{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2025:TNDNQ3HF2RCCSAXX6QOYLDPYW2","short_pith_number":"pith:TNDNQ3HF","canonical_record":{"source":{"id":"2501.09191","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-01-15T22:39:50Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"d773ed88598a4d2391ee3e867f5c7e5932254793eaf91f2199b941485dfadb65","abstract_canon_sha256":"c365ef9954e5cdabf60baed246e9c3e84cfb6a03cd41bd8d4b0eb388181c5ef8"},"schema_version":"1.0"},"canonical_sha256":"9b46d86ce5d4442902f7f41d858df8b699dfd64682c229418e7646f4f96c3451","source":{"kind":"arxiv","id":"2501.09191","version":2},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2501.09191","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"arxiv_version","alias_value":"2501.09191v2","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2501.09191","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"pith_short_12","alias_value":"TNDNQ3HF2RCC","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"pith_short_16","alias_value":"TNDNQ3HF2RCCSAXX","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"pith_short_8","alias_value":"TNDNQ3HF","created_at":"2026-05-26T01:02:25Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2025:TNDNQ3HF2RCCSAXX6QOYLDPYW2","target":"record","payload":{"canonical_record":{"source":{"id":"2501.09191","kind":"arxiv","version":2},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-01-15T22:39:50Z","cross_cats_sorted":["cs.CR"],"title_canon_sha256":"d773ed88598a4d2391ee3e867f5c7e5932254793eaf91f2199b941485dfadb65","abstract_canon_sha256":"c365ef9954e5cdabf60baed246e9c3e84cfb6a03cd41bd8d4b0eb388181c5ef8"},"schema_version":"1.0"},"canonical_sha256":"9b46d86ce5d4442902f7f41d858df8b699dfd64682c229418e7646f4f96c3451","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-26T01:02:25.814060Z","signature_b64":"CZvaB/9R6CUuMvW6y70zVZQ2kihzNzd9cChgQOsCvk/otX+VRAXz5WVYk9UxZtm2ktylGk9Fjg5qvlfdpauZAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"9b46d86ce5d4442902f7f41d858df8b699dfd64682c229418e7646f4f96c3451","last_reissued_at":"2026-05-26T01:02:25.813063Z","signature_status":"signed_v1","first_computed_at":"2026-05-26T01:02:25.813063Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2501.09191","source_version":2,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-26T01:02:25Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"eBhtbG6tIm3Au5fC48dcNUr6mh70nIpeMcq6xfff3dJ+y1SuTerFMiHSvvKnTV7hjs5nryMWaY2GkNYNHPRyCw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T20:58:29.013659Z"},"content_sha256":"2854a5690b0e83e3fbc82e488c2e858d02864b11e39b5d52d90109dc1fa39962","schema_version":"1.0","event_id":"sha256:2854a5690b0e83e3fbc82e488c2e858d02864b11e39b5d52d90109dc1fa39962"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2025:TNDNQ3HF2RCCSAXX6QOYLDPYW2","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Detecting Vulnerabilities in Encrypted Software Code while Ensuring Code Privacy","license":"http://creativecommons.org/licenses/by/4.0/","headline":"Static analysis detects vulnerabilities in encrypted code by indexing its data and control flows without decryption.","cross_cats":["cs.CR"],"primary_cat":"cs.SE","authors_text":"Bernardo Ferreira, David Dantas, Ib\\'eria Medeiros, Jorge Martins, Rafael Ramires","submitted_at":"2025-01-15T22:39:50Z","abstract_excerpt":"Software vulnerabilities continue to be the primary cause of cyberattacks. It is crucial to identify vulnerabilities in applications' source code before attackers gain access to them and exploit any vulnerability they may contain. Developers have used static analysis tools (SATs) to find vulnerabilities in unprotected application code, and software testing companies have started offering software code analysis as a service to assist developers in these findings. Such services require access to unprotected code, which raises concerns about its privacy and intellectual property theft. Attackers "},"claims":{"count":4,"items":[{"kind":"strongest_claim","text":"The approach combines Static Code Analysis and Searchable Symmetric Encryption to process source code and build an encrypted inverted index that represents its data and control flows, enabling vulnerability discovery in a confidential way with similar precision to standard tools.","source":"verdict.strongest_claim","status":"machine_extracted","claim_id":"C1","attestation":"unclaimed"},{"kind":"weakest_assumption","text":"That an encrypted inverted index built from data and control flows is sufficient to support accurate static analysis tasks for vulnerability detection without introducing unacceptable false positives or negatives due to encryption.","source":"verdict.weakest_assumption","status":"machine_extracted","claim_id":"C2","attestation":"unclaimed"},{"kind":"one_line_summary","text":"A system using searchable symmetric encryption on code flow indices to perform static vulnerability detection on encrypted PHP code, achieving similar precision to non-private tools with 42.7% average overhead.","source":"verdict.one_line_summary","status":"machine_extracted","claim_id":"C3","attestation":"unclaimed"},{"kind":"headline","text":"Static analysis detects vulnerabilities in encrypted code by indexing its data and control flows without decryption.","source":"verdict.pith_extraction.headline","status":"machine_extracted","claim_id":"C4","attestation":"unclaimed"}],"snapshot_sha256":"696102ad518cd130025b2bd85de1b54cd92af3e65de05214098c114ba8b1989d"},"source":{"id":"2501.09191","kind":"arxiv","version":2},"verdict":{"id":"99080af8-5c62-4f59-a690-d3822043158d","model_set":{"reader":"grok-4.3"},"created_at":"2026-05-23T04:53:20.609524Z","strongest_claim":"The approach combines Static Code Analysis and Searchable Symmetric Encryption to process source code and build an encrypted inverted index that represents its data and control flows, enabling vulnerability discovery in a confidential way with similar precision to standard tools.","one_line_summary":"A system using searchable symmetric encryption on code flow indices to perform static vulnerability detection on encrypted PHP code, achieving similar precision to non-private tools with 42.7% average overhead.","pipeline_version":"pith-pipeline@v0.9.0","weakest_assumption":"That an encrypted inverted index built from data and control flows is sufficient to support accurate static analysis tasks for vulnerability detection without introducing unacceptable false positives or negatives due to encryption.","pith_extraction_headline":"Static analysis detects vulnerabilities in encrypted code by indexing its data and control flows without decryption."},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2501.09191/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":2,"snapshot_sha256":"eae4839b60692856b3b5b08ec0170606591b5105d754158e53838ed59963b4d3"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":"99080af8-5c62-4f59-a690-d3822043158d"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-05-26T01:02:25Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"E/NGdJbxDWVJgTQsEQ+Cqh6DGK6pHZViE8XYq52mBGb+fOXgVuqcZo8YNSoFsQgBsnrA7FsOivwJypaZ89CrBQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-03T20:58:29.014132Z"},"content_sha256":"ff07b2926489a74356d0844a1f7bf9302e237e3c72343242a7edf360910efc7c","schema_version":"1.0","event_id":"sha256:ff07b2926489a74356d0844a1f7bf9302e237e3c72343242a7edf360910efc7c"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2/bundle.json","state_url":"https://pith.science/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-03T20:58:29Z","links":{"resolver":"https://pith.science/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2","bundle":"https://pith.science/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2/bundle.json","state":"https://pith.science/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2/state.json","well_known_bundle":"https://pith.science/.well-known/pith/TNDNQ3HF2RCCSAXX6QOYLDPYW2/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2025:TNDNQ3HF2RCCSAXX6QOYLDPYW2","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"c365ef9954e5cdabf60baed246e9c3e84cfb6a03cd41bd8d4b0eb388181c5ef8","cross_cats_sorted":["cs.CR"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-01-15T22:39:50Z","title_canon_sha256":"d773ed88598a4d2391ee3e867f5c7e5932254793eaf91f2199b941485dfadb65"},"schema_version":"1.0","source":{"id":"2501.09191","kind":"arxiv","version":2}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2501.09191","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"arxiv_version","alias_value":"2501.09191v2","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2501.09191","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"pith_short_12","alias_value":"TNDNQ3HF2RCC","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"pith_short_16","alias_value":"TNDNQ3HF2RCCSAXX","created_at":"2026-05-26T01:02:25Z"},{"alias_kind":"pith_short_8","alias_value":"TNDNQ3HF","created_at":"2026-05-26T01:02:25Z"}],"graph_snapshots":[{"event_id":"sha256:ff07b2926489a74356d0844a1f7bf9302e237e3c72343242a7edf360910efc7c","target":"graph","created_at":"2026-05-26T01:02:25Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":4,"items":[{"attestation":"unclaimed","claim_id":"C1","kind":"strongest_claim","source":"verdict.strongest_claim","status":"machine_extracted","text":"The approach combines Static Code Analysis and Searchable Symmetric Encryption to process source code and build an encrypted inverted index that represents its data and control flows, enabling vulnerability discovery in a confidential way with similar precision to standard tools."},{"attestation":"unclaimed","claim_id":"C2","kind":"weakest_assumption","source":"verdict.weakest_assumption","status":"machine_extracted","text":"That an encrypted inverted index built from data and control flows is sufficient to support accurate static analysis tasks for vulnerability detection without introducing unacceptable false positives or negatives due to encryption."},{"attestation":"unclaimed","claim_id":"C3","kind":"one_line_summary","source":"verdict.one_line_summary","status":"machine_extracted","text":"A system using searchable symmetric encryption on code flow indices to perform static vulnerability detection on encrypted PHP code, achieving similar precision to non-private tools with 42.7% average overhead."},{"attestation":"unclaimed","claim_id":"C4","kind":"headline","source":"verdict.pith_extraction.headline","status":"machine_extracted","text":"Static analysis detects vulnerabilities in encrypted code by indexing its data and control flows without decryption."}],"snapshot_sha256":"696102ad518cd130025b2bd85de1b54cd92af3e65de05214098c114ba8b1989d"},"formal_canon":{"evidence_count":2,"snapshot_sha256":"eae4839b60692856b3b5b08ec0170606591b5105d754158e53838ed59963b4d3"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2501.09191/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Software vulnerabilities continue to be the primary cause of cyberattacks. It is crucial to identify vulnerabilities in applications' source code before attackers gain access to them and exploit any vulnerability they may contain. Developers have used static analysis tools (SATs) to find vulnerabilities in unprotected application code, and software testing companies have started offering software code analysis as a service to assist developers in these findings. Such services require access to unprotected code, which raises concerns about its privacy and intellectual property theft. Attackers ","authors_text":"Bernardo Ferreira, David Dantas, Ib\\'eria Medeiros, Jorge Martins, Rafael Ramires","cross_cats":["cs.CR"],"headline":"Static analysis detects vulnerabilities in encrypted code by indexing its data and control flows without decryption.","license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-01-15T22:39:50Z","title":"Detecting Vulnerabilities in Encrypted Software Code while Ensuring Code Privacy"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2501.09191","kind":"arxiv","version":2},"verdict":{"created_at":"2026-05-23T04:53:20.609524Z","id":"99080af8-5c62-4f59-a690-d3822043158d","model_set":{"reader":"grok-4.3"},"one_line_summary":"A system using searchable symmetric encryption on code flow indices to perform static vulnerability detection on encrypted PHP code, achieving similar precision to non-private tools with 42.7% average overhead.","pipeline_version":"pith-pipeline@v0.9.0","pith_extraction_headline":"Static analysis detects vulnerabilities in encrypted code by indexing its data and control flows without decryption.","strongest_claim":"The approach combines Static Code Analysis and Searchable Symmetric Encryption to process source code and build an encrypted inverted index that represents its data and control flows, enabling vulnerability discovery in a confidential way with similar precision to standard tools.","weakest_assumption":"That an encrypted inverted index built from data and control flows is sufficient to support accurate static analysis tasks for vulnerability detection without introducing unacceptable false positives or negatives due to encryption."}},"verdict_id":"99080af8-5c62-4f59-a690-d3822043158d"}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:2854a5690b0e83e3fbc82e488c2e858d02864b11e39b5d52d90109dc1fa39962","target":"record","created_at":"2026-05-26T01:02:25Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"c365ef9954e5cdabf60baed246e9c3e84cfb6a03cd41bd8d4b0eb388181c5ef8","cross_cats_sorted":["cs.CR"],"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.SE","submitted_at":"2025-01-15T22:39:50Z","title_canon_sha256":"d773ed88598a4d2391ee3e867f5c7e5932254793eaf91f2199b941485dfadb65"},"schema_version":"1.0","source":{"id":"2501.09191","kind":"arxiv","version":2}},"canonical_sha256":"9b46d86ce5d4442902f7f41d858df8b699dfd64682c229418e7646f4f96c3451","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"9b46d86ce5d4442902f7f41d858df8b699dfd64682c229418e7646f4f96c3451","first_computed_at":"2026-05-26T01:02:25.813063Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-05-26T01:02:25.813063Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"CZvaB/9R6CUuMvW6y70zVZQ2kihzNzd9cChgQOsCvk/otX+VRAXz5WVYk9UxZtm2ktylGk9Fjg5qvlfdpauZAg==","signature_status":"signed_v1","signed_at":"2026-05-26T01:02:25.814060Z","signed_message":"canonical_sha256_bytes"},"source_id":"2501.09191","source_kind":"arxiv","source_version":2}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:2854a5690b0e83e3fbc82e488c2e858d02864b11e39b5d52d90109dc1fa39962","sha256:ff07b2926489a74356d0844a1f7bf9302e237e3c72343242a7edf360910efc7c"],"state_sha256":"0fac6fe1a10963a8a0c8a99ba278802845a43a2844fbf540c4397769b50252a6"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"Yd07Kl9iCRevBKHEb1zGfAHj0tKWo9wJotKwtNlb27Vxk+nZQ6E25Tr6ccVrJgCD9CohaGaGBmNCWT++mrt0DQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-03T20:58:29.016455Z","bundle_sha256":"d07bc2e0de3693640d1bba13b8736540116093358963c0f1fdd4af9b7dbcc02b"}}