Paper 2015/1243
Verifiable ASICs
Riad S. Wahby, Max Howald, Siddharth Garg, abhi shelat, and Michael Walfish
Abstract
A manufacturer of custom hardware (ASICs) can undermine the intended execution of that hardware; high-assurance execution thus requires controlling the manufacturing chain. However, a trusted platform might be orders of magnitude worse in performance or price than an advanced, untrusted platform. This paper initiates exploration of an alternative: using verifiable computation (VC), an untrusted ASIC computes proofs of correct execution, which are verified by a trusted processor or ASIC. In contrast to the usual VC setup, here the prover and verifier together must impose less overhead than the alternative of executing directly on the trusted platform. We instantiate this approach by designing and implementing physically realizable, area-efficient, high throughput ASICs (for a prover and verifier), in fully synthesizable Verilog. The system, called Zebra, is based on the CMT and Allspice interactive proof protocols, and required new observations about CMT, careful hardware design, and attention to architectural challenges. For a class of real computations, Zebra meets or exceeds the performance of executing directly on the trusted platform.
Note: An extended version of this paper is forthcoming.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Published elsewhere. IEEE Security & Privacy 2016
- Keywords
- trustworthy hardwareverifiable computation
- Contact author(s)
- rsw @ cs stanford edu
- History
- 2016-05-29: last of 3 revisions
- 2015-12-31: received
- See all versions
- Short URL
- https://ia.cr/2015/1243
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/1243, author = {Riad S. Wahby and Max Howald and Siddharth Garg and abhi shelat and Michael Walfish}, title = {Verifiable {ASICs}}, howpublished = {Cryptology {ePrint} Archive, Paper 2015/1243}, year = {2015}, url = {https://eprint.iacr.org/2015/1243} }