Several recent works have established lower bounds on the communication cost of secure messaging protocols using only selected primitives. We argue that these bounds no longer apply if succinct noninteractive multi-party key exchange (SMNIKE) exists, a setup-free primitive where no party’s message depends on the number of parties. We introduce succinct PPRFs, where the punctured key is of size 5λ and, in particular, independent of the input size, as long as the punctured point has a short description. We then show how to combine succinct PPRFs with JJ to show that a variant of the Boneh–Zhandry construction is already an SMNIKE.
Strong Asymmetric Password-Authenticated Key Exchange (saPAKE) enables a client, holding only a low-entropy password, to repeatedly establish shared high-entropy session keys with a server, holding a digest of that password. Ideally, an adversary is limited to impersonation attempts, online dictionary attacks, and, in the event of a leaked digest, a brute-force attack that does not admit precomputation. In this talk, I will present our novel saPAKE protocol, which is the first to simultaneously achieve the ideal security, as described, in a single round trip without generic algebraic models. We instantiate our saPAKE from an oblivious pseudorandom function (OPRF); I will also present our novel Dodis-Yampolskiy-based OPRF, the first online-extractable and input-committing UC-secure OPRF.
In this talk, I will discuss the problem of privacy-preserving statistical analysis. I will start with an introduction to _differential privacy_, a key framework in this area. Then, I will present _pointwise maximal leakage_ (PML), a privacy measure that I developed during my PhD studies. PML quantifies the amount of information leaking about a secret when releasing the outcome of a randomized function calculated on the secret. I will draw connections between PML and differential privacy while also highlighting their differences. Additionally, I will discuss an application where private information is sanitized while guaranteeing privacy in the sense of PML. Finally, I will explore open questions, current, and future research directions.
Ensuring cyber security often poses particular challenges for Small and Medium-sized Enterprises (SMEs), with constraints in terms of time, skills and resources leading to difficulties in understanding the issues and following good practice. The Cyber Security Communities of Support (CyCOS) project has been further investigating the challenges, with data collected from both SMEs and support providers. The project aims to trial a new community-based approach to support, offering a further channel through which to socialise and demystify cyber security for the SME audience, based upon collaboration between organisations in the same region, sector or supply chain. In this session, Prof. Steven Furnell will discuss the issue of cyber security for SMEs, drawing upon key findings from the work to date from both the SME and provider perspectives. He will also outline the plans for the proposed Communities of Support approach.
Encrypted network traffic, including HTTPS-protected MPEG-DASH video streams, can reveal sensitive information through side-channels. Prior research exposed adaptive bitrate streaming patterns as a vulnerability but lacked large-scale validations under strong network assumptions. This talk, based on a recently accepted paper at USENIX Security 2025 (with Romaric Duvignau), presents a protocol-agnostic system that identifies videos from a dataset of 240k videos covering three entire streaming platforms. Using k-d tree search and time series methods, it achieves 99.5% accuracy, even under VPNs or Wi-Fi eavesdropping. To address the privacy risks, we analyze the vulnerability's root causes, propose mitigations, and provide open-source tools and datasets for the community.
Automation apps enable seamless connection of IoT devices and services to provide useful functionality for end-users. These apps are typically executed on cloud-based Trigger-Action Platforms(TAPs) such as IFTTT and Node-RED, supporting both single- and multi-tenant architectures. These architectures raise security and privacy concerns in the face of cloud attackers and malicious app makers, resulting in massive exfiltration of sensitive user data.
To address these concerns, we design TAPShield, an architecture that uses confidential computing and language-level sandboxing to protect users’ sensitive information against untrustworthy TAPs and malicious apps. TAPShield targets JavaScript-driven TAPs built on the Node.js environment and uses trusted execution environments via Intel SGX to protect against cloud attackers. It further uses language-level sandboxes such as vm2 and SandTrap to protect against malicious apps. We implement TAPShield for two popular TAPs, Node-RED and IFTTT, and report on the security, performance, and compatibility trade-offs on a range of real-world apps.
Privacy-preserving blueprints enable users to create escrows using the auditor's public key. An escrow encrypts the evaluation of a function P(t,x), where t is a secret input used to generate the auditor's key and x is the user's private input to escrow generation. Nothing but P(t,x) is revealed even to a fully corrupted auditor. The original definition and construction (Kohlweiss et al., EUROCRYPT'23) only support the evaluation of functions on an input x provided by a single user.
We address this limitation by introducing updatable privacy-preserving blueprint schemes (UPPB), which enhance the original notion with the ability for multiple parties to non-interactively update the private value x in a blueprint. Moreover, a UPPB scheme allows for verifying that a blueprint is the result of a sequence of valid updates while revealing nothing else.
We present uBlu, an efficient instantiation of UPPB for computing a comparison between private user values and a private threshold t set by the auditor, where the current value x is the cumulative sum of private inputs, which enables applications such as privacy-preserving anti-money laundering and location tracking. Additionally, we show the feasibility of the notion generically for all value update functions and (binary) predicates from FHE and NIZKs.
Our main technical contribution is a technique to keep the size of primary blueprint components independent of the number of updates and reasonable for practical applications. This is achieved by elegantly extending an algebraic NIZK by Couteau and Hartmann (CRYPTO'20) with an update function and making it compatible with our additive updates. This result is of independent interest and may find additional applications thanks to the concise size of our proofs.
The last decade has seen a proliferation of code-reuse attacks in the context of web applications. These attacks target vulnerabilities in which attacker-controlled data exploits legitimate code fragments within the application’s codebase to execute a code chain that performs malicious computations, e.g. Remote Code Execution, on the attacker’s behalf. In this talk, we will discuss how principled large-scale static and dynamic code analysis helps in discovering and exploiting vulnerabilities in high-profile server-side applications and their software supply chain, as well as existing defensive mechanisms.
In this seminar I will present the paper that lies the foundation for the phd position I applied to. Key Transparency Log are an emerging technique to provide a secure and transparent way to manage and distribute cryptographic keys in centralised systems such as WhatsApp and iMessage. This paper (by Brorsson et al) presents a new way to prevent split-view attacks in Key Transparency Logs by leveraging light-weight and scalable cryptographic tools.
In a world where cryptographic constructs are stuck in a race against faster algorithms, we propose a cosmic solution: why not root cryptographic provable delays in the speed of light? This paper introduces Sequential Communication Delay (SCD) in the Universal Composability framework, a functionality models communication channels where data is transmitted fashionably late. With our SCD proofs, we proposed the first constructions of a Verifiable Delay Function and a Publicly Verifiable Time-Lock Puzzle that do not rely on computational assumptions Say goodbye to the worries of computational speed-ups and hello to a time-delay rooted in the cosmos!