-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add entropy to memory state to protect privacy #812
Conversation
a305994
to
a124a80
Compare
Benchmark for Linux-cuda 218ea35Click to hide benchmark
Benchmark for Linux-default 218ea35Click to hide benchmark
Benchmark for macOS-default 218ea35Click to hide benchmark
Benchmark for macOS-metal
|
In 0339977, I did some refactoring to how I did not finish this refactor, but I need to sign off a bit early today, so I am committing it to this branch as is until I can return to it on Monday. |
I'm actually heavily modifying SliceIo to make it work in a client/server context. At the moment I'd like for sys_random to remain separate because I have no plans of making random values come from the client. |
Ok, I'll revert these changes and create another way to address the immediate need of writing a test for this feature. |
…low hooking sys_random" This reverts commit 0339977.
Benchmark for Linux-cuda
Benchmark for Linux-default 5b20bcdClick to hide benchmark
Benchmark for macOS-default 5b20bcdClick to hide benchmark
Benchmark for macOS-metal
|
Benchmark for Linux-cuda
Benchmark for Linux-default 4607badClick to hide benchmark
Benchmark for macOS-default 4607badClick to hide benchmark
Benchmark for macOS-metal 4607badClick to hide benchmark
|
Benchmark for Linux-cuda 3548a14Click to hide benchmark
Benchmark for Linux-default 3548a14Click to hide benchmark
Benchmark for macOS-default 3548a14Click to hide benchmark
Benchmark for macOS-metal
|
Benchmark for Linux-cuda
Benchmark for Linux-default
Benchmark for macOS-default bd84a65Click to hide benchmark
Benchmark for macOS-metal bd84a65Click to hide benchmark
|
Benchmark for Linux-cuda 78d3695Click to hide benchmark
Benchmark for Linux-default
Benchmark for macOS-default 78d3695Click to hide benchmark
Benchmark for macOS-metal 78d3695Click to hide benchmark
|
@jbruestle, if you have a moment to look at this (and approve if it looks good) that would be helpful. It's a very small change in terms of lines of code. |
Benchmark for Linux-cuda
Benchmark for Linux-default
Benchmark for macOS-default b4c4a33Click to hide benchmark
Benchmark for macOS-metal b4c4a33Click to hide benchmark
|
Benchmark for Linux-cuda
Benchmark for Linux-default ece56a5Click to hide benchmark
Benchmark for macOS-default
Benchmark for macOS-metal ece56a5Click to hide benchmark
|
A Merkle root of the memory state is included in the
ReceiptMetadata
, and so is made public to the verifier. Without adding entropy, this leaks a commitment to the end memory state that may reveal information about the program state including inputs.This PR adds 128 bits of entropy, provided by the host, to the memory state on guest initialization to prevent this privacy leakage.