Visible to the public Biblio

Filters: Author is Narayanan, Viswesh  [Clear All Filters]
2017-10-03
Luu, Loi, Narayanan, Viswesh, Zheng, Chaodong, Baweja, Kunal, Gilbert, Seth, Saxena, Prateek.  2016.  A Secure Sharding Protocol For Open Blockchains. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :17–30.

Cryptocurrencies, such as Bitcoin and 250 similar alt-coins, embody at their core a blockchain protocol –- a mechanism for a distributed network of computational nodes to periodically agree on a set of new transactions. Designing a secure blockchain protocol relies on an open challenge in security, that of designing a highly-scalable agreement protocol open to manipulation by byzantine or arbitrarily malicious nodes. Bitcoin's blockchain agreement protocol exhibits security, but does not scale: it processes 3–7 transactions per second at present, irrespective of the available computation capacity at hand. In this paper, we propose a new distributed agreement protocol for permission-less blockchains called ELASTICO. ELASTICO scales transaction rates almost linearly with available computation for mining: the more the computation power in the network, the higher the number of transaction blocks selected per unit time. ELASTICO is efficient in its network messages and tolerates byzantine adversaries of up to one-fourth of the total computational power. Technically, ELASTICO uniformly partitions or parallelizes the mining network (securely) into smaller committees, each of which processes a disjoint set of transactions (or "shards"). While sharding is common in non-byzantine settings, ELASTICO is the first candidate for a secure sharding protocol with presence of byzantine adversaries. Our scalability experiments on Amazon EC2 with up to \$1, 600\$ nodes confirm ELASTICO's theoretical scaling properties.

2017-09-19
Shinde, Shweta, Chua, Zheng Leong, Narayanan, Viswesh, Saxena, Prateek.  2016.  Preventing Page Faults from Telling Your Secrets. Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security. :317–328.

New hardware primitives such as Intel SGX secure a user-level process in presence of an untrusted or compromised OS. Such "enclaved execution" systems are vulnerable to several side-channels, one of which is the page fault channel. In this paper, we show that the page fault side-channel has sufficient channel capacity to extract bits of encryption keys from commodity implementations of cryptographic routines in OpenSSL and Libgcrypt – leaking 27% on average and up to 100% of the secret bits in many case-studies. To mitigate this, we propose a software-only defense that masks page fault patterns by determinising the program's memory access behavior. We show that such a technique can be built into a compiler, and implement it for a subset of C which is sufficient to handle the cryptographic routines we study. This defense when implemented generically can have significant overhead of up to 4000X, but with help of developer-assisted compiler optimizations, the overhead reduces to at most 29.22% in our case studies. Finally, we discuss scope for hardware-assisted defenses, and show one solution that can reduce overheads to 6.77% with support from hardware changes.