Trail of Bits

By Trail of Bits

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.


Category: Technology

Open in Apple Podcasts


Open RSS feed


Open Website


Rate for this podcast

Subscribers: 6
Reviews: 0

Description

The Trail of Bits podcast explores the intersection of human intellect and computational power. Imagine having a couple of friends explain to you how they protect some of the world’s most precious data - friends who happen to be the world’s leading cyber security experts, and who know how to speak in plain, straightforward English. That’s what each episode of the Trail of Bits podcast is like. The only ads you’ll ever hear are for our free and open source software and tools.

Episode Date
Future
00:21:37

FEATURED VOICES IN THIS EPISODE

Dan Guido

Dan Guido is the CEO of Trail of Bits, a cybersecurity firm he founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he’s active on the boards of four early-stage technology companies. Dan contributes to cybersecurity policy papers from RAND, CNAS, and Harvard. He runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project -- AlgoVPN -- is the Internet's most recommended self-hosted VPN. In prior roles, Dan taught a capstone course on software exploitation at NYU as a faculty member and the Hacker in Residence, consulted at iSEC Partners (now NCC Group), and worked as an incident responder for the Federal Reserve System.

Nat Chin

Nat Chin is a security engineer 2 at Trail of Bits, where she performs security reviews of blockchain projects, and develops tools that are useful when working with Ethereum. She is the author of solc-select, a tool to help switch Solidity versions. She worked as a smart contract developer and taught as a Blockchain Professor at George Brown College, before transitioning to blockchain security when she joined Trail of Bits.

Opal Wright

Opal Wright is a cryptography analyst at Trail of Bits. Two of the following three statements about her are true: (a) she's a long-distance unicyclist; (b) she invented a public-key cryptosystem; (c) she designed and built an award-winning sex toy.

Jim Miller

Jim Miller is the cryptography team lead at Trail of Bits. Before joining Trail of Bits, Jim attended graduate programs at both Cambridge and Yale, where he studied and researched both Number Theory and Cryptography, focusing on topics such as lattice-based cryptography and zero-knowledge proofs. During his time at Trail of Bits, Jim has led several security reviews across a wide variety of cryptographic applications and has helped lead the development of multiple projects, such as ZKDocs and PrivacyRaven.

Josselin Feist

Josselin Feist is a principal security engineer at Trail of Bits where he participates in assessments of blockchain software and designs automated bug-finding tools for smart contracts. He holds a Ph.D. in static analysis and symbolic execution and regularly speaks at both academic and industrial conferences. He is the author of various security tools, including Slither - a static analyzer framework for Ethereum smart contracts and Tealer - a static analyzer for Algorand contracts.

Peter Goodman

Peter Goodman is a Staff Engineer in the Research and Engineering practice at Trail of Bits, where he leads all de/compilation efforts. He is the creator of various static and dynamic program analysis tools, ranging from the Remill library for lifting machine code into LLVM bitcode, to the GRR snapshot/record/replay-based fuzzer. When Peter isn't writing code, he's mentoring a fleet of interns to push the envelope. Peter holds a Master's in Computer Science from the University of Toronto.

Host: Nick Selby

An accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm.

Production Staff

Story Editor: Chris Julin
Associate Editor: Emily Haavik
Executive Producer: Nick Selby
Executive Producer: Dan Guido

Recording

Rocky Hill Studios, Ghent, New York. Nick Selby, Engineer
Preuss-Projekt Tonstudio, Salzburg, Austria. Christian Höll, Engineer

Remote recordings:

Whistler, BC, Canada; (Nick Selby) Queens, NY; Brooklyn, NY; Rochester, NY (Emily Haavik);
Toronto, ON, Canada. TAPES//TYPES, Russell W. Gragg, Engineer
Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card

Edited by Emily Haavik and Chris Julin
Mastered by Chris Julin

Video

You can watch a video of this episode.

Music

DISPATCHES FROM TECHNOLOGY'S FUTURE, THE TRAIL OF BITS THEME, Chris Julin
OPEN WINGS, Liron Meyuhas
NEW WORLD, Ian Post
FUNKYMANIA, Omri Smadar, The Original Orchestra
GOOD AS GONE, INSTRUMENTAL VERSION, Bunker Buster 
ALL IN YOUR STRIDE, Abe
BREATHE EASY, Omri Smadar
TREEHOUSE, Lingerwell
LIKE THAT, Tobias Bergson
SCAPES,  Gray North

Reproduction

With the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 0; Immutable © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International. This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.

Meet the Team:

CHRIS JULIN

Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

EMILY HAAVIK

For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Jun 20, 2022
It Depends
00:21:05

FEATURED VOICES IN THIS EPISODE

Clint Bruce

Clint Bruce is a former Navy Special Warfare Officer, a graduate of the US Naval Academy, decorated athlete, and seasoned entrepreneur. A 4-year letter winner at Navy playing middle linebacker, captain and MVP of the ’96 Aloha Bowl Championship team, he was named to multiple all-star teams his senior year. He enjoyed opportunities with both the Baltimore Ravens and New Orleans Saints and was inducted into the Navy/Marine Corps Stadium Hall of Fame in 2009. Clint’s desire to serve was deep and firmly rooted. He left the NFL to pursue becoming a Navy SEAL and successfully completed BUDS (Basic Underwater Demolition SEAL Training) in 1998 with Class 217. Joining SEAL Team FIVE, Clint completed multiple deployments pre and post-911 directly involved in counter-terrorism and national security missions globally. He is a co-founder of Carry the Load, which was founded to restore true meaning to Memorial Day and celebrate the service and sacrifice of Police, Fire, and Rescue personnel and their families during the month of May. Clint lives in Dallas with his college sweetheart and three daughters who are not impressed that he played football or was a Navy SEAL.

Patrick Gray

Patrick Gray is the producer and presenter of the Risky Business weekly information security podcast, a weekly podcast that launched in 2007. He formerly was a journalist for publications including Wired.com, ZDNet Australia, The Sydney Morning Herald, The Age, The Bulletin (magazine) and Men's Style Australia.

Eric Olson

Eric Olson is the Director of Threat Intelligence for Jet Blue Airways. A threat intelligence professional for more than 20 years, Eric has had executive roles including Senior Vice President of Product Management and Vice President, Intellugence Operations, at LookingGlass Cyber Solutions, and was VP of Product Strategy at Cyveillance.

Allan Friedman

Allan Friedman is Senior Advisor and Strategist at the United States Cybersecurity and Infrastructure Security Agency, and one of the nation's leading experts on Software Bill of Materials. Allan leads CISA's efforts to coordinate SBOM initiatives inside and outside the US government, and around the world. He is known for applying technical and policy expertise to help audiences understand the pathways to change in an engaging fashion, and is frequently invited to speak or keynote to industry, academic, and public audiences. Wearing the hats of both a technologist and a policy maker, Allan has over 15 years of experience in international cybersecurity and technology policy. His experience and research focuses on economic and market analyses of information security. On the practical side, he has designed, convened, and facilitated national and international multistakeholder processes that have produced real results, helping diverse organizations finding common ground on contentious, cutting edge issues.

Evan Sultanik, PhD

Evan Sultanik is a Principal Computer Security Researcher at Trail of Bits. A computer scientist with extensive experience both in industry (as a software engineer) and academia, Evan is an active contributor to open source software. He is author of more than two dozen peer-reviewed academic papers, and is particularly interested in intelligent, distributed/peer-to-peer systems. Evan is editor of and frequent contributor to the International Journal of PoC||GTFO

William Woodruff

William Woodruff is a senior security engineer at Trail of Bits, contributing to the engineering and research practices in work for corporate and governmental clients. He has developed several of our open-source projects (e.g., twa, winchecksec, KRF, and mishegos). His work focuses on fuzzing, program analysis, and automated vulnerability reasoning. Outside of Trail of Bits, William helps to maintain the Homebrew project, the dominant macOS package manager. Before joining Trail of Bits, he was a software engineering intern at Cipher Tech Solutions, a small defense subcontractor. He has participated in the Google Summer of Code for four years (two as a student, two as a mentor) and taught a class in ethical hacking as a college senior. William holds a BA in philosophy from the University of Maryland (2018).

HOST: Nick Selby

An accomplished information and physical security professional, Nick leads the Software Assurance Practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm.

PRODUCTION STAFF

Story Editor: Chris Julin
Associate Editor: Emily Haavik
Executive Producer: Nick Selby
Executive Producer: Dan Guido

RECORDING

Recorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer;
22Springroad Tonstudio, Übersee, Germany - Volker Lesch, Engineer

Remote recordings were conducted at Whistler, BC, Canada (Nick Selby); Clint Bruce was recorded in a Google Meet session; Patrick Gray provided recordings of himself from Australia, courtesy of the Risky Business podcast. Eric Olson recorded himself on an iPhone. Washington, DC (tape sync of Allan Friedman by George Mocharko). Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card.

Edited by Emily Haavik and Chris Julin
Mastered by Chris Julin

Video

You can watch a video of this episode.

MUSIC

Dispatches From Technology's Future, the Trail of Bits theme, Chris Julin
EVERYBODY GET UP - No Vocals & FX - Ian Post
JD SCAVENGER by Randy Sharp
RIPPLES by Tamuz Dekel
FUTURE PERFECT, Evgeny Bardyuzha
THE SWINDLER, The Original Orchestra]
BLUE - ALTERNATIVE - INSTRUMENTAL VERSION by Faith Richards
OU ALLONS NOUS D'ICI - INSTRUMENTAL, Dan Zeitune
LITTLE EDGY, Chris Julin
SCAPES: Gray North

Reproduction

With the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 3; It Depends © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International. This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.

Referenced in this Episode:

The original blog post announcing the availability of It Depends describes the history you just heard with more technical specificity, and also of course links to the GitHub repository where you can download It Depends and try it for yourself. 

That blog post also links to the repository where you can download pip-audit, and give that a whirl.

In the 2021 Executive Order on Improving the Nation’s Cybersecurity, the Biden Administration announced that it would require SBOMs for all software vendors selling to the federal government.

Dependabot is a tool available to GitHub users. 

If you’re interested in the catalog of open source projects Trail of Bits participates in and contributes to, please read the blog post 

Celebrating our 2021 Open Source Contributions. There, you can read about our work contributing for example to LLVM - the compiler and toolchain technologies we discuss in the Podcast episode Future - to Pwndbg, a GDB plug-in that makes debugging with GDB “suck less.” The post includes links to contributions our engineer consultants have made to a huge range of open source projects from assert-rs to ZenGo-X.

Meet the Team:

CHRIS JULIN

Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

EMILY HAAVIK

For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Jun 20, 2022
W/Internships
00:21:33

Featured Voices in this Episode:

Trent Brunson

Trent Brunson is a Principal Security Engineer and Research Practice Manager at Trail of Bits. He has worked in computer security since 2012 as a researcher and engineer at Assured Information Security in Rome, NY, and at the Georgia Tech Research Institute, where he served as the Threat Intelligence Branch Chief and the Associate Division Chief of Threat Intelligence & Analytics. 

Dan Guido

Dan Guido is the CEO of Trail of Bits, a cybersecurity firm he co-founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to more than 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project, AlgoVPN, is the Internet's most recommended self-hosted VPN.

Suha Hussain

Suha Hussain is a software security engineer who specializes in machine learning assurance. Her work also involves data privacy, program analysis, and applied cryptography. She’s currently an intern at Trail of Bits, where she’s worked on projects such as PrivacyRaven and Fickling. She’s also pursuing a BS in Computer Science at Georgia Tech.

Sam Alws

Sam Alws is a computer science student at Vanderbilt University, hoping to take part in shaping the future of tech. He was a Trail of Bits wintern and also previously interned at Bloomberg LP. He serves as a volunteer software developer for Change++, writing code for charities, and spent two years with Project Spark, designing a programming curriculum for schools in India.

Nick Selby (Host)

An accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. 

Production Staff

Story Editor: Chris Julin
Associate Editor: Emily Haavik
Executive Producer: Nick Selby
Executive Producer: Dan Guido

Recording

Recorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer
22Springroad Tonstudio, Übersee, Germany - Volker Lesch, Engineer

Remote recordings: New York, NY; Brooklyn, NY; Virginia; Atlanta, GA (Emily Haavik); Silver Spring, MD (Jason An). 
Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card.

Edited by Emily Haavik and Chris Julin
Mastered by Chris Julin  

Video

You can watch a video of this podcast.

Special Thanks

Dominik Czarnota
Josselin Feist

Music

TRAIL OF BITS THEME: DISPATCHES FROM TECHNOLOGY'S FUTURE, Chris Julin
ELEMENT, Frank Bentley
FOUR AM, Curtis Cole
DRIVING SOLO, Ben Fox
OPEN WINGS, Liron Meyuhas
SHAKE YOUR STYLE, Stefano Mastronardi
THE QUEEN, Jasmine J. Walker
ILL PICKLE, Phil David
PIRATE BLUES, Leon Laudenback
SCAPES, Gray North

Reproduction

With the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 2; Internships and Winternships © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/

Referenced in this Episode:

Learn more about the work done by Trail of Bits interns over the years on the company blog.

Apply for an internship or winternship at https://www.trailofbits.com/careers

Suha Hussain and lead engineer Evan Sultanik describe the Fickling project: Never a Dill Moment: Exploiting Machine Learning Pickle Files. The Python manual refers specifically to the security issues discussed in this episode:  

"The pickle module is not secure. Only unpickle data you trust... It is possible to construct malicious pickle data which will execute arbitrary code during unpickling. Never unpickle data that could have come from an untrusted source, or that could have been tampered with."

Read more about PrivacyRaven and watch Suha’s video introducing the project: PrivacyRaven Has Left the Nest

Sam Alws describes his journey to speed up Echidna: Optimizing a Smart Contract Fuzzer

For those interested in CTFs, especially for those who seek to start their own, Trail of Bits has posted a CTF Field Guide in the company github repository. It contains details on past CTF challenges, guidance to help you design and create your own toolkits, and case studies of attacker behavior – both in the real world, and in past CTF competitions. Each lesson is supplemented by links to supporting reference materials.

Check out the AngstromCTF site here: angstromctf.com

And here’s the Montgomery Blair High School Cybersecurity Club’s github repository: github.com/blairsec

The Blair students you met in this podcast were Jason An, Clarence Lam, Harikesh Kailad and Patrick Zhang. 

Meet the Team:

Chris Julin

Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

Emily Haavik

For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Jun 20, 2022
Immutable
00:20:22

FEATURED VOICES IN THIS EPISODE

Dan Guido

Dan Guido is the CEO of Trail of Bits, a cybersecurity firm he founded in 2012 to address software security challenges with cutting-edge research. In his tenure leading Trail of Bits, Dan has grown the team to 80 engineers, led the team to compete in the DARPA Cyber Grand Challenge, built an industry-leading blockchain security practice, and refined open-source tools for the endpoint security market. In addition to his work at Trail of Bits, he’s active on the boards of four early-stage technology companies. Dan contributes to cybersecurity policy papers from RAND, CNAS, and Harvard. He runs Empire Hacking, a 1,500-member meetup group focused on NYC-area cybersecurity professionals. His latest hobby coding project -- AlgoVPN -- is the Internet's most recommended self-hosted VPN. In prior roles, Dan taught a capstone course on software exploitation at NYU as a faculty member and the Hacker in Residence, consulted at iSEC Partners (now NCC Group), and worked as an incident responder for the Federal Reserve System.

Evan Sultanik

Evan Sultanik is a Principal Computer Security Researcher at Trail of Bits. A computer scientist with extensive experience both in industry (as a software engineer) and academia, Evan is an active contributor to open source software. He is author of more than two dozen peer-reviewed academic papers, and is particularly interested in intelligent, distributed/peer-to-peer systems. Evan is editor of and frequent contributor to the International Journal of PoC||GTFO

Trent Brunson

Trent is a Principal Security Engineer and Research Practice Manager at Trail of Bits. He has worked in computer security since 2012 as a researcher and engineer at Assured Information Security in Rome, NY, and at the Georgia Tech Research Institute, where he served as the Threat Intelligence Branch Chief and the Associate Division Chief of Threat Intelligence & Analytics.  Trent received his Ph.D. in computational physics from Emory University in Atlanta in 2014, and his dissertation work applied the renormalization group and Monte Carlo methods to study exact results on complex networks.

Host: Nick Selby

An accomplished information and physical security professional, Nick leads the Software Assurance practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. 

Production Staff

Story Editor: Chris Julin
Associate Editor: Emily Haavik
Executive Producer: Nick Selby
Executive Producer: Dan Guido

Recording

Rocky Hill Studios, Ghent, New York. Nick Selby, Engineer
Preuss-Projekt Tonstudio, Salzburg, Austria. Christian Höll, Engineer
Remote recordings: Whistler, BC (Nick Selby); Queens, NY (Emily Haavik)

Edited and Mastered by Chris Julin
Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card

Video

Watch a video of this podcast. 

Music

Dispatches From Technology's Future, the Trail of Bits theme, Chris Julin
CANTO DELLE SCIACALLE, Cesare Pastanella
SHALLOW WATER - REMIX, Omri Smadar, Yehezkel Raz, Sivan Talmor
ALL IN YOUR STRIDE, ABE
LET IT RISE, Divine Attraction 
ROAD LESS TRAVELED, The David Roy Collective
KILLING ME SOFTLY, Ty Simon
TECH TALK, Rex Banner
LOST ON EARTH, Marek Jakubowicz
SCAPES, Gray North

Reproduction

With the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 0; Immutable © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/

Referenced in this Episode

In “Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers,” Evan Sultanik, Trent Brunson, and nine other engineers on the Trail of Bits Research and Engineering and Software Assurance teams report their findings from the year-long project to examine Blockchain centrality. 

Fluxture is a free and open source software crawling framework for Blockchains and peer-to-peer systems that Trail of Bits created to assist with the work described in this episode. We also link to the free and open source recursive dependency graphing tool It-Depends, which we will discuss in depth in the upcoming podcast episode that’s creatively titled, It-Depends. 

The Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers paper cites more than 30 academic and commercial research papers. 

There is literature about how malicious Tor exit nodes surveil and inject attacks into Tor-users’ traffic. You may also read  comments about exit node manipulation by Tor network maintainers. One report states that On February 2, 2021, a single, malicious actor was able to fully manage 27 percent of Tor's exit capacity.

The reports “How Malicious Tor Relays are Exploiting Users in 2020 (Part I)" hypothesized that the entity behind a range of malicious tor relays would not to stop its activities anytime soon; the follow-up, "Tracking One Year of Malicious Tor Exit Relay Activities" continues the discussion. 

Meet the Team:

CHRIS JULIN

Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

EMILY HAAVIK

For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Jun 20, 2022
Zero Knowledge Proofs and ZKDocs
00:21:08

FEATURED VOICES IN THIS EPISODE

Jim Miller

Jim Miller is the cryptography team lead at Trail of Bits. Before joining Trail of Bits, Jim attended graduate programs at both Cambridge and Yale, where he studied and researched both Number Theory and Cryptography, focusing on topics such as lattice-based cryptography and zero-knowledge proofs. During his time at Trail of Bits, Jim has led several security reviews across a wide variety of cryptographic applications and has helped lead the development of multiple projects, such as ZKDocs and PrivacyRaven.

Matthew Green

Matthew Green is a cryptographer and an associate professor at the Johns Hopkins Information Security Institute. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map-based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He was formerly a partner in Independent Security Evaluators, a custom security evaluation and design consultancy. From 1999-2003, he served as a senior technical staff member at AT&T Laboratories/Research in Florham Park, New Jersey.

Host: Nick Selby

An accomplished information and physical security professional, Nick leads the Software Assurance Practice at Trail of Bits, giving customers at some of the world's most targeted companies a comprehensive understanding of their security landscape. He is the creator of the Trail of Bits podcast, and does everything from writing scripts to conducting interviews to audio engineering to Foley (e.g. biting into pickles). Prior to Trail of Bits, Nick was Director of Cyber Intelligence and Investigations at the NYPD; the CSO of a blockchain startup; and VP of Operations at an industry analysis firm. 

Production Staff

Story Editor: Chris Julin
Associate Editor: Emily Haavik
Executive Producer: Nick Selby
Executive Producer: Dan Guido

Recording

Recorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer; and 22Springroad Tonstudio, Übersee, Germany - Volker Lesch, Engineer

Remote recordings were conducted at Whistler, BC, Canada; and Tarrytown, NY

Edited and Mastered by Chris Julin
Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card)

Music

Dispatches From Technology's Future, the Trail of Bits theme, Chris Julin
True Detectives: Ian Post
Big Band Lemonade: Shirker Big Band
Duda:  Ian Post
Bread and Butter: Ziggy
Scapes: Gray North

Video

Watch this episode as a video on YouTube.

Reproduction

With the exception of any Copyrighted music herein, Trail of Bits Season 1 Episode 1; Zero Knowledge Proofs and ZKDocs © 2022 by Trail of Bits is licensed under Attribution-NonCommercial-NoDerivatives 4.0 International.  This license allows reuse: reusers may copy and distribute the material in any medium or format in unadapted form and for noncommercial purposes only (noncommercial means not primarily intended for or directed towards commercial advantage or monetary compensation), provided that reusers give credit to Trail of Bits as the creator. No derivatives or adaptations of this work are permitted. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/

Referenced in this Episode:

The talk at Real World Crypto 2020 that Jim discusses was "This is not a proof: Pitfalls in real-world verifiable elections" by Sarah Jamie Lewis, Olivier Pereira, and Vanessa Teague. It was based on the academic paper, “How not to Prove Yourself: Pitfalls of the Fiat-Shamir Heuristic and Applications to Helios," by David Bernhard, Olivier Pereira, and Bogdan Warinschi. It’s about some problems researchers have uncovered in an open-source e-voting system called Helios Voting. 

You can learn much more about ZKDocs and the latest Trail of Bits projects on our blog: trailofbits.com/blog

Jim Miller uses a tennis analogy to help describe some of the issues we discussed in this episode: Serving up zero-knowledge proofs

Trail of Bits and Matthew Green teamed up to use Zero Knowledge proofs to form a trusted plane in which tech companies and vulnerability researchers can securely communicate, in a research project that's part of a larger DARPA-funded effort: Reinventing Vulnerability Disclosure using Zero Knowledge Proofs

In December 2020, a Trail of Bits intern wrote an extensive post called Reverie: An Optimized Zero Knowledge Proof System. Reverie is a ZK proof system using techniques from secure multiparty computation that optimizes for prover efficiency and doesn't require any trusted setup.

To learn more about the Trail of Bits Internship and Winternship programs, visit the Trail of Bits Careers Page

Meet the Team:

Chris Julin

Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

Emily Haavik

For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Jun 11, 2022
Trailer
00:01:46

PRODUCTION STAFF

Story Editor: Chris Julin
Associate Editor: Emily Haavik
Executive Producer: Nick Selby
Executive Producer: Dan Guido

RECORDING

Recorded at Rocky Hill Studios, Ghent, NY - Nick Selby, Engineer
Remote recordings were conducted at Whistler, BC, Canada

Edited and Mastered by Chris Julin
Trail of Bits supports and adheres to the Tape Syncers United Fair Rates Card

MUSIC

Dispatches From Technology's Future, the Trail of Bits theme, Chris Julin
Driving Solo, Ben Fox

Meet the Team:

CHRIS JULIN

Chris Julin has spent years telling audio stories and helping other people tell theirs. These days he works as a story editor and producer for news outlets like APM Reports, West Virginia Public Broadcasting, and Marketplace. He has also taught and mentored hundreds of young journalists as a professor. For the Trail of Bits podcast, he serves as story and music editor, sound designer, and mixing and mastering engineer.

EMILY HAAVIK

For the past 10 years Emily Haavik has worked as a broadcast journalist in radio, television, and digital media. She’s spent time writing, reporting, covering courts, producing investigative podcasts, and serving as an editorial manager. She now works as an audio producer for several production shops including Us & Them from West Virginia Public Broadcasting and PRX, and APM Reports. For the Trail of Bits podcast, she helps with scripting, interviews, story concepts, and audio production.

Jun 10, 2022