Students’ Session

Abstract: To allow two parties to securely compute an intersection, Private Set Intersection (PSI) was introduced. Here, securely means that both parties can keep their sets private during the computation, while still being able to recover the intersection at the end. Many algorithms towards efficient PSI have been proposed. However, attacks have been developed where parties learn elements of the other that are not in the intersection. These attacks apply to many PSI works and is not desirable. To prevent this, authorized PSI introduces a judge who checks the input of the parties before the actual intersection. Even though this is a promising solution, it might be undesirable for parties to reveal the entire input set to the judge. We resolve this. In this new area we have the fastest protocol for Partial Authorized Private Set Intersection.

Abstract: Secure Federated Data Distillation (SFDD) is a novel framework for collaboratively generating a global synthetic dataset in federated settings without exposing private data. Unlike traditional Dataset Distillation (DD), which is centralized and poses privacy risks, or existing federated distillation methods that use locally distilled knowledge to train a shared model, SFDD focuses on jointly constructing a shared synthetic dataset itself. Clients contribute to the dataset via gradient matching, without sharing raw data. A central server iteratively refines the dataset using client-side updates while maintaining confidentiality. To prevent gradient-based inference by the server, we introduce LDPO-RLD, an optimized Local Differential Privacy mechanism. We also evaluate SFDD’s robustness against malicious clients performing distillation-specific backdoor attacks (e.g., Doorping), demonstrating strong resilience.

Abstract: I explore new directions in Fully Homomorphic Encryption (FHE) bootstrapping, specifically focusing on the CKKS scheme, which enables approximate computations on encrypted data. The research introduces novel bootstrapping equations for CKKS based on roots of unity. I present SPRU, a low-latency bootstrapping approach developed in collaboration with Jean-Sébastien Coron, alongside related developments including the follow-up PaCo bootstrapping by Coron & Seuré and the state-of-the-art CKKS bootstrapping SHIP by CryptoLab.

Abstract: This paper presents dCTIDH, a CSIDH implementation that combines two recent developments into a novel state-of-the-art deterministic implementation. We combine the approach of deterministic variants of CSIDH with the batching strategy of CTIDH, which shows that the full potential of this key space has not yet been explored. This high-level adjustment in itself leads to a significant speed-up. To achieve an effective deterministic evaluation in constant time, we introduce Wombats, a new approach to performing isogenies in batches, specifically tailored to the behavior required for deterministic CSIDH using CTIDH batching. Furthermore, we explore the two-dimensional space of optimal primes for dCTIDH, with regard to both the performance of dCTIDH in terms of finite-field operations per prime and the efficiency of finite-field operations, determined by the prime shape, in terms of cycles. This allows us to optimize both for choice of prime and scheme parameters simultaneously. Lastly, we implement and benchmark constant-time, deterministic dCTIDH. Our results show that dCTIDH not only outperforms state-of-the-art deterministic CSIDH, but even non-deterministic CTIDH: dCTIDH-2048 is faster than CTIDH-2048 by 17 percent, and is almost five times faster than dCSIDH-2048.

Abstract: The Number Theoretic Transform (NTT) plays a vital role in many post-quantum cryptographic (PQC) algorithms by enabling efficient polynomial multiplication. However, ensuring the reliability of NTT computations is crucial, particularly in safety-critical applications. This talk will present new techniques for detecting faults in NTTs with minimal computational overhead. In particular, I will show how to detect multiple faults in Dilithium without recomputation, improving both robustness and efficiency.