{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2024:PLGGM5DXAZQY7M3CH5ATFXLXEL","short_pith_number":"pith:PLGGM5DX","canonical_record":{"source":{"id":"2402.09845","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2024-02-15T10:03:35Z","cross_cats_sorted":[],"title_canon_sha256":"7cf76f901a7ece9d7a559a6da31686f1a1160ae1391a76433fabc5ec45bba0f6","abstract_canon_sha256":"91fcac67b987fd0f810f783ceab54c39d86cb44c67b9a2e57b51c819986e4525"},"schema_version":"1.0"},"canonical_sha256":"7acc66747706618fb3623f4132dd7722f8f9f2741f4b04a1e52504b4b35b6ae6","source":{"kind":"arxiv","id":"2402.09845","version":1},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2402.09845","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"arxiv_version","alias_value":"2402.09845v1","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2402.09845","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"pith_short_12","alias_value":"PLGGM5DXAZQY","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"pith_short_16","alias_value":"PLGGM5DXAZQY7M3C","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"pith_short_8","alias_value":"PLGGM5DX","created_at":"2026-07-05T07:45:37Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2024:PLGGM5DXAZQY7M3CH5ATFXLXEL","target":"record","payload":{"canonical_record":{"source":{"id":"2402.09845","kind":"arxiv","version":1},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2024-02-15T10:03:35Z","cross_cats_sorted":[],"title_canon_sha256":"7cf76f901a7ece9d7a559a6da31686f1a1160ae1391a76433fabc5ec45bba0f6","abstract_canon_sha256":"91fcac67b987fd0f810f783ceab54c39d86cb44c67b9a2e57b51c819986e4525"},"schema_version":"1.0"},"canonical_sha256":"7acc66747706618fb3623f4132dd7722f8f9f2741f4b04a1e52504b4b35b6ae6","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T07:45:37.671627Z","signature_b64":"geZwiUePHxfKQ5JUPJe1LWMnQRE/IE2f/yQ2f1QgyTwNscvJhSbpI8A5CqurtVPg76EfM36hbk0pc11M46d1Ag==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"7acc66747706618fb3623f4132dd7722f8f9f2741f4b04a1e52504b4b35b6ae6","last_reissued_at":"2026-07-05T07:45:37.671069Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T07:45:37.671069Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2402.09845","source_version":1,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T07:45:37Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"MY304k61kzvwpGPKkm6T1ucVqTeVfMMh/ckHYNuOZcFArFEecCyCDzT7EBNwM+mcFB/WQ3Ui+o1WYwFZT7Y6BA==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-05T15:01:10.075717Z"},"content_sha256":"ef75bcb236e5c67aecb0462433784c3c66c0d5b81a1cb5b95f240d25bc78838e","schema_version":"1.0","event_id":"sha256:ef75bcb236e5c67aecb0462433784c3c66c0d5b81a1cb5b95f240d25bc78838e"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2024:PLGGM5DXAZQY7M3CH5ATFXLXEL","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CR","authors_text":"Amir Moradi, Christof Paar, Felix Hahn, Maik Ender, Marc Fyrbiak","submitted_at":"2024-02-15T10:03:35Z","abstract_excerpt":"Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access (HDL source code). Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces (JTAG, and minimal introspection of internal mo"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2402.09845","kind":"arxiv","version":1},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2402.09845/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-07-05T07:45:37Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"VoxnQhaFhh6VMgcGZn3An5hEZkQVmTlMXif7o3+BEF1izrm1jPB20Oz6htdB6UtVN/Q+BPgUK8N6l5/Z5LGiDw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-07-05T15:01:10.076408Z"},"content_sha256":"404c893516a1ea25f787dcc43ed21b0b871356844d9c5a9860ca8204aec4e513","schema_version":"1.0","event_id":"sha256:404c893516a1ea25f787dcc43ed21b0b871356844d9c5a9860ca8204aec4e513"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL/bundle.json","state_url":"https://pith.science/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-07-05T15:01:10Z","links":{"resolver":"https://pith.science/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL","bundle":"https://pith.science/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL/bundle.json","state":"https://pith.science/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL/state.json","well_known_bundle":"https://pith.science/.well-known/pith/PLGGM5DXAZQY7M3CH5ATFXLXEL/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2024:PLGGM5DXAZQY7M3CH5ATFXLXEL","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"91fcac67b987fd0f810f783ceab54c39d86cb44c67b9a2e57b51c819986e4525","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2024-02-15T10:03:35Z","title_canon_sha256":"7cf76f901a7ece9d7a559a6da31686f1a1160ae1391a76433fabc5ec45bba0f6"},"schema_version":"1.0","source":{"id":"2402.09845","kind":"arxiv","version":1}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2402.09845","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"arxiv_version","alias_value":"2402.09845v1","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2402.09845","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"pith_short_12","alias_value":"PLGGM5DXAZQY","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"pith_short_16","alias_value":"PLGGM5DXAZQY7M3C","created_at":"2026-07-05T07:45:37Z"},{"alias_kind":"pith_short_8","alias_value":"PLGGM5DX","created_at":"2026-07-05T07:45:37Z"}],"graph_snapshots":[{"event_id":"sha256:404c893516a1ea25f787dcc43ed21b0b871356844d9c5a9860ca8204aec4e513","target":"graph","created_at":"2026-07-05T07:45:37Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2402.09845/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Fuzzing is a well-established technique in the software domain to uncover bugs and vulnerabilities. Yet, applications of fuzzing for security vulnerabilities in hardware systems are scarce, as principal reasons are requirements for design information access (HDL source code). Moreover, observation of internal hardware state during runtime is typically an ineffective information source, as its documentation is often not publicly available. In addition, such observation during runtime is also inefficient due to bandwidth-limited analysis interfaces (JTAG, and minimal introspection of internal mo","authors_text":"Amir Moradi, Christof Paar, Felix Hahn, Maik Ender, Marc Fyrbiak","cross_cats":[],"headline":"","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2024-02-15T10:03:35Z","title":"JustSTART: How to Find an RSA Authentication Bypass on Xilinx UltraScale(+) with Fuzzing"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2402.09845","kind":"arxiv","version":1},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:ef75bcb236e5c67aecb0462433784c3c66c0d5b81a1cb5b95f240d25bc78838e","target":"record","created_at":"2026-07-05T07:45:37Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"91fcac67b987fd0f810f783ceab54c39d86cb44c67b9a2e57b51c819986e4525","cross_cats_sorted":[],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CR","submitted_at":"2024-02-15T10:03:35Z","title_canon_sha256":"7cf76f901a7ece9d7a559a6da31686f1a1160ae1391a76433fabc5ec45bba0f6"},"schema_version":"1.0","source":{"id":"2402.09845","kind":"arxiv","version":1}},"canonical_sha256":"7acc66747706618fb3623f4132dd7722f8f9f2741f4b04a1e52504b4b35b6ae6","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"7acc66747706618fb3623f4132dd7722f8f9f2741f4b04a1e52504b4b35b6ae6","first_computed_at":"2026-07-05T07:45:37.671069Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-07-05T07:45:37.671069Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"geZwiUePHxfKQ5JUPJe1LWMnQRE/IE2f/yQ2f1QgyTwNscvJhSbpI8A5CqurtVPg76EfM36hbk0pc11M46d1Ag==","signature_status":"signed_v1","signed_at":"2026-07-05T07:45:37.671627Z","signed_message":"canonical_sha256_bytes"},"source_id":"2402.09845","source_kind":"arxiv","source_version":1}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:ef75bcb236e5c67aecb0462433784c3c66c0d5b81a1cb5b95f240d25bc78838e","sha256:404c893516a1ea25f787dcc43ed21b0b871356844d9c5a9860ca8204aec4e513"],"state_sha256":"83dc14c43a03aed42d92805c663906b23f7e8a26812c8435c2d436349b50ebdd"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"BmGPARgwfi5DhuJtqPl6pBhlWZB0TVo2Dvm0sVTVo/yFNrza9gQGteEeTIyeZoYEzeT0DBV9rG9t0Y+egOofDw==","signed_message":"bundle_sha256_bytes","signed_at":"2026-07-05T15:01:10.080017Z","bundle_sha256":"88448007943aeaad2ad5032b22f08776ad442eab6d7e95abcbc7b5b6481a6922"}}