区块链论文速读A会-PLDI 2024 如何高效地编译大型全同态加密程序

本文链接：https://blog.csdn.net/u013288190/article/details/140731538

Conference：ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

CCF level：CCF A

Categories：Software Engineering/System Software/Programming Languages

Year：2024

Conference time：Mon 24 - Fri 28 June 2024

Title:

Consolidating Smart Contracts with Behavioral Contracts

将智能合约与行为合约整合起来

Authors:

Key words:

smart contracts, behavioral contracts, specification, runtime verification

智能合约，行为合约，规范，运行时验证

Abstract:

Ensuring the reliability of smart contracts is of vital importance due to the wide adoption of smart contract programs in decentralized financial applications. However, statically checking many rich properties of smart contract programs can be challenging. On the other hand, dynamic validation approaches have shown promise for widespread adoption in practice. Nevertheless, as part of the programming environment for smart contracts, existing dynamic validation approaches have not provided programmers with a notion to clearly articulate the interface between components, especially for addresses representing opaque contract instances. We argue that the “design-by-contract” approach should complement the development of smart contract programs. Unfortunately, there is only limited linguistic support for that in existing smart contract languages. In this paper, we design a Solidity language extension ConSol that supports behavioral contracts. ConSol provides programmers with a modular specification and monitoring system for both functional and latent address behaviors. The key capability of ConSol is to attach specifications to first-class addresses and monitor violations when invoking these addresses. We evaluate ConSol using 20 real-world cases, demonstrating its effectiveness in expressing critical conditions and preventing attacks. Additionally, we assess ConSol’s efficiency and compare gas consumption with manually inserted assertions, showing that our approach introduces only marginal gas overhead. By separating specifications and implementations using behavioral contracts, ConSol assists programmers in writing smart contract code that is more robust and readable.

由于智能合约程序在去中心化金融应用中被广泛采用，因此确保智能合约的可靠性至关重要。但是，静态检查智能合约程序的许多丰富属性可能具有挑战性。另一方面，动态验证方法已显示出在实践中被广泛采用的前景。然而，作为智能合约编程环境的一部分，现有的动态验证方法并没有为程序员提供清晰阐明组件之间接口的概念，尤其是对于代表不透明合约实例的地址。我们认为“按合约设计”方法应该补充智能合约程序的开发。不幸的是，现有的智能合约语言对此的语言支持有限。在本文中，我们设计了一个支持行为合约的 Solidity 语言扩展 ConSol。ConSol 为程序员提供了一个模块化规范和监控系统，用于功能和潜在地址行为。ConSol 的关键功能是将规范附加到一流地址并在调用这些地址时监控违规行为。我们使用 20 个真实案例评估 ConSol，证明了其在表达关键条件和防止攻击方面的有效性。此外，我们评估了 ConSol 的效率，并将 gas 消耗与手动插入的断言进行了比较，结果表明我们的方法只引入了少量的 gas 开销。通过使用行为合约分离规范和实现，ConSol 可帮助程序员编写更强大、更易读的智能合约代码。

（a）存在只读重入漏洞的源代码，第 7 行是使用 require 进行修复，确保价格波动在 5% 以内。

（b）使用 ConSol 规范（第 1-6 行）进行修复，将规范与业务逻辑分离。

图 1. 对带有断言的 Sturdy（简化）源代码和 ConSol 规范的修复进行比较，可读性和可维护性增强。

图 2 展示了𝜆ConSol 的抽象语法，对 Solidity 的基本部分进行了建模。

图 3 通过将规范注释的程序转换为普通程序来定义规范的语义。此过程会在适当的时候协调并插入断言。我们分别使用语法制导翻译函数 F[·]、S[·]、E[·]来定义函数、语句和表达式的翻译。

为了翻译带注释的函数 𝑓 ，ConSol 生成了一个中间层来协调运行时检查（图 4）。主要工作在 𝑓guard 中执行，它检查前置条件和后置条件，将规范（来自 where 子句）附加到地址值，并调用实际函数 𝑓worker，其主体被递归翻译。我们还重写了 𝑓 的调用站点，以便调用 𝑓guard。𝑓𝑝𝑟𝑒 和 𝑓𝑝𝑜𝑠𝑡 分别强制执行前置条件和后置条件，并在违反条件时中止调用。

图 7. Umbrella 的简化代码。已修补的 ConSol 规范以蓝色突出显示，消除了低级断言（红色）。修复错误的附加条件以下划线标出。

Pdf link:

https://dl.acm.org/doi/10.1145/3656416

Title:

A Tensor Compiler with Automatic Data Packing for Simple and Efficient Fully Homomorphic Encryption

具有自动数据打包功能的张量编译器，用于简单高效的全同态加密

Authors:

Key words:

fully homomorphic encryption, tensors, automatic bootstrapping

完全同态加密、张量、自动引导

Abstract:

Fully Homomorphic Encryption (FHE) enables computing on encrypted data, letting clients securely offload computation to untrusted servers. While enticing, FHE has two key challenges that limit its applicability: it has high performance overheads (10,000× over unencrypted computation) and it is extremely hard to program. Recent hardware accelerators and algorithmic improvements have reduced FHE’s overheads and enabled large applications to run under FHE. These large applications exacerbate FHE’s programmability challenges. Writing FHE programs directly is hard because FHE schemes expose a restrictive, low-level interface that prevents abstraction and composition. Specifically, FHE requires packing encrypted data into large vectors (tens of thousands of elements long), FHE provides limited operations on these vectors, and values have noise that grows with each operation, which creates unintuitive performance tradeoffs. As a result, translating large applications, like neural networks, into efficient FHE circuits takes substantial tedious work. We address FHE’s programmability challenges with the Fhelipe FHE compiler. Fhelipe exposes a simple, numpy-style tensor programming interface, and compiles high-level tensor programs into efficient FHE circuits. Fhelipe’s key contribution is automatic data packing, which chooses data layouts for tensors and packs them into ciphertexts to maximize performance. Our novel framework considers a wide range of layouts and optimizes them analytically. This lets compile large FHE programs efficiently, unlike prior FHE compilers, which either use inefficient layouts or do not scale beyond tiny programs. We evaluate on both a state-of-the-art FHE accelerator and a CPU. is the first compiler that matches or exceeds the performance of large hand-optimized FHE applications, like deep neural networks, and outperforms a state-of-the-art FHE compiler by gmean 18.5. At the same time, dramatically simplifies programming, reducing code size by 10–48.

全同态加密 (FHE) 支持对加密数据进行计算，让客户端安全地将计算转移到不受信任的服务器上。虽然很诱人，但 FHE 有两个关键挑战限制了它的适用性：它具有高性能开销（比未加密计算高 10,000 倍）并且编程极其困难。最近的硬件加速器和算法改进降低了 FHE 的开销，并使大型应用程序能够在 FHE 下运行。这些大型应用程序加剧了 FHE 的可编程性挑战。直接编写 FHE 程序很困难，因为 FHE 方案公开了一个限制性的低级接口，阻止了抽象和组合。具体来说，FHE 需要将加密数据打包成大向量（数万个元素长），FHE 对这些向量提供的操作有限，并且值的噪声会随着每次操作而增长，这会造成不直观的性能权衡。因此，将大型应用程序（如神经网络）转换为高效的 FHE 电路需要大量繁琐的工作。我们利用 Fhelipe FHE 编译器解决了 FHE 的可编程性挑战。Fhelipe 公开了一个简单的 numpy 样式的张量编程接口，并将高级张量程序编译成高效的 FHE 电路。Fhelipe 的主要贡献是自动数据打包，它为张量选择数据布局并将其打包成密文以最大限度地提高性能。我们的新框架考虑了各种布局并对其进行了分析优化。这可以高效地编译大型 FHE 程序，而以前的 FHE 编译器要么使用低效的布局，要么无法扩展到微型程序之外。我们在最先进的 FHE 加速器和 CPU 上进行了评估。是第一个达到或超过大型手动优化的 FHE 应用程序（如深度神经网络）性能的编译器，并且比最先进的 FHE 编译器高出 gmean 18.5。同时，大大简化了编程，将代码大小减少了 10-48。

图 1. FHE 执行概述。FHE 计算是难以手动编写的电路。FHE 编译器会自动从高级程序生成 FHE 电路。

图 2. 噪声管理影响密文系数宽度 (𝑤)。缩小 𝑤 后的操作可减少噪声，而引导会产生低噪声、高 𝑤 的密文。

图 3. 由连续的 4×4 矩阵向量乘法组成的示例工作负载：(a) 𝐴 · 𝑥 = y。(b) 使用 𝑛=16 槽密文的 𝐴 · 𝑥 = y 的行主实现。生成的密文 y 具有间隙，消除这些间隙的成本很高。(c) 𝐵 · y= 𝑧 的列主实现，允许按原样使用 (a) 中的 y 密文。

表 1. 之前的 FHE 编译器存在关键限制。相比之下，Fhelipe 支持自动布局分配、自动引导放置、具有数百万个操作的程序以及基于张量的通用接口

Pdf link:

https://dl.acm.org/doi/10.1145/3656382

Title:

LiDO: Linearizable Byzantine Distributed Objects with Refinement-Based Liveness Proofs

LiDO：具有基于细化的活跃性证明的线性化拜占庭分布式对象

Authors:

Key words:

distributed systems, consensus protocols, byzantine fault-tolerance, safety, liveness, formal verification, refinement, proof assistants

分布式系统、共识协议、拜占庭容错、安全性、活性、形式化验证、细化、证明助手

Abstract:

Byzantine fault-tolerant state machine replication (SMR) protocols, such as PBFT, HotStuff, and Jolteon, are essential for modern blockchain technologies. However, they are challenging to implement correctly because they have to deal with any unexpected message from byzantine peers and ensure safety and liveness at all times. Many formal frameworks have been developed to verify the safety of SMR implementations, but there is still a gap in the verification of their liveness. Existing liveness proofs are either limited to the network level or do not cover popular partially synchronous protocols. We introduce LiDO, a consensus model that enables the verification of both safety and liveness of implementations through refinement. We observe that current consensus models cannot handle liveness because they do not include a pacemaker state. We show that by adding a pacemaker state to the LiDO model, we can express the liveness properties of SMR protocols as a few safety properties that can be easily verified by refinement proofs. Based on our LiDO model, we provide mechanized safety and liveness proofs for both unpipelined and pipelined Jolteon in Coq. This is the first mechanized liveness proof for a byzantine consensus protocol with non-trivial optimizations such as pipelining.

拜占庭容错状态机复制 (SMR) 协议（例如 PBFT、HotStuff 和 Jolteon）对于现代区块链技术至关重要。然而，它们很难正确实施，因为它们必须处理来自拜占庭对等点的任何意外消息，并始终确保安全性和活性。已经开发了许多正式框架来验证 SMR 实现的安全性，但在验证其活性方面仍然存在差距。现有的活性证明要么仅限于网络级别，要么不涵盖流行的部分同步协议。我们引入了 LiDO，这是一种共识模型，它可以通过细化来验证实现的安全性和活性。我们观察到，当前的共识模型无法处理活性，因为它们不包含起搏器状态。我们表明，通过在 LiDO 模型中添加起搏器状态，我们可以将 SMR 协议的活性属性表示为一些可以通过细化证明轻松验证的安全属性。基于我们的 LiDO 模型，我们为 Coq 中的非流水线和流水线 Jolteon 提供机械化安全性和活性证明。这是第一个针对拜占庭共识协议的机械化活性证明，其中包含流水线等非平凡优化。