{"id":"https://openalex.org/W4412577907","doi":"https://doi.org/10.1145/3747589","title":"Cheesecloth: Zero-Knowledge Proofs of Real-World Vulnerabilities","display_name":"Cheesecloth: Zero-Knowledge Proofs of Real-World Vulnerabilities","publication_year":2025,"publication_date":"2025-07-22","ids":{"openalex":"https://openalex.org/W4412577907","doi":"https://doi.org/10.1145/3747589"},"language":"en","primary_location":{"id":"doi:10.1145/3747589","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3747589","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119044961","display_name":"Santiago Cu\u00e9llar Gempeler","orcid":null},"institutions":[{"id":"https://openalex.org/I4210140281","display_name":"Galois (United States)","ror":"https://ror.org/03g8y8161","country_code":"US","type":"company","lineage":["https://openalex.org/I4210140281"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Santiago Cu\u00e9llar Gempeler","raw_affiliation_strings":["Galois Inc","Galois Inc, Arlington, United States"],"affiliations":[{"raw_affiliation_string":"Galois Inc","institution_ids":["https://openalex.org/I4210140281"]},{"raw_affiliation_string":"Galois Inc, Arlington, United States","institution_ids":["https://openalex.org/I4210140281"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108648290","display_name":"Bill Harris","orcid":null},"institutions":[{"id":"https://openalex.org/I4210140281","display_name":"Galois (United States)","ror":"https://ror.org/03g8y8161","country_code":"US","type":"company","lineage":["https://openalex.org/I4210140281"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Bill Harris","raw_affiliation_strings":["Galois Inc","Galois Inc, Portland, United States"],"affiliations":[{"raw_affiliation_string":"Galois Inc","institution_ids":["https://openalex.org/I4210140281"]},{"raw_affiliation_string":"Galois Inc, Portland, United States","institution_ids":["https://openalex.org/I4210140281"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059759222","display_name":"James Parker","orcid":null},"institutions":[{"id":"https://openalex.org/I4210140281","display_name":"Galois (United States)","ror":"https://ror.org/03g8y8161","country_code":"US","type":"company","lineage":["https://openalex.org/I4210140281"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"James Parker","raw_affiliation_strings":["Galois Inc","Galois Inc, Arlington, United States"],"affiliations":[{"raw_affiliation_string":"Galois Inc","institution_ids":["https://openalex.org/I4210140281"]},{"raw_affiliation_string":"Galois Inc, Arlington, United States","institution_ids":["https://openalex.org/I4210140281"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067137617","display_name":"Stuart Pernsteiner","orcid":null},"institutions":[{"id":"https://openalex.org/I4210140281","display_name":"Galois (United States)","ror":"https://ror.org/03g8y8161","country_code":"US","type":"company","lineage":["https://openalex.org/I4210140281"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Stuart Pernsteiner","raw_affiliation_strings":["Galois Inc","Galois Inc, Portland, United States"],"affiliations":[{"raw_affiliation_string":"Galois Inc","institution_ids":["https://openalex.org/I4210140281"]},{"raw_affiliation_string":"Galois Inc, Portland, United States","institution_ids":["https://openalex.org/I4210140281"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5119044962","display_name":"Ian Sweet","orcid":null},"institutions":[{"id":"https://openalex.org/I4210140281","display_name":"Galois (United States)","ror":"https://ror.org/03g8y8161","country_code":"US","type":"company","lineage":["https://openalex.org/I4210140281"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ian Sweet","raw_affiliation_strings":["Galois Inc","Galois Inc, Arlington, United States"],"affiliations":[{"raw_affiliation_string":"Galois Inc","institution_ids":["https://openalex.org/I4210140281"]},{"raw_affiliation_string":"Galois Inc, Arlington, United States","institution_ids":["https://openalex.org/I4210140281"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5049555551","display_name":"Eran Tromer","orcid":"https://orcid.org/0000-0002-8884-9564"},"institutions":[{"id":"https://openalex.org/I111088046","display_name":"Boston University","ror":"https://ror.org/05qwgg493","country_code":"US","type":"education","lineage":["https://openalex.org/I111088046"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Eran Tromer","raw_affiliation_strings":["Boston University","Boston University, Boston, United States"],"affiliations":[{"raw_affiliation_string":"Boston University","institution_ids":[]},{"raw_affiliation_string":"Boston University, Boston, United States","institution_ids":["https://openalex.org/I111088046"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5119044961"],"corresponding_institution_ids":["https://openalex.org/I4210140281"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.08675892,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"28","issue":"4","first_page":"1","last_page":"35"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/mathematical-proof","display_name":"Mathematical proof","score":0.7854733467102051},{"id":"https://openalex.org/keywords/zero","display_name":"Zero (linguistics)","score":0.6458450555801392},{"id":"https://openalex.org/keywords/zero-knowledge-proof","display_name":"Zero-knowledge proof","score":0.5350770950317383},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.34541183710098267},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3436819612979889},{"id":"https://openalex.org/keywords/philosophy","display_name":"Philosophy","score":0.16928070783615112},{"id":"https://openalex.org/keywords/linguistics","display_name":"Linguistics","score":0.10384699702262878}],"concepts":[{"id":"https://openalex.org/C108710211","wikidata":"https://www.wikidata.org/wiki/Q11538","display_name":"Mathematical proof","level":2,"score":0.7854733467102051},{"id":"https://openalex.org/C2780813799","wikidata":"https://www.wikidata.org/wiki/Q3274237","display_name":"Zero (linguistics)","level":2,"score":0.6458450555801392},{"id":"https://openalex.org/C176329583","wikidata":"https://www.wikidata.org/wiki/Q191943","display_name":"Zero-knowledge proof","level":3,"score":0.5350770950317383},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.34541183710098267},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3436819612979889},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.16928070783615112},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.10384699702262878},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3747589","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3747589","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4630088254","display_name":null,"funder_award_id":"HR001120C0085","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"}],"funders":[{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W4180724","https://openalex.org/W1599026900","https://openalex.org/W1977764760","https://openalex.org/W1980227445","https://openalex.org/W1991837261","https://openalex.org/W1994135885","https://openalex.org/W2005525408","https://openalex.org/W2009911326","https://openalex.org/W2011112377","https://openalex.org/W2018746447","https://openalex.org/W2060692877","https://openalex.org/W2067700169","https://openalex.org/W2080132708","https://openalex.org/W2094873755","https://openalex.org/W2100818808","https://openalex.org/W2122049982","https://openalex.org/W2131135493","https://openalex.org/W2137628566","https://openalex.org/W2139594012","https://openalex.org/W2156858199","https://openalex.org/W2158126684","https://openalex.org/W2171337840","https://openalex.org/W2496543269","https://openalex.org/W2594206091","https://openalex.org/W2765206040","https://openalex.org/W2794536744","https://openalex.org/W2811026317","https://openalex.org/W2891063150","https://openalex.org/W2900152012","https://openalex.org/W2912568927","https://openalex.org/W2913465514","https://openalex.org/W2954594758","https://openalex.org/W2979933889","https://openalex.org/W2997326335","https://openalex.org/W3012999251","https://openalex.org/W3096740550","https://openalex.org/W3116737310","https://openalex.org/W3147459559","https://openalex.org/W3153302440","https://openalex.org/W3190538822","https://openalex.org/W3213926420","https://openalex.org/W3214538287","https://openalex.org/W4234172866","https://openalex.org/W4237990977","https://openalex.org/W4239788177","https://openalex.org/W4240038656","https://openalex.org/W4246338960","https://openalex.org/W4248162368","https://openalex.org/W4250728693","https://openalex.org/W4252481514","https://openalex.org/W4308469411","https://openalex.org/W4315746341","https://openalex.org/W4315779433","https://openalex.org/W4395960968","https://openalex.org/W4395962272","https://openalex.org/W4405181095"],"related_works":["https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W4391375266","https://openalex.org/W1870614684","https://openalex.org/W4394650907","https://openalex.org/W1970588133","https://openalex.org/W2022025391","https://openalex.org/W2163538620","https://openalex.org/W4406460655","https://openalex.org/W2952570804"],"abstract_inverted_index":{"Currently,":[0],"when":[1],"a":[2,6,15,77,80,144,173,202,211,223],"security":[3,46],"analyst":[4],"discovers":[5],"vulnerability":[7,21,33,78,88,108,204,227],"in":[8,79,115,152,189,200,205,215,228],"critical":[9,193],"software":[10,130],"system,":[11],"they":[12,75],"must":[13],"navigate":[14],"fraught":[16],"dilemma:":[17],"immediately":[18],"disclosing":[19,31],"the":[20,23,27,32,36,40,45,49,84,87,90,196,206,216],"to":[22,35,48,61,110,120,123,134],"public":[24,159],"could":[25,98],"harm":[26],"system\u2019s":[28],"users;":[29],"whereas":[30],"only":[34],"software\u2019s":[37],"vendor":[38,41],"lets":[39],"disregard":[42],"or":[43,89],"deprioritize":[44],"risk,":[47],"detriment":[50],"of":[51,58,86,186,225],"unwittingly-affected":[52],"users.":[53],"A":[54],"compelling":[55],"recent":[56],"line":[57],"work":[59],"aims":[60],"resolve":[62],"this":[63,97],"by":[64,101,154,182],"using":[65,172],"Zero":[66],"Knowledge":[67],"(ZK)":[68],"protocols":[69],"that":[70,74,92,127],"let":[71],"analysts":[72],"prove":[73],"know":[76],"program,":[81],"without":[82],"revealing":[83,162],"details":[85],"inputs":[91],"exploit":[93],"it.":[94],"In":[95,105],"principle,":[96],"be":[99],"achieved":[100],"generic":[102],"ZK":[103,107,153,184],"techniques.":[104],"practice,":[106],"proofs":[109,185],"date":[111],"have":[112],"been":[113],"restricted":[114],"scope":[116],"and":[117,133,168,222],"expressibility,":[118],"due":[119],"challenges":[121],"related":[122],"generating":[124,183],"proof":[125],"statements":[126],"model":[128],"real-world":[129],"at":[131],"scale":[132],"directly":[135],"formulating":[136],"violated":[137],"properties.":[138],"This":[139],"article":[140],"presents":[141],"Cheesecloth":[142,177],",":[143],"novel":[145,174],"proof-statement":[146],"compiler,":[147],"which":[148],"proves":[149],"practical":[150],"vulnerabilities":[151,188],"soundly-but-aggressively":[155],"preprocessing":[156],"programs":[157],"on":[158],"inputs,":[160],"selectively":[161],"information":[163,170,198],"about":[164],"executed":[165],"control":[166],"segments,":[167],"formalizing":[169],"leakage":[171,199],"storage-labeling":[175],"scheme.":[176],"\u2019s":[178],"practicality":[179],"is":[180],"demonstrated":[181],"well-known":[187],"(previous":[190],"versions":[191],"of)":[192],"software,":[194],"including":[195],"Heartbleed":[197],"OpenSSL,":[201],"memory":[203],"FFmpeg":[207],"multimedia":[208],"encoding":[209],"framework,":[210],"cryptographic":[212],"implementation":[213],"bug":[214],"Secure":[217],"Scuttlebutt":[218],"decentralised":[219],"social":[220],"network,":[221],"denial":[224],"service":[226],"OpenSSL.":[229]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}