pith. sign in
Pith Number

pith:35W2EIGP

pith:2026:35W2EIGPGXNF3P46PAC657BPQ5
not attested not anchored not stored refs resolved

Compile-time Security Analysis and Optimization of Sensitive String Producers

Mike Samuel, Robert Grayson, Shaw Summa, Tom Palmer

A general framework for secure content composition integrates into general-purpose languages through small changes to string syntax.

arxiv:2605.16561 v1 · 2026-05-15 · cs.PL · cs.CR

Open paper page JSON Open Graph Bundle Merged state Verified badge What is a Pith Number?
Add to your LaTeX paper 
\usepackage{pith}
\pithnumber{35W2EIGPGXNF3P46PAC657BPQ5}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

This paper introduces a general framework for secure content composition that extends across content languages and integrates directly into general-purpose programming languages via additive changes to string expression syntax.

C2weakest assumption

That practical compilation strategies exist which achieve static analyses specified in terms of dynamic semantics while delivering runtime performance approaching naive string concatenation and useful developer diagnostics.

C3one line summary

A language-integrated framework for compile-time analysis of sensitive string producers that minimizes lexical distance between secure and insecure idioms.

References

24 extracted · 24 resolved · 1 Pith anchors

[1] Anonymous Authors. 2011. Self-citation omitted for double-blind review. In Proceedings of ...Details omitted for double-blind review 2011
[2] Anonymous Authors. 2019. Self-citation omitted for double-blind review. anonymized, https://example.com/anonymized. Accessed: 2026-03-19 2019
[3] Jim Baker. 2024. PEP 750 – Template Strings. Python Enhancement Proposals, https://peps.python.org/pep-0750/. Accepted 2025-04-10. Accessed: 2026-04-23 2024
[4] Jad S. Boutros. 2009. Reducing {XSS} by Way of Automatic Context-Aware Escaping in Template Systems. Google Online Security Blog, https://security. googleblog.com/2009/03/reducing-xss-by-way-of-automa 2009
[5] 2026.GNU get- text utilities(0.26 ed.) 2026

Formal links

2 machine-checked theorem links

Receipt and verification
First computed 2026-05-20T00:02:29.198553Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

df6da220cf35da5dbf9e7805eefc2f8755fb0f03c436ea82577dd30aa6f53d20

Aliases

arxiv: 2605.16561 · arxiv_version: 2605.16561v1 · doi: 10.48550/arxiv.2605.16561 · pith_short_12: 35W2EIGPGXNF · pith_short_16: 35W2EIGPGXNF3P46 · pith_short_8: 35W2EIGP
Agent API
Resolver JSON Graph JSON Events JSON Schema Signing key
Verify this Pith Number yourself 
curl -sH 'Accept: application/ld+json' https://pith.science/pith/35W2EIGPGXNF3P46PAC657BPQ5 \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: df6da220cf35da5dbf9e7805eefc2f8755fb0f03c436ea82577dd30aa6f53d20
Canonical record JSON 
{
  "metadata": {
    "abstract_canon_sha256": "f4dcbf95cb9b8876e0b3fe910ce974e03542a901f5948a278429c50cbb461cb4",
    "cross_cats_sorted": [
      "cs.CR"
    ],
    "license": "http://creativecommons.org/licenses/by-nc-sa/4.0/",
    "primary_cat": "cs.PL",
    "submitted_at": "2026-05-15T19:04:02Z",
    "title_canon_sha256": "ad3eabd38b44141470ad89662c6a4500e6e1c71bc4268652d89b1afa39429e56"
  },
  "schema_version": "1.0",
  "source": {
    "id": "2605.16561",
    "kind": "arxiv",
    "version": 1
  }
}