al.  Evidence-Based Audit , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[13]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[14]  Matthias Felleisen,et al.  Correct blame for contracts: no more scapegoating , 2011, POPL '11.

[15]  K. Taira Proof of Theorem 1.3 , 2004 .

[16]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[17]  Proof-carrying data : Secure computation on untrusted platforms , 2022 .

[18]  David Walker,et al.  Fault-tolerant typed assembly language , 2007, PLDI '07.

[19]  James Cheney,et al.  Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.

[20]  Dinakar Dhurjati,et al.  Secure virtual architecture: a safe execution environment for commodity operating systems , 2007, SOSP.

[21]  Paul Valiant,et al.  Incrementally Verifiable Computation or Proofs of Knowledge Imply Time/Space Efficiency , 2008, TCC.

[22]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy code , 2002, POPL '02.

[23]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[24]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[25]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[26]  Andrew C. Myers,et al.  Untrusted hosts and confidentiality , 2001, SOSP.

[27]  Justin Thaler,et al.  Time-Optimal Interactive Proofs for Circuit Evaluation , 2013, CRYPTO.

[28]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[29]  Eli Ben-Sasson,et al.  On the concrete efficiency of probabilistically-checkable proofs , 2013, STOC '13.

[30]  Jonathan K. Millen,et al.  Principles of remote attestation , 2011, International Journal of Information Security.

[31]  Adam Chlipala,et al.  A certified type-preserving compiler from lambda calculus to assembly language , 2007, PLDI '07.

[32]  Joshua J. Bloch,et al.  Effective java™, second edition , 2008 .

[33]  Nir Bitansky,et al.  Succinct Non-Interactive Arguments via Linear Interactive Proofs , 2013, Journal of Cryptology.

[34]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[35]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[36]  Matthias Felleisen,et al.  Contracts for higher-order functions , 2002, ICFP '02.

[37]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Arguments for a von Neumann Architecture , 2013, IACR Cryptol. ePrint Arch..

[38]  Benjamin Goldberg,et al.  Escape analysis on lists , 1992, PLDI '92.

[39]  Thierry Coquand,et al.  The Calculus of Constructions , 1988, Inf. Comput..

[40]  Robert C. Seacord,et al.  The Cert Oracle Secure Coding Standard for Java , 2011 .

[41]  Adrian Perrig,et al.  Bootstrapping Trust in Modern Computers , 2011, Springer Briefs in Computer Science.

[42]  Jens Groth,et al.  Short Non-interactive Zero-Knowledge Proofs , 2010, ASIACRYPT.

[43]  Joseph Tassarotti,et al.  RockSalt: better, faster, stronger SFI for the x86 , 2012, PLDI.

[44]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[45]  Chung-Kil Hur,et al.  Biorthogonality, step-indexing and compiler correctness , 2009, ICFP.

[46]  Jeffrey S. Foster,et al.  Checking type safety of foreign function calls , 2005, PLDI '05.

[47]  Dinakar Dhurjati,et al.  SAFECode: enforcing alias analysis for weakly typed languages , 2005, PLDI '06.

[48]  R. Cramer,et al.  Linear Zero-Knowledgde. A Note on Efficient Zero-Knowledge Proofs and Arguments , 1996 .

[49]  Xavier Leroy,et al.  A Formally Verified Compiler Back-end , 2009, Journal of Automated Reasoning.

[50]  Adam Chlipala,et al.  A verified compiler for an impure functional language , 2010, POPL '10.

[51]  Andrew C. Myers,et al.  Using replication and partitioning to build secure distributed systems , 2003, 2003 Symposium on Security and Privacy, 2003..