Paper 2015/1243

Verifiable ASICs

Riad S. Wahby, Max Howald, Siddharth Garg, abhi shelat, and Michael Walfish


A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In contrast to the usual VC setup, here the prover and verifier together must impose less overhead than the alternative of executing directly on the trusted platform. We instantiate this approach by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT and Allspice interactive proof protocols, and required new observations about CMT, careful hardware design, and attention to architectural challenges. For a class of real computations, Zebra meets or exceeds the performance of executing directly on the trusted platform.

Note: An extended version of this paper is forthcoming.

Available format(s)
Publication info
Published elsewhere. IEEE Security & Privacy 2016
trustworthy hardwareverifiable computation
Contact author(s)
rsw @ cs stanford edu
2016-05-29: last of 3 revisions
2015-12-31: received
See all versions
Short URL
Creative Commons Attribution


      author = {Riad S.  Wahby and Max Howald and Siddharth Garg and abhi shelat and Michael Walfish},
      title = {Verifiable ASICs},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1243},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.