Project Fromager: $12M Project to Apply Zero-Knowledge Proofs to Software Assurance

A zero-knowledge proof (ZKP) is a mathematical tool that provides irrefutable proof of a claim’s validity, without revealing anything else about the claim or the data used to prove it.

Today, the application of ZKPs often gravitates towards cryptocurrency transactions, where they can be used to prove that a transaction is valid without revealing details such as the source, destination, or amount of a transaction. However, the current state of the art in ZKPs is limited to handling such small proofs. Because of this limitation, a broader application of zero-knowledge proofs has yet to emerge. At Galois, we remain focused on using ZKPs for far more complex proof statements and, importantly, for practical government and commercial use cases.  

Toward that aim, we are excited to announce today our new $12.6 million zero-knowledge proof contract with the U.S. Defense Advanced Research Projects Agency (DARPA) as part of the Securing Information for Encrypted Verification and Evaluation (SIEVE) program. We’re thrilled to be able to participate in this opportunity to enhance information security and trusted computing.

Project Fromager

Our SIEVE project, Fromager, seeks to scale ZKPs to support complex proof statements, such as proving that a vulnerability exists without revealing what the vulnerability is, or proving that software satisfies safety guarantees without revealing the proof of safety. 

The project aims to initially address two key research challenges: 1) how might we best construct a formal proof statement that a software program has a vulnerability – which is complicated to determine, and 2) how might we efficiently convert this proof statement into a zero-knowledge proof. This means transitioning from “I know this program has a vulnerability but I’m not going to tell you what it is” to a proof that tells you nothing except the fact there is a vulnerability.

Fromager also seeks to tackle another challenge with ZKPs – scalability. Zero-knowledge proofs are constructed by one party – the prover – and then transmitted to and verified by another party – the verifier. Prior work in efficient ZKPs has largely focused on minimizing both the cost to verify proofs and the cost to transmit the proofs, as these are vital in cryptocurrency applications. However, these requirements come at the cost of increased effort on the part of the prover. By moving some computation onto the verifier, we aim to reduce prover complexity and through that reduce the overall computation time, as well as enable proofs to be created for more complex proof statements. Delivering on this scalability requires new techniques and technologies that our team aims to explore with Fromager.

Zero-Knowledge Proofs for Vulnerability Disclosure

ZKPs have a wide variety of potential uses. For example, if you hire a cloud server to run a program for you, how do you know for certain that it provided a genuine answer, or ran your program at all? How do you know that your medical data, when analyzed by a neural network, produced the answer that the service provider actually gave you? This area of threat mitigation – often called computational integrity assurance – will continue to grow in importance as we rely more and more on computation done on machines and software not under our direct control. 

With Project Fromager, one setting where we imagine a critical role for zero-knowledge proofs is in fostering a better relationship between software companies and security researchers/public watchdogs.  Consider the benefit if a researcher could offer irrefutable proof that a vulnerability exists, without revealing its details in a way that would allow bad actors to exploit it until a patch is made available. With Project Fromager and under this ZKP scenario, a researcher/watchdog could publish a zero-knowledge proof that a vulnerability exists in an ethical way – without revealing how it was done, but with the vulnerability being verifiable. That way, the software firm is motivated to act to fix it, and there is less room for misunderstandings.

In government, it has always been difficult to verify cyber vulnerabilities and operations without surrendering sensitive information. If there is a piece of software being used for cybersecurity, a DoD user, for example, would like to know that it is provably secure from one or a class of vulnerabilities. The problem: that the user may not have security clearance to view the source code. With zero-knowledge proofs, the user can rely confidently on that software without needing clearance to inspect the relevant security proof. 

Fromager will deliver practical zero-knowledge capabilities, including the abilities to (1) prove that vulnerabilities exist in critical software without revealing how they are caused; and (2) assess properties of cyberspace operations capabilities without needing to access source code.

Fromager is led by Galois, with research contributions from faculty at Katholieke Universiteit. Leuven (Belgium), Aarhus University (Denmark), Columbia University (USA), and researchers at QEDIT Corporation (Israel). Fromager leverages standardization efforts in the zero-knowledge proof community to help define interfaces among SIEVE program performers. 

To learn more about our work on SIEVE, visit the Fromager project page.

“Distribution Statement “A” (Approved for Public Release, Distribution Unlimited)”