Verifiable ASICs

A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware, high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In contrast to the usual VC setup, here the prover and verifier together must impose less overhead than the alternative of executing directly on the trusted platform. We instantiate this approach by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT and Allspice interactive proof protocols, and required new observations about CMT, careful hardware design, and attention to architectural challenges. For a class of real computations, Zebra meets or exceeds the performance of executing directly on the trusted platform.

[1]  Hanspeter Pfister,et al.  Verifiable Computation with Massively Parallel Interactive Proofs , 2012, HotCloud.

[2]  Hsien-Hsin S. Lee,et al.  Design and Analysis of 3D-MAPS (3D Massively Parallel Processor with Stacked Memory) , 2015, IEEE Transactions on Computers.

[3]  Michael Backes,et al.  ADSNARK: Nearly Practical and Privacy-Preserving Proofs on Authenticated Data , 2015, 2015 IEEE Symposium on Security and Privacy.

[4]  Swarup Bhunia,et al.  HARPOON: An Obfuscation-Based SoC Design Methodology for Hardware Protection , 2009, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[5]  Hsien-Hsin S. Lee,et al.  3D-MAPS: 3D Massively parallel processor with stacked memory , 2012, 2012 IEEE International Solid-State Circuits Conference.

[6]  Simha Sethumadhavan,et al.  Silencing Hardware Backdoors , 2011, 2011 IEEE Symposium on Security and Privacy.

[7]  Jarrod A. Roy,et al.  EPIC: Ending Piracy of Integrated Circuits , 2008, 2008 Design, Automation and Test in Europe.

[8]  Farinaz Koushanfar,et al.  A Unified Framework for Multimodal Submodular Integrated Circuits Trojan Detection , 2011, IEEE Transactions on Information Forensics and Security.

[9]  Christof Paar,et al.  Stealthy dopant-level hardware Trojans: extended version , 2013, Journal of Cryptographic Engineering.

[10]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Zero Knowledge for a von Neumann Architecture , 2014, USENIX Security Symposium.

[11]  Justin Thaler,et al.  A Note on the GKR Protocol , 2015 .

[12]  Sally Adee,et al.  The Hunt For The Kill Switch , 2008, IEEE Spectrum.

[13]  Alberto L. Sangiovanni-Vincentelli,et al.  Theory of latency-insensitive design , 2001, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[14]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them , 2015, Commun. ACM.

[15]  Thomas Vogelsang,et al.  Understanding the Energy Consumption of Dynamic Random Access Memories , 2010, 2010 43rd Annual IEEE/ACM International Symposium on Microarchitecture.

[16]  Andrew J. Blumberg Toward Practical and Unconditional Verification of Remote Computations , 2011, HotOS.

[17]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[18]  David A. Wagner,et al.  Defeating UCI: Building Stealthy and Malicious Hardware , 2011, 2011 IEEE Symposium on Security and Privacy.

[19]  Viktor K. Prasanna,et al.  Energy-efficient signal processing using FPGAs , 2003, FPGA '03.

[20]  Joe Kilian,et al.  A note on efficient zero-knowledge proofs and arguments (extended abstract) , 1992, STOC '92.

[21]  Carsten Lund,et al.  Algebraic methods for interactive proof systems , 1990, Proceedings [1990] 31st Annual Symposium on Foundations of Computer Science.

[22]  Benjamin Braun,et al.  Taking Proof-Based Verified Computation a Few Steps Closer to Practicality , 2012, USENIX Security Symposium.

[23]  Sungroh Yoon,et al.  A High-Performance Solid-State Disk with Double-Data-Rate NAND Flash Memory , 2015, ArXiv.

[24]  Massoud Pedram,et al.  Variability-aware design of energy-delay optimal linear pipelines operating in the near-threshold regime and above , 2013, GLSVLSI '13.

[25]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[26]  S. Yang,et al.  AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks , 2006, IEEE Journal of Solid-State Circuits.

[27]  C.L. Schow,et al.  Low-Power 16 x 10 Gb/s Bi-Directional Single Chip CMOS Optical Transceivers Operating at ≪ 5 mW/Gb/s/link , 2009, IEEE Journal of Solid-State Circuits.

[28]  Liming Chen,et al.  N-VERSION PROGRAMMINC: A FAULT-TOLERANCE APPROACH TO RELlABlLlTY OF SOFTWARE OPERATlON , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[29]  Leveraging High-Volume CMOS Manufacturing for MEMS-Based Frequency Control , 2013 .

[30]  Silvio Micali,et al.  Computationally Sound Proofs , 2000, SIAM J. Comput..

[31]  Shimizu Yuki,et al.  A Low-Power 64Gb MLC NAND-Flash Memory in 15nm CMOS Technology , 2015 .

[32]  Tim Güneysu,et al.  Implementing Curve25519 for Side-Channel--Protected Elliptic Curve Cryptography , 2015, ACM Trans. Reconfigurable Technol. Syst..

[33]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[34]  Bo-Cheng Lai,et al.  AES-based cryptographic and biometric security coprocessor IC in 0.18-/spl mu/m CMOS resistant to side-channel power analysis attacks , 2005, Digest of Technical Papers. 2005 Symposium on VLSI Circuits, 2005..

[35]  Benjamin Braun,et al.  Resolving the conflict between generality and plausibility in verified computation , 2013, EuroSys '13.

[36]  Franz Franchetti,et al.  Computer Generation of Hardware for Linear Digital Signal Processing Transforms , 2012, TODE.

[37]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[38]  Eli Ben-Sasson,et al.  Succinct Non-Interactive Arguments for a von Neumann Architecture , 2013, IACR Cryptol. ePrint Arch..

[39]  Christos A. Papachristou,et al.  MERO: A Statistical Approach for Hardware Trojan Detection , 2009, CHES.

[40]  Bevan M. Baas,et al.  A low-power, high-performance, 1024-point FFT processor , 1999, IEEE J. Solid State Circuits.

[41]  Siddharth Garg,et al.  Securing Computer Hardware Using 3D Integrated Circuit (IC) Technology and Split Manufacturing for Obfuscation , 2013, USENIX Security Symposium.

[42]  S. Burns,et al.  An SRAM Design in 65nm and 45nm Technology Nodes Featuring Read and Write-Assist Circuits to Expand Operating Voltage , 2006, 2006 Symposium on VLSI Circuits, 2006. Digest of Technical Papers..

[43]  Tim Güneysu,et al.  Efficient Elliptic-Curve Cryptography Using Curve25519 on Reconfigurable Devices , 2014, ARC.

[44]  Jon Howell,et al.  Geppetto: Versatile Verifiable Computation , 2015, 2015 IEEE Symposium on Security and Privacy.

[45]  Eran Tromer,et al.  Cluster Computing in Zero Knowledge , 2015, EUROCRYPT.

[46]  Eli Ben-Sasson,et al.  On the Concrete-Efficiency Threshold of Probabilistically-Checkable Proofs , 2012, Electron. Colloquium Comput. Complex..

[47]  Rafail Ostrovsky,et al.  Efficient Arguments without Short PCPs , 2007, Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07).

[48]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[49]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[50]  Farinaz Koushanfar,et al.  A Survey of Hardware Trojan Taxonomy and Detection , 2010, IEEE Design & Test of Computers.

[51]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[52]  Simha Sethumadhavan,et al.  FANCI: identification of stealthy malicious logic using boolean functional analysis , 2013, CCS.

[53]  C.M. Christensen,et al.  The New Economics of Semiconductor Manufacturing , 2008, IEEE Spectrum.

[54]  Swarup Bhunia,et al.  Towards Trojan-Free Trusted ICs: Problem Analysis and Detection Scheme , 2008, 2008 Design, Automation and Test in Europe.

[55]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[56]  Vishwani D. Agrawal,et al.  Essentials of electronic testing for digital, memory, and mixed-signal VLSI circuits [Book Review] , 2000, IEEE Circuits and Devices Magazine.

[57]  Benjamin Braun Compiling computations to constraints for verified computation , 2012 .

[58]  B. Hoefflinger ITRS: The International Technology Roadmap for Semiconductors , 2011 .

[59]  G. Carlson Trusted foundry: the path to advanced SiGe technology , 2005, IEEE Compound Semiconductor Integrated Circuit Symposium, 2005. CSIC '05..

[60]  Elaine Shi,et al.  TRUESET: Faster Verifiable Set Computations , 2014, USENIX Security Symposium.

[61]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them: from theoretical possibility to near-practicality , 2013, Electron. Colloquium Comput. Complex..

[62]  Alon Rosen,et al.  SWIFFTX : A Proposal for the SHA-3 Standard , 2008 .

[63]  Dick James,et al.  The State-of-the-Art in IC Reverse Engineering , 2009, CHES.

[64]  Zuocheng Ren,et al.  Efficient RAM and control flow in verifiable outsourced computation , 2015, NDSS.

[65]  Craig Gentry,et al.  Non-interactive Verifiable Computing: Outsourcing Computation to Untrusted Workers , 2010, CRYPTO.

[66]  Srinath T. V. Setty,et al.  A Hybrid Architecture for Interactive Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[67]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, 2013 IEEE Symposium on Security and Privacy.

[68]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[69]  Yael Tauman Kalai,et al.  Delegating computation: interactive proofs for muggles , 2008, STOC.

[70]  Christopher Batten,et al.  Building Manycore Processor-to-DRAM Networks with Monolithic Silicon Photonics , 2008, 2008 16th IEEE Symposium on High Performance Interconnects.

[71]  Tanja Lange,et al.  On the Practical Exploitability of Dual EC in TLS Implementations , 2014, USENIX Security Symposium.

[72]  Miodrag Potkonjak,et al.  Hardware Trojan horse benchmark via optimal creation and placement of malicious circuitry , 2012, DAC Design Automation Conference 2012.

[73]  Eran Tromer,et al.  Proof-Carrying Data and Hearsay Arguments from Signature Cards , 2010, ICS.

[74]  Marika Immonen Development of Optical Interconnect PCBs for High-Speed Electronic Systems - Fabricator's View , 2011 .

[75]  Miodrag Potkonjak,et al.  Malicious Circuitry Detection Using Thermal Conditioning , 2011, IEEE Transactions on Information Forensics and Security.

[76]  Steven Trimberger Trusted Design in FPGAs , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[77]  Yuri Terada,et al.  7.1 A low-power 64Gb MLC NAND-flash memory in 15nm CMOS technology , 2015, 2015 IEEE International Solid-State Circuits Conference - (ISSCC) Digest of Technical Papers.

[78]  Jie Li,et al.  At-speed delay characterization for IC authentication and Trojan Horse detection , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[79]  Benjamin Livshits,et al.  ZØ: An Optimizing Distributing Zero-Knowledge Compiler , 2014, USENIX Security Symposium.

[80]  Dengguo Feng,et al.  Side-Channel Attacks: Ten Years After Its Publication and the Impacts on Cryptographic Module Security Testing , 2005, IACR Cryptol. ePrint Arch..

[81]  Benjamin Braun,et al.  Verifying computations with state , 2013, IACR Cryptol. ePrint Arch..

[82]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[83]  Michael S. Hsiao,et al.  A region based approach for the identification of hardware Trojans , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[84]  Jarrod A. Roy,et al.  Ending Piracy of Integrated Circuits , 2010, Computer.

[85]  Justin Thaler,et al.  Time-Optimal Interactive Proofs for Circuit Evaluation , 2013, CRYPTO.

[86]  Rosario Gennaro,et al.  Efficiently Verifiable Computation on Encrypted Data , 2014, CCS.

[87]  Leonid A. Levin,et al.  Checking computations in polylogarithmic time , 1991, STOC '91.

[88]  Berk Sunar,et al.  Trojan Detection using IC Fingerprinting , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[89]  Katsuyuki Sakuma,et al.  Bonding technologies for chip level and wafer level 3D integration , 2014, 2014 IEEE 64th Electronic Components and Technology Conference (ECTC).

[90]  David Byrne,et al.  Offshoring and Price Measurement in the Semiconductor Industry ∗ , 2009 .

[91]  David Chaum,et al.  Minimum Disclosure Proofs of Knowledge , 1988, J. Comput. Syst. Sci..

[92]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[93]  Thomas A. DeMassa,et al.  Digital Integrated Circuits , 1985, 1985 IEEE GaAs IC Symposium Technical Digest.

[94]  Graham Cormode,et al.  Practical verified computation with streaming interactive proofs , 2011, ITCS '12.

[95]  Michael Backes,et al.  Verifiable delegation of computation on outsourced data , 2013, CCS.

[96]  Craig Gentry,et al.  Quadratic Span Programs and Succinct NIZKs without PCPs , 2013, IACR Cryptol. ePrint Arch..

[97]  Luca Henzen,et al.  Developing a Hardware Evaluation Method for SHA-3 Candidates , 2010, CHES.

[98]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[99]  Yiorgos Makris,et al.  Hardware Trojan detection using path delay fingerprint , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[100]  Srinath T. V. Setty,et al.  Making argument systems for outsourced computation practical (sometimes) , 2012, NDSS.

[101]  Adi Shamir,et al.  IP = PSPACE , 1992, JACM.

[102]  Michael S. Hsiao,et al.  Hardware Trojan Attacks: Threat Analysis and Countermeasures , 2014, Proceedings of the IEEE.

[103]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[104]  Azita Emami-Neyestanak,et al.  A 24-Gb/s Double-Sampling Receiver for Ultra-Low-Power Optical Communication , 2013, IEEE Journal of Solid-State Circuits.