The Defense Advanced Research Projects Agency (DAPRA) is working on a computer science effort to address the security risks associated with reporting software vulnerabilities.
DARPA said Thursday that its Securing Information for Encrypted Verification and Evaluation (SIEVE) program will use zero-knowledge proofs (ZKP) to better protect exchanges of vulnerability information.
ZKPs refer to problem statements that analysts may use to mathematically explain software matters. The SIEVE effort aims to produce computer science theory and corresponding software that would simplify cryptography and boost the effectiveness of ZKPs.
A Galois-led team demonstrated ZKP's use in communicating a memory-safety vulnerability found in the Game Boy Advance device. The team combined different protocols and program analyses to evaluate ZKP statements.
Trail of Bits leads a second team to model architecture-level vulnerabilities as ZKP-compatible Boolean circuits.