Dan Boneh
YOU?
Author Swipe
View article: Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing
Comparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testing Open
We present the first comprehensive evaluation of AI agents against human cybersecurity professionals in a live enterprise environment. We evaluate ten cybersecurity professionals alongside six existing AI agents and ARTEMIS, our new agent …
View article: ZeroOS: A Universal Modular Library OS for zkVMs
ZeroOS: A Universal Modular Library OS for zkVMs Open
zkVMs promise general-purpose verifiable computation through ISA-level compatibility with modern programs and toolchains. However, compatibility extends further than just the ISA; modern programs often cannot run or even compile without an…
View article: Context-Dependent Threshold Decryption and Its Applications
Context-Dependent Threshold Decryption and Its Applications Open
View article: BountyBench: Dollar Impact of AI Agent Attackers and Defenders on Real-World Cybersecurity Systems
BountyBench: Dollar Impact of AI Agent Attackers and Defenders on Real-World Cybersecurity Systems Open
AI agents have the potential to significantly alter the cybersecurity landscape. Here, we introduce the first framework to capture offensive and defensive cyber-capabilities in evolving real-world systems. Instantiating this framework with…
View article: ExpProof : Operationalizing Explanations for Confidential Models with ZKPs
ExpProof : Operationalizing Explanations for Confidential Models with ZKPs Open
In principle, explanations are intended as a way to increase trust in machine learning models and are often obligated by regulations. However, many circumstances where these are demanded are adversarial in nature, meaning the involved part…
View article: Kite: How to Delegate Voting Power Privately
Kite: How to Delegate Voting Power Privately Open
Ensuring the privacy of votes in an election is crucial for the integrity of a democratic process. Often, voting power is delegated to representatives (e.g., in congress) who subsequently vote on behalf of voters on specific issues. This d…
View article: zkPi: Proving Lean Theorems in Zero-Knowledge
zkPi: Proving Lean Theorems in Zero-Knowledge Open
View article: Cryptography and Computer Security: A View From the Year 2100
Cryptography and Computer Security: A View From the Year 2100 Open
View article: Cybench: A Framework for Evaluating Cybersecurity Capabilities and Risks of Language Models
Cybench: A Framework for Evaluating Cybersecurity Capabilities and Risks of Language Models Open
Language Model (LM) agents for cybersecurity that are capable of autonomously identifying vulnerabilities and executing exploits have potential to cause real-world impact. Policymakers, model providers, and researchers in the AI and cybers…
View article: Divisible E-Cash for Billing in Private Ad Retargeting
Divisible E-Cash for Billing in Private Ad Retargeting Open
This paper presents new techniques for private billing in systems for privacy-preserving online advertising. In particular, we show how an ad exchange can use an e-cash scheme to bill advertisers for ad impressions without learning which c…
View article: A Survey of Two Verifiable Delay Functions Using Proof of Exponentiation
A Survey of Two Verifiable Delay Functions Using Proof of Exponentiation Open
A verifiable delay function (VDF) is an important tool used for adding delay in decentralized applications. This paper surveys and compares two beautiful verifiable delay functions, one due to Pietrzak, and the other due to Wesolowski, In …
View article: Optimistic Verifiable Training by Controlling Hardware Nondeterminism
Optimistic Verifiable Training by Controlling Hardware Nondeterminism Open
The increasing compute demands of AI systems have led to the emergence of services that train models on behalf of clients lacking necessary resources. However, ensuring correctness of training and guarding against potential training-time a…
View article: FairProof : Confidential and Certifiable Fairness for Neural Networks
FairProof : Confidential and Certifiable Fairness for Neural Networks Open
Machine learning models are increasingly used in societal applications, yet legal and privacy concerns demand that they very often be kept confidential. Consequently, there is a growing distrust about the fairness properties of these model…
View article: R-Pool and Settlement Markets for Recoverable ERC-20R Tokens
R-Pool and Settlement Markets for Recoverable ERC-20R Tokens Open
ERC-20R is a wrapper around ERC-20 that supports asset recovery within a limited time window after an asset is transferred. It is designed to reduce theft and losses on the blockchain by allowing a victim to recover their stolen or lost as…
View article: Open Problems in DAOs
Open Problems in DAOs Open
Decentralized autonomous organizations (DAOs) are a new, rapidly-growing class of organizations governed by smart contracts. Here we describe how researchers can contribute to the emerging science of DAOs and other digitally-constituted or…
View article: Vector Commitments with Efficient Updates
Vector Commitments with Efficient Updates Open
Dynamic vector commitments that enable local updates of opening proofs have applications ranging from verifiable databases with membership changes to stateless clients on blockchains. In these applications, each user maintains a relevant s…
View article: Do Users Write More Insecure Code with AI Assistants?
Do Users Write More Insecure Code with AI Assistants? Open
We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an…
View article: zkBridge
zkBridge Open
Blockchains have seen growing traction with cryptocurrencies reaching a market cap of over 1 trillion dollars, major institution investors taking interests, and global impacts on governments, businesses, and individuals.
View article: zkBridge: Trustless Cross-chain Bridges Made Practical
zkBridge: Trustless Cross-chain Bridges Made Practical Open
Blockchains have seen growing traction with cryptocurrencies reaching a market cap of over 1 trillion dollars, major institution investors taking interests, and global impacts on governments, businesses, and individuals. Also growing signi…
View article: Memory Tagging: A Memory Efficient Design
Memory Tagging: A Memory Efficient Design Open
ARM recently introduced a security feature called Memory Tagging Extension or MTE, which is designed to defend against common memory safety vulnerabilities, such as buffer overflow and use after free. In this paper, we examine three aspect…
View article: Cryptoeconomic Security for Data Availability Committees
Cryptoeconomic Security for Data Availability Committees Open
Layer 2 systems have received increasing attention due to their potential to scale the throughput of L1 blockchains. To avoid the cost of putting data on chain, these systems increasingly turn to off-chain data availability solutions such …
View article: ERC-20R and ERC-721R: Reversible Transactions on Ethereum
ERC-20R and ERC-721R: Reversible Transactions on Ethereum Open
Blockchains are meant to be persistent: posted transactions are immutable and cannot be changed. When a theft takes place, there are limited options for reversing the disputed transaction, and this has led to significant losses in the bloc…
View article: Strong Anonymity for Mesh Messaging
Strong Anonymity for Mesh Messaging Open
Messaging systems built on mesh networks consisting of smartphones communicating over Bluetooth have been used by protesters around the world after governments have disrupted Internet connectivity. Unfortunately, existing systems have been…
View article: Clarion: Anonymous Communication from Multiparty Shuffling Protocols
Clarion: Anonymous Communication from Multiparty Shuffling Protocols Open
This paper studies the role of multiparty shuffling protocols in enabling more efficient metadatahiding communication.We show that the process of shuffling messages can be expedited by having servers collaboratively shuffle and verify secr…
View article: Secure Complaint-Enabled Source-Tracking for Encrypted Messaging
Secure Complaint-Enabled Source-Tracking for Encrypted Messaging Open
While the end-to-end encryption properties of popular messaging schemes such as Whatsapp, Messenger, and Signal guarantee privacy for users, these properties also make it very difficult for messaging platforms to enforce any sort of conten…
View article: Attacks on Onion Discovery and Remedies via Self-Authenticating Traditional Addresses
Attacks on Onion Discovery and Remedies via Self-Authenticating Traditional Addresses Open
Onion addresses encode their own public key. They are thus\nself-authenticating, one of the security and privacy advantages of onion\nservices, which are typically accessed via Tor Browser. Because of the mostly\nrandom-looking appearance …
View article: Empirical Measurements on Pricing Oracles and Decentralized Governance for Stablecoins
Empirical Measurements on Pricing Oracles and Decentralized Governance for Stablecoins Open
Stablecoins are designed to address the volatility of crypto assets by maintaining a peg to a non-volatile currency such as the US Dollar.Decentralized Stablecoins that maintain their collateral on-chain need a pricing oracle to determine …
View article: Lightweight Techniques for Private Heavy Hitters
Lightweight Techniques for Private Heavy Hitters Open
This paper presents Poplar, a new system for solving the private heavy-hitters problem. In this problem, there are many clients and a small set of data-collection servers. Each client holds a private bitstring. The servers want to recover …
View article: Supersingular curves with small noninteger endomorphisms
Supersingular curves with small noninteger endomorphisms Open
We introduce a special class of supersingular curves over ކ p 2 , characterized by the existence of noninteger endomorphisms of small degree.We prove a number of properties about this set.Most notably, we can partition this set into subs…
View article: Differentially Private Learning Needs Better Features (or Much More Data)
Differentially Private Learning Needs Better Features (or Much More Data) Open
We demonstrate that differentially private machine learning has not yet reached its "AlexNet moment" on many canonical vision tasks: linear models trained on handcrafted features significantly outperform end-to-end deep neural networks for…