Loading…
18-19 June
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon India 2026 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in India Standard Time (UTC+5:30)To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
← Back to schedule
Commit-Then-Disclose: Cryptographic SBOM Auditing Without IP Leakage - Sharvil Bhatt, Reliance Industries limited & Swastik Gour, Improving
Thursday June 18, 2026 12:00pm - 12:30pm IST
205 (Level 2)
SBOM regulations (NTIA, EU CRA,CISA) create conflicting requirements: auditors demand transparency while vendors require confidentiality. We present a two-layer Merkle commitment architecture separating public change detection from private component disclosure. Layer 1 builds standard Merkle trees producing public roots for tamper detection—anyone monitors changes without seeing components. Layer 2 commits internal hashes with 256-bit random nonces, yielding private commitment roots shared only with auditors for cryptographic hiding. Selective disclosure reveals only changed components via decommitment tuples with O(log n) proofs. Auditors verify commitments reconstruct to trusted roots. Re-randomization refreshes nonces without altering data. Tested: 100 auditors, 100K components, 50K proofs, zero false accepts. Performance: 2.6M disclosures/second, 0.01ms proof generation, 625-byte paths. Policy-based filtering achieves 72% disclosure reduction.

Speakers
avatar for Swastik Gour

Swastik Gour

Product Engineer , CNCF ambassador, Improving
Swastik is a CNCF ambassador and a Product Engineer by profession who enjoys to contribute to opensource inclusing openssf hosted RSTUF , kyverno , knative , paralus , Kubevela and is also a CAPI CI signal release shadow . He likes to study about the latest tech And innovations going... Read More →
avatar for Sharvil Bhatt

Sharvil Bhatt

Researcher and ex security auditor, Ex Reliance Industries limited
Published security researcher and Master's Candidate at LNMIIT. Former Security Auditor at Reliance Industries with expertise in OS kernel internals, eBPF-based threat detection, Rust and Go for secure tooling, and binary fuzzing. Skilled in container security, SBOM generation, supply-chain... Read More →
Thursday June 18, 2026 12:00pm - 12:30pm IST
205 (Level 2)
  Security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link