Modern distributed systems involve interactions between
principals with limited trust, so cryptographic mechanisms
are needed to protect confidentiality and integrity. At the
same time, most developers lack the training to securely em-
ploy cryptography. We present Viaduct, a compiler that trans-
forms high-level programs into secure, efficient distributed
realizations. Viaduct’s source language allows developers to
declaratively specify security policies by annotating their
programs with information flow labels. The compiler uses
these labels to synthesize distributed programs that use cryp-
tography efficiently while still defending the source-level
security policy. The Viaduct approach is general, and can be
easily extended with new security mechanisms.
Our implementation of the Viaduct compiler comes with
an extensible runtime system that includes plug-in support
for multiparty computation, commitments, and zero-know-
ledge proofs. We have evaluated the system on a set of bench-
marks, and the results indicate that our approach is feasible
and can use cryptography in efficient, nontrivial ways.