Abstract: Some embodiments of the invention provide a method for WAN (wide area network) optimization for a WAN that connects multiple sites, each of which has at least one router. At a gateway router deployed to a public cloud, the method receives from at least two routers at least two sites, multiple data streams destined for a particular centralized datacenter. The method performs a WAN optimization operation to aggregate the multiple streams into one outbound stream that is WAN optimized for forwarding to the particular centralized datacenter. The method then forwards the WAN-optimized data stream to the particular centralized datacenter.

Abstract: The disclosure provides an approach for data security. Embodiments include determining, by one or more garbling components running on one or more processing devices, first labels Ka0 and Ka1 representing values of 0 and 1 for a first input wire a of a gate g in a circuit, second labels Kb0 and Kb1 representing the values of 0 and 1 for a second input wire b of the gate g, and third labels Kc0 and Kc1 representing the values of 0 and 1 for an output wire c of the gate g. Embodiments include defining, by the one or more garbling components, four interpolation points based on Ka0, Ka1, Kb0, Kb1, Kc0, and Kc1 and determining, by the garbling component, using polynomial interpolation based on the four interpolation points, a polynomial Pg representing a garbled gate corresponding to gate g.

Abstract: Some embodiments provide a method for performing data message processing at a smart NIC of a computer that executes a software forwarding element (SFE). The method stores (i) a set of cache entries that the smart NIC uses to process a set of received data messages without providing the data messages to the SFE and (ii) rule updates used by the smart NIC to validate the cache entries. After a period of time, the method determines that the rule updates are incorporated into a data message processing structure of the SFE. Upon incorporating the rule updates, the method deletes from the smart NIC (i) the rule updates and (ii) at least a subset of the cache entries.

Abstract: Some embodiments provide a method for, at a network interface controller (NIC) of a computer, accessing data in a network. From the computer, the method receives a request to access data stored at a logical memory address. The method translates the logical memory address into a memory address of a particular network device storing the requested data. The method sends a data message to the particular network device to retrieve the requested data.

Abstract: Some embodiments provide a method for performing data message processing at a smart NIC of a computer that executes a software forwarding element (SFE). The method determines whether a received data message matches an entry in a data message classification cache stored on the smart NIC based on data message classification results of the SFE. When the data message matches an entry, the method determines whether the matched entry is valid by comparing a timestamp of the entry to a set of rules stored on the smart NIC. When the matched entry is valid, the method processes the data message according to the matched entry without providing the data message to the SFE executing on the computer.

Abstract: Some embodiments provide a method for transmitting data at a network interface controller (NIC) of a computer that operates as a server. The computer includes multiple storage devices. The method receives a request from a client device for a particular file. The method translates the particular file into a memory location corresponding to a particular one of the storage devices at the computer. The method transmits the requested file from the particular storage location to the client device.

Abstract: The disclosure provides an approach for anonymous access control. Embodiments include receiving, by a client device Ci of a plurality of client devices, from a server, a first table R comprising a plurality of rows. Each row R(j) of the plurality of rows corresponds to a client device Cj of the plurality of client devices. Each row R(j) comprises a public encryption key ekj corresponding to the client device Cj, a commitment cmj that is based on a token budget tj of the client device Cj and a random value rj, and a ciphertext ctj that is an encryption of the random value rj using the public encryption key ekj. Embodiments include generating, by the client device Ci, based on the table R, a new table R? comprising a new plurality of rows. Embodiments include sending R and R? to the server in association with a request.

Abstract: Some embodiments provide a method for sending data messages at a network interface controller (NIC) of a computer. From a network stack executing on the computer, the method receives (i) a header for a data message to send and (ii) a logical memory address of a payload for the data message. The method translates the logical memory address into a memory address for accessing a particular one of multiple devices connected to the computer. The method reads payload data from the memory address of the particular device. The method sends the data message with the header received from the network stack and the payload data read from the particular device.

Abstract: Some embodiments provide a method for performing distributed machine learning (ML) across multiple computers. At a smart network interface controller (NIC) of a first computer, the method receives a set of ML parameters from the first computer related to training an ML model. The method compresses the set of ML parameters based on a current state of a connection to a central computer that receives sets of ML parameters from a plurality of the computers. The method sends the compressed set of ML parameters to the central computer for the central computer to process the compressed set of ML parameters along with corresponding sets of ML parameters received from the other computers of the plurality of computers.

Abstract: Techniques for implementing distributed registration and authentication via threshold secret sharing and additively homomorphic encryption are provided. A threshold secret sharing scheme is a cryptographic method for sharing a secret among N parties in a manner that requires at least T+1 of the N parties to cooperate in order to reconstruct/reveal the secret, where T is some threshold value less than N. Additively homomorphic encryption is an encryption scheme that enables users to perform additive computations on encrypted data without first decrypting that data. With these techniques, a group of N nodes can efficiently perform distributed registration and authentication in a correct, secure, and privacy-preserving fashion, even if up to T of the N nodes are corrupted by an adversary.

Abstract: Some embodiments provide a method for using a machine learning (ML) model to respond to a query, at a smart NIC of a computer. The method receives a query including an input. The method applies a first ML model to the input to generate an output and a confidence measure for the output. When the confidence measure for the output is below a threshold, the method discards the output and provides the query to the computer for the computer to apply a second ML model to the input.

Abstract: In one set of embodiments, a computer system can initialize a counter that is shared by a plurality of software processes, where each software process is programmed to increment the counter a predefined number of times. The computer system can further run the plurality of software processes concurrently. Upon completion of the plurality of software processes, the computer system can apply one or more functions to the shared counter and output the result as an entropy sample.

Abstract: In one set of embodiments, a computer system can allocate a memory buffer in a dynamic random access memory (DRAM), determine a plurality of DRAM rows covered by the memory buffer, and execute a Rowhammer attack against a target row in the plurality of DRAM rows, thereby yielding randomly flipped bits in one or more neighboring DRAM rows. The computer system can then compute a value based on the randomly flipped bits and output the value as an entropy sample.

Abstract: In one set of embodiments, a computer system can initiate a memory stress test on a memory subsystem of the computer system, where the memory subsystem including a dynamic random access memory (DRAM). Then, while the memory stress test is running, the computer system can execute a plurality of access operations for accessing the DRAM, measure the time taken to complete each access operation, combine the measured times to compute a value, and output the value as an entropy sample.

Abstract: In some embodiments, a method receives data for a block in a blockchain during a recovery process in which a recovering replica is recovering the block for a first instance of the blockchain being maintained by the recovering replica. The block is received from a second instance of the blockchain being maintained by a source replica. The method splits the data for the block into a plurality of chunks. Each chunk includes a portion of the data for the block; It is determined whether the recovering replica can recover a chunk in the plurality of chunks using a representation of the chunk. In response to determining that the recovering replica can recover the chunk, sending the representation of the chunk to the recovering replica. In response to determining that the recovering replica cannot recover the chunk, sending the data for the chunk to the recovering replica.

Abstract: In some embodiments, a method receives data for a block in a blockchain during a recovery process in which a recovering replica is recovering the block for a first instance of the blockchain being maintained by the recovering replica. The block is received from a second instance of the blockchain being maintained by a source replica. The method splits the data for the block into a plurality of chunks. Each chunk includes a portion of the data for the block; It is determined whether the recovering replica can recover a chunk in the plurality of chunks using a representation of the chunk. In response to determining that the recovering replica can recover the chunk, sending the representation of the chunk to the recovering replica. In response to determining that the recovering replica cannot recover the chunk, sending the data for the chunk to the recovering replica.

Abstract: Techniques for implementing distributed registration and authentication (i.e., the collaborative processing of client registration and authentication requests by multiple nodes in a computing system) via threshold secret sharing are provided. A threshold secret sharing scheme is a cryptographic method for sharing a secret among N parties in a manner that requires at least T+1 of the N parties to cooperate in order to reconstruct/reveal the secret, where T is some threshold value less than N. By leveraging threshold secret sharing, these techniques enable a group of N nodes to efficiently implement distributed registration and authentication in a correct, secure, and privacy-preserving fashion, even if up to T of the N nodes are corrupted by an adversary.

Abstract: An enhanced robust input protocol for secure multi-party computation (MPC) via pseudorandom secret sharing is provided. With this enhanced protocol, the servers that participate in MPC can generate and send a single random sharing [R] to a client with k inputs (rather than a separate random sharing per input), and the client can derive k pseudorandom sharings from [R] without any further server interactions.

Abstract: Techniques for implementing efficient three-party private set intersection (PSI) are provided. In one set of embodiments these techniques make use of an oblivious key-value store (OKVS), which is a cryptographic data structure that encodes a set of key-value pairs ({ki, vi}) and exhibits the following properties: (A) if a receiver decodes the OKVS on some input q=kj, the output will be vj, and (B) the receiver cannot tell, from the outputs generated by the OKVS, what keys (i.e., ki's) are encoded. By using an OKVS, the techniques of the present disclosure can achieve three-party PSI in a manner that is more efficient and scalable than existing protocols.

Abstract: In one set of embodiments, each server executing a secure multi-party computation (MPC) protocol can receive shares of inputs to the MPC protocol from a plurality of clients, where each input is private to each client and where each share is generated from its corresponding input using a threshold secret sharing scheme. Each server can then verify whether the shares of the plurality of inputs are valid/invalid and, for each invalid share, determine whether a client that submitted the invalid share or a server that holds the invalid share is corrupted. If the client that submitted the invalid share is corrupted, each server can ignore the input of that corrupted client during a computation phase of the MPC protocol. Alternatively, if the server that holds the invalid share is corrupted, each server can prevent that corrupted server from participating in the computation phase.