Summer School Talks

Abstract: The creators of sexual content face a constellation of unique online risks. In this talk I will review findings from over half a decade of research I’ve conducted in Europe and the US on the use cases, threat models, and protections needed for intimate content and interactions. We will start by discussing what motivates for the consensual sharing of intimate content in recreation ("sexting") and labor (particularly on OnlyFans, a platform focused on commercial sharing of intimate content). We will then turn to the threat of image-based sexual abuse, a form of sexual violence that encompasses the non-consensual creation and/or sharing of intimate content. We will discuss two forms of image-based sexual abuse: the non-consensual distribution of intimate content that was originally shared consensually and the rising use of AI to create intimate content without people’s consent.

Abstract: Trigger-Action Platforms (TAPs) such as IFTTT, Zapier, and Microsoft Power Automate enable seamless automation across IoT devices, cloud services, and social networks. However, their current design introduces significant privacy and security risks, including excessive data access, overprivilege, and vulnerabilities in third-party apps.

Abstract: In this talk, we will introduce Fully Homomorphic Encryption (FHE), a type of encryption which allows to compute over encrypted data. We will cover a brief historical introduction, give some intuition on how to construct it, and cover some of the currently most efficient schemes. We will finish by covering some challenges and current open questions.

Abstract: There can be many reasons one needs to solve systems of quadratic equations in multiple variables, but here we focus on applications in cryptography. This talk serves as an introduction to algebraic cryptanalysis, distinguishing the two stages: modelisation of a problem as a multivariate system of equations and solving the resulting system with general-purpose algebraic solvers. We explain briefly the modelisation phase, before going into a survey of state-of-the-art algebraic solvers. For each solver, we explain the core ideas and resulting techniques, as well as the complexity analysis for systems that do not exhibit a particular structure. We also aim to give an intuition for choosing which solvers are best suited for your specific problem.

Abstract: This talk will present an overview of the design principles of stream ciphers and hash functions. For stream ciphers, the talk will start with describing the main building blocks: initialization function, state update function and output function. Several trade-offs are possible between the complexity of the last two. Then we present concrete designs based on LFSRs, small permutations, large permutations and block ciphers. The part on hash functions also starts with an overview of architecture where one distinguishes compression functions (typically based on block ciphers) with the Merke-Damgård design and large permutations using a sponge approach.

Abstract: The Crypto Wars represent the ongoing tension between government efforts to access encrypted data for national security and the protection of privacy. This talk will provide a brief history of these conflicts, including attempts to suppress cryptographic research, impose secure communication controls (e.g., the Clipper Chip), access encrypted devices (Apple vs. FBI), and deploy spyware (e.g., NSO Group). Recently, focus has shifted to client-side scanning—filtering content on devices before encryption or after decryption—ostensibly to detect Child Sexual Abuse Material (CSAM), but also positioned for anti-terrorism and crime efforts.

Abstract: Recent investigations highlighted emergent behavior in computer microarchitecture, demonstrating techniques for creating weird gates that use microarchitectural state to represent Boolean values and perform logical functions on this state. Beyond showing that the gates are functionally complete, i.e., that they can compute any Boolean function, these works explore the security implications of using these gates.

Abstract: Pre-silicon side-channel leakage analysis can be approached as a top-down problem, using a hierarchical assessment across multiple abstraction levels in a design, enabling to gradually uncover sources of side-channel leakage. We introduce Telescope, a top-down framework for pre-silicon side-channel leakage assessment across three abstraction levels: architecture-, micro-architecture-, and gate-level. Telescope’s primary contribution is to demonstrate the propagation of leakage from software instructions to hardware implementation, revealing that leakage does not manifest uniformly across design levels.

Abstract: The field of microarchitectural security exists because many extremely smart people keep making assumptions about computing systems that are later shown to be incorrect.

Abstract: Isogeny-based cryptography is a branch of post-quantum cryptography based on the algorithmic theory of elliptic curves. It has its roots in the "isogeny problem" which states that it is generically difficult to compute a homomorphism (an isogeny) between two random elliptic curves.

Abstract: End-to-end encryption has become the gold standard for securing communications, bringing strong privacy guarantees to billions of users worldwide. My talk will discuss two potential avenues through which the security protections of end-to-end encryption might be undermined, concerning government circumvention and commercial circumvention respectively.

Abstract: The goal of malicious actors on social media platforms is usually to get more interactions with and views on their content, independent of the type of content that they are spreading. Despite the fact that this means that they aim to make their content hyper visible, these actions are still difficult to detect and prevalent across social media sites.