Cryptology ePrint Archive: Report 2015/1243

Verifiable ASICs

Riad S. Wahby and Max Howald and Siddharth Garg and abhi shelat and Michael Walfish

Abstract: A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In contrast to the usual VC setup, here the prover and verifier together must impose less overhead than the alternative of executing directly on the trusted platform. We instantiate this approach by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT and Allspice interactive proof protocols, and required new observations about CMT, careful hardware design, and attention to architectural challenges. For a class of real computations, Zebra meets or exceeds the performance of executing directly on the trusted platform.

Category / Keywords: implementation / trustworthy hardware, verifiable computation

Original Publication (in the same form): IEEE Security & Privacy 2016

Date: received 30 Dec 2015, last revised 29 May 2016

Contact author: rsw at cs stanford edu

Available format(s): PDF | BibTeX Citation

Note: An extended version of this paper is forthcoming.

Version: 20160529:145706 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]