Search results

<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link href="/css/dist/css/bootstrap.min.css" rel="stylesheet"> <title>Search results</title> <link rel="stylesheet" href="/css/eprint.css?v=10"> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="apple-touch-icon" href="/img/apple-touch-icon-180x180.png" /> <style> input { background-color: #e8e8e8 !important; } mark { font-weight: 600; padding: .2em 0px .2em 0px; color: black; } span.term { font-weight: 700 !important; font-family: var(--bs-font-monospace), monospace !important; } form { background-color:#fff; } @media (min-width: 768px) { form { position:sticky;top:6rem; } } </style> <meta name="description" content="Search the Cryptology ePrint Archive"> </head> <body> <noscript> <h1 class="text-center">What a lovely hat</h1> <h4 class="text-center">Is it made out of <a href="https://iacr.org/tinfoil.html">tin foil</a>?</h4> </noscript> <div class="fixed-top" id="topNavbar"> <nav class="navbar navbar-custom navbar-expand-lg"> <div class="container px-0 justify-content-between justify-content-lg-evenly"> <div class="order-0 align-items-center d-flex"> <button class="navbar-toggler btnNoOutline" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false"> <span class="icon-bar top-bar"></span> <span class="icon-bar middle-bar"></span> <span class="icon-bar bottom-bar"></span> </button> <a class="d-none me-5 d-lg-inline" href="https://iacr.org/"><img class="iacrlogo" src="/img/iacrlogo_small.png" alt="IACR Logo" style="max-width:6rem;"></a> </div> <a class="ePrintname order-1" href="/"> <span class="longNavName">Cryptology ePrint Archive</span> </a> <div class="collapse navbar-collapse order-3" id="navbarContent"> <ul class="navbar-nav me-auto ms-2 mb-2 mb-lg-0 justify-content-end w-100"> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Papers </a> <ul class="dropdown-menu me-3" aria-labelledby="navbarDropdown"> <span class="text-dark mx-3" style="white-space:nowrap;">Updates from the last:</span> <li><a class="dropdown-item ps-custom" href="/days/7">7 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/31">31 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/183">6 months</a></li> <li><a class="dropdown-item ps-custom" href="/days/365">365 days</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/byyear">Listing by year</a></li> <li><a class="dropdown-item" href="/complete">All papers</a></li> <li><a class="dropdown-item" href="/complete/compact">Compact view</a></li> <li><a class="dropdown-item" href="https://www.iacr.org/news/subscribe">Subscribe</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/citation.html">How to cite</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/rss">Harvesting metadata</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="submissionsDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Submissions </a> <ul class="dropdown-menu me-3" aria-labelledby="submissionsDropdown"> <li><a class="dropdown-item" href="/submit">Submit a paper</a></li> <li><a class="dropdown-item" href="/revise">Revise or withdraw a paper</a></li> <li><a class="dropdown-item" href="/operations.html">Acceptance and publishing conditions</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="aboutDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> About </a> <ul class="dropdown-menu me-3" aria-labelledby="aboutDropdown"> <li><a class="dropdown-item" href="/about.html">Goals and history</a></li> <li><a class="dropdown-item" href="/news.html">News</a></li> <li><a class="dropdown-item" href="/stats">Statistics</a></li> <li><a class="dropdown-item" href="/contact.html">Contact</a></li> </ul> </li> </ul> </div> <div class="dropdown ps-md-2 text-right order-2 order-lg-last"> <button class="btn btnNoOutline" type="button" id="dropdownMenuButton1" data-bs-toggle="dropdown" aria-expanded="false"> <img src="/img/search.svg" class="searchIcon" alt="Search Button"/> </button> <div id="searchDd" class="dropdown-menu dropdown-menu-end p-0" aria-labelledby="dropdownMenuButton1"> <form action="/search" method="GET"> <div class="input-group"> <input id="searchbox" name="q" type="search" class="form-control" autocomplete="off"> <button class="btn btn-secondary border input-group-append ml-2"> Search </button> </div> </form> <div class="ms-2 p-1 d-none"><a href="/search">Advanced search</a></div> </div> </div> </div> </nav> </div> <main id="eprintContent" class="container px-3 py-4 p-md-4"> <div class="row"> <div class="col-12 col-lg-4"> <form class="p-2 pt-md-4 align-items-end needs-validation" novalidate onsubmit="return validateForm()" method="GET" action="/search"> <label for="anything" class="mt-2 form-label">Match anything</label> <input type="text" name="q" class="form-control form-control-sm" id="anything" aria-label="Match anything" value="Secure Aggregation"> <label for="title" class="mt-4 form-label">Match title</label> <input type="text" name="title" class="form-control form-control-sm" id="title" aria-label="Match title" value=""> <label for="authors" class="mt-4 form-label">Match authors</label> <input type="text" name="authors" class="form-control form-control-sm" id="authors" aria-label="Match authors" value=""> <label for="category" class="mt-4 form-label">Category</label><br> <select class="form-select form-select-sm" id="category" name="category" aria-label="Category"> <option value="">All categories</option> <option value="APPLICATIONS" >Applications</option> <option value="PROTOCOLS" >Cryptographic protocols</option> <option value="FOUNDATIONS" >Foundations</option> <option value="IMPLEMENTATION" >Implementation</option> <option value="SECRETKEY" >Secret-key cryptography</option> <option value="PUBLICKEY" >Public-key cryptography</option> <option value="ATTACKS" >Attacks and cryptanalysis</option> </select> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="submittedafter" class="mt-4 form-label">Submitted after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedafter" name="submittedafter" aria-label="Submitted after" value="None" placeholder="Enter a year"> </div> <div class="col-6"> <label for="submittedbefore" class="mt-4 form-label">Submitted before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedbefore" name="submittedbefore" aria-label="Submitted before" value="None" placeholder="Enter a year"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> </div> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="revisedafter" class="mt-4 form-label">Revised after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedafter" name="revisedafter" aria-label="Revised after" placeholder="Enter a year" value="None"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> <div class="col-6"> <label for="revisedbefore" class="mt-4 form-label">Revised before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedbefore" name="revisedbefore" aria-label="Revised before" value="None" placeholder="Enter a year"> </div> </div> <div class="d-none d-lg-flex mt-3"> <div class="form-check"> <input type="checkbox" id="relevance" name="relevance" > <label for="relevance" class="form-check-label ms-2">Sort by relevance</label> </div> </div> <div class="mt-3 d-flex"> <button class="btn btn-primary btn-sm" type="submit">Search</button> <button id="clearButton" class="btn btn-secondary btn-sm ms-2" type="button">Clear</button> <button id="helpButton" class="btn btn-info btn-sm ms-auto" type="button" data-bs-toggle="modal" data-bs-target="#helpModal">Help</button> </div> </form> <div class="modal" tabindex="-1" id="helpModal"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="modal-header"> <h4 class="modal-title">Search Help</h4> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <p> You can search for a phrase by enclosing it in double quotes, e.g., <span class="term text-nowrap"><a href="/search?q=%22differential%20privacy%22">"differential privacy"</a></span>. </p> <p> You can require or exclude specific terms using + and -. For example, to search for papers that contain the term elliptic but not the term factoring, use <span class="term text-nowrap"><a href="/search?q=%2Belliptic%20-factoring">+elliptic -factoring</a></span> </p> <p> To search in a title or for author name, use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20author%3Aboneh">title:isogeny author:boneh</a></span>. If you want to require both, you can use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20author%3Aboneh">title:isogeny AND author:boneh</a></span> because it recognizes logical operators <span class="term">AND</span> and <span class="term">OR</span>. This is equivalent to <a href="/search?title=isogeny&authors=boneh">using the individual fields</a> for author and title. You can also use NOT to negate a condition, as with <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20NOT%20author%3Aboneh">title:isogeny AND NOT author:boneh</a></span> to search for papers with an author other than Boneh. </p> <p> To find documents containing a term starting with the string <span class="term">differe</span>, use <span class="term"><a href="/search?q=differe%2A">differe*</a></span>. This will match the terms difference, different, and differential </p> <p> Note that search applies stemming, so that if you search for <span class="term">yield</span> it will also match terms <span class="term">yields</span> and <span class="term">yielding</span>. If you want to disable stemming, capitalize the term. A search for <span class="term">Adam</span> will not match the term 'Adams'. </p> <p> The system attempts to recognize possible misspellings. This is perhaps a source of amusement more than anything else. </p> <p> This currently searches the text in titles, authors, abstracts, and keywords, but does not search in the PDF or PS itself. </p> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div>  </div> <div class="col-12 col-lg-8" style="min-height:80vh"> <h4 class="mt-3 ms-4">136 results sorted by ID</h5> <div class="ms-lg-4 mt-3 results"> <div class="mb-4"> <div class="d-flex"><a title="2025/515" class="paperlink" href="/2025/515">2025/515</a> <span class="ms-2"><a href="/2025/515.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Compressed Sigma Protocols: New Model and Aggregation Techniques</strong> <div class="mt-1"><span class="fst-italic">Yuxi Xue, Tianyu Zheng, Shang Gao, Bin Xiao, Man Ho Au</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Sigma protocols ($\Sigma$-protocols) provide a foundational paradigm for constructing secure algorithms in privacy-preserving applications. To enhance efficiency, several extended models [BG18], [BBB+18], [AC20] incorporating various optimization techniques have been proposed as ``replacements'' for the original $\Sigma$-protocol. However, these models often lack the expressiveness needed to handle complex relations and hinder designers from applying appropriate instantiation and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/510" class="paperlink" href="/2025/510">2025/510</a> <span class="ms-2"><a href="/2025/510.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Adaptive Adversaries in Byzantine-Robust Federated Learning: A survey.</strong> <div class="mt-1"><span class="fst-italic">Jakub Kacper Szeląg, Ji-Jian Chin, Sook-Chin Yip</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated Learning (FL) has recently emerged as one of the leading paradigms for collaborative machine learning, serving as a tool for model computation without a need to expose one’s privately stored data. However, despite its advantages, FL systems face severe challenges within its own security solutions that address both privacy and robustness of models. This paper focuses on vulnerabilities within the domain of FL security with emphasis on model-robustness. Identifying critical gaps in...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/490" class="paperlink" href="/2025/490">2025/490</a> <span class="ms-2"><a href="/2025/490.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PREAMBLE: Private and Efficient Aggregation of Block Sparse Vectors and Applications</strong> <div class="mt-1"><span class="fst-italic">Hilal Asi, Vitaly Feldman, Hannah Keller, Guy N. Rothblum, Kunal Talwar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We revisit the problem of secure aggregation of high-dimensional vectors in a two-server system such as Prio. These systems are typically used to aggregate vectors such as gradients in private federated learning, where the aggregate itself is protected via noise addition to ensure differential privacy. Existing approaches require communication scaling with the dimensionality, and thus limit the dimensionality of vectors one can efficiently process in this setup. We propose PREAMBLE:...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/420" class="paperlink" href="/2025/420">2025/420</a> <span class="ms-2"><a href="/2025/420.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Non-Interactive Verifiable Aggregation</strong> <div class="mt-1"><span class="fst-italic">Ojaswi Acharya, Suvasree Biswas, Weiqi Feng, Adam O'Neill, Arkady Yerukhimovich</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Consider a weak analyst that wishes to outsource data collection and computation of aggregate statistics over a a potentially large population of (also weak) clients to a powerful server. For flexibility and efficiency, we consider public-key and non-interactive protocols, meaning the clients know the analyst's public key but do not share secrets, and each client sends at most one message. Furthermore, the final step should be silent, whereby the analyst simply downloads the (encrypted)...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/335" class="paperlink" href="/2025/335">2025/335</a> <span class="ms-2"><a href="/2025/335.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Privacy-Preserving Multi-Signatures: Generic Techniques and Constructions Without Pairings</strong> <div class="mt-1"><span class="fst-italic">Calvin Abou Haidar, Dipayan Das, Anja Lehmann, Cavit Özbay, Octavio Perez Kempner</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Multi-signatures allow a set of parties to produce a single signature for a common message by combining their individual signatures. The result can be verified using the aggregated public key that represents the group of signers. Very recent work by Lehmann and Özbay (PKC '24) studied the use of multi-signatures for ad-hoc privacy-preserving group signing, formalizing the notion of multi-signatures with probabilistic yet verifiable key aggregation. Moreover, they proposed new BLS-type...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/272" class="paperlink" href="/2025/272">2025/272</a> <span class="ms-2"><a href="/2025/272.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>X-Transfer: Enabling and Optimizing Cross-PCN Transactions</strong> <div class="mt-1"><span class="fst-italic">Lukas Aumayr, Zeta Avarikioti, Iosif Salem, Stefan Schmid, Michelle Yeo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Blockchain interoperability solutions allow users to hold and transfer assets among different chains, and in so doing reap the benefits of each chain. To fully reap the benefits of multi-chain financial operations, it is paramount to support interoperability and cross-chain transactions also on Layer-2 networks, in particular payment channel networks (PCNs). Nevertheless, existing works on Layer-2 interoperability solutions still involve on-chain events, which limits their scalability and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/258" class="paperlink" href="/2025/258">2025/258</a> <span class="ms-2"><a href="/2025/258.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>MPC with Publicly Identifiable Abort from Pseudorandomness and Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Marc Rivinius</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Publicly identifiable abort is a critical feature for ensuring accountability in outsourced computations using secure multiparty computation (MPC). Despite its importance, no prior work has specifically addressed identifiable abort in the context of outsourced computations. In this paper, we present the first MPC protocol that supports publicly identifiable abort with minimal overhead for external clients. Our approach minimizes client-side computation by requiring only a few pseudorandom...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/2082" class="paperlink" href="/2024/2082">2024/2082</a> <span class="ms-2"><a href="/2024/2082.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ClusterGuard: Secure Clustered Aggregation for Federated Learning with Robustness</strong> <div class="mt-1"><span class="fst-italic">Yulin Zhao, Zhiguo Wan, Zhangshuang Guan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated Learning (FL) enables collaborative model training while preserving data privacy by avoiding the sharing of raw data. However, in large-scale FL systems, efficient secure aggregation and dropout handling remain critical challenges. Existing state-of-the-art methods, such as those proposed by Liu et al. (UAI'22) and Li et al. (ASIACRYPT'23), suffer from prohibitive communication overhead, implementation complexity, and vulnerability to poisoning attacks. Alternative approaches that...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1821" class="paperlink" href="/2024/1821">2024/1821</a> <span class="ms-2"><a href="/2024/1821.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SCIF: Privacy-Preserving Statistics Collection with Input Validation and Full Security</strong> <div class="mt-1"><span class="fst-italic">Jianan Su, Laasya Bangalore, Harel Berger, Jason Yi, Alivia Castor, Micah Sherr, Muthuramakrishnan Venkitasubramaniam</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure aggregation is the distributed task of securely computing a sum of values (or a vector of values) held by a set of parties, revealing only the output (i.e., the sum) in the computation. Existing protocols, such as Prio (NDSI’17), Prio+ (SCN’22), Elsa (S&P’23), and Whisper (S&P’24), support secure aggregation with input validation to ensure inputs belong to a specified domain. However, when malicious servers are present, these protocols primarily guarantee privacy but not input...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1797" class="paperlink" href="/2024/1797">2024/1797</a> <span class="ms-2"><a href="/2024/1797.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-03</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FLock: Robust and Privacy-Preserving Federated Learning based on Practical Blockchain State Channels</strong> <div class="mt-1"><span class="fst-italic">Ruonan Chen, Ye Dong, Yizhong Liu, Tingyu Fan, Dawei Li, Zhenyu Guan, Jianwei Liu, Jianying Zhou</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">\textit{Federated Learning} (FL) is a distributed machine learning paradigm that allows multiple clients to train models collaboratively without sharing local data. Numerous works have explored security and privacy protection in FL, as well as its integration with blockchain technology. However, existing FL works still face critical issues. \romannumeral1) It is difficult to achieving \textit{poisoning robustness} and \textit{data privacy} while ensuring high \textit{model accuracy}....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1771" class="paperlink" href="/2024/1771">2024/1771</a> <span class="ms-2"><a href="/2024/1771.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PRIME: Differentially Private Distributed Mean Estimation with Malicious Security</strong> <div class="mt-1"><span class="fst-italic">Laasya Bangalore, Albert Cheu, Muthuramakrishnan Venkitasubramaniam</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Distributed mean estimation (DME) is a fundamental and important task as it serves as a subroutine in convex optimization, aggregate statistics, and, more generally, federated learning. The inputs for distributed mean estimation (DME) are provided by clients (such as mobile devices), and these inputs often contain sensitive information. Thus, protecting privacy and mitigating the influence of malicious adversaries are critical concerns in DME. A surge of recent works has focused on building...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1756" class="paperlink" href="/2024/1756">2024/1756</a> <span class="ms-2"><a href="/2024/1756.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>$\mathsf{Graphiti}$: Secure Graph Computation Made More Scalable</strong> <div class="mt-1"><span class="fst-italic">Nishat Koti, Varsha Bhat Kukkala, Arpita Patra, Bhavish Raj Gopal</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Privacy-preserving graph analysis allows performing computations on graphs that store sensitive information while ensuring all the information about the topology of the graph, as well as data associated with the nodes and edges, remains hidden. The current work addresses this problem by designing a highly scalable framework, $\mathsf{Graphiti}$, that allows securely realising any graph algorithm. $\mathsf{Graphiti}$ relies on the technique of secure multiparty computation (MPC) to design a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1655" class="paperlink" href="/2024/1655">2024/1655</a> <span class="ms-2"><a href="/2024/1655.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Secure Stateful Aggregation: A Practical Protocol with Applications in Differentially-Private Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Marshall Ball, James Bell-Clark, Adria Gascon, Peter Kairouz, Sewoong Oh, Zhiye Xie</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Recent advances in differentially private federated learning (DPFL) algorithms have found that using correlated noise across the rounds of federated learning (DP-FTRL) yields provably and empirically better accuracy than using independent noise (DP-SGD). While DP-SGD is well-suited to federated learning with a single untrusted central server using lightweight secure aggregation protocols, secure aggregation is not conducive to implementing modern DP-FTRL techniques without assuming a trusted...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1575" class="paperlink" href="/2024/1575">2024/1575</a> <span class="ms-2"><a href="/2024/1575.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficiently-Thresholdizable Batched Identity Based Encryption, with Applications</strong> <div class="mt-1"><span class="fst-italic">Amit Agarwal, Rex Fernando, Benny Pinkas</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose a new cryptographic primitive called "batched identity-based encryption" (Batched IBE) and its thresholdized version. The new primitive allows encrypting messages with specific identities and batch labels, where the latter can represent, for example, a block number on a blockchain. Given an arbitrary subset of identities for a particular batch, our primitive enables efficient issuance of a single decryption key that can be used to decrypt all ciphertexts having identities that are...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1562" class="paperlink" href="/2024/1562">2024/1562</a> <span class="ms-2"><a href="/2024/1562.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Privacy-preserving Billing Models for Peer-to-Peer Electricity Trading Markets</strong> <div class="mt-1"><span class="fst-italic">Akash Madhusudan, Mustafa A. Mustafa, Hilder V.L. Pereira, Erik Takke</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Peer-to-peer energy trading markets enable users to exchange electricity, directly offering them increased financial benefits. However, discrepancies often arise between the electricity volumes committed to in trading auctions and the volumes actually consumed or injected. Solutions designed to address this issue often require access to sensitive information that should be kept private. This paper presents a novel, fully privacy-preserving billing protocol designed to protect users'...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1499" class="paperlink" href="/2024/1499">2024/1499</a> <span class="ms-2"><a href="/2024/1499.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Multi-Key Fully-Homomorphic Aggregate MAC for Arithmetic Circuits</strong> <div class="mt-1"><span class="fst-italic">Suvasree Biswas, Arkady Yerukhimovich</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Homomorphic message authenticators allow a user to perform computation on previously authenticated data producing a tag $\sigma$ that can be used to verify the authenticity of the computation. We extend this notion to consider a multi-party setting where we wish to produce a tag that allows verifying (possibly different) computations on all party's data at once. Moreover, the size of this tag should not grow as a function of the number of parties or the complexity of the computations. We...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1460" class="paperlink" href="/2024/1460">2024/1460</a> <span class="ms-2"><a href="/2024/1460.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PPSA: Polynomial Private Stream Aggregation for Time-Series Data Analysis</strong> <div class="mt-1"><span class="fst-italic">Antonia Januszewicz, Daniela Medrano Gutierrez, Nirajan Koirala, Jiachen Zhao, Jonathan Takeshita, Jaewoo Lee, Taeho Jung</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Modern data analytics requires computing functions on streams of data points from many users that are challenging to calculate, due to both the high scale and nontrivial nature of the computation at hand. The need for data privacy complicates this matter further, as general-purpose privacy-enhancing technologies face limitations in at least scalability or utility. Existing work has attempted to improve this by designing purpose-built protocols for the use case of Private Stream Aggregation;...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1428" class="paperlink" href="/2024/1428">2024/1428</a> <span class="ms-2"><a href="/2024/1428.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Mario: Multi-round Multiple-Aggregator Secure Aggregation with Robustness against Malicious Actors</strong> <div class="mt-1"><span class="fst-italic">Truong Son Nguyen, Tancrède Lepoint, Ni Trieu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated Learning (FL) enables multiple clients to collaboratively train a machine learning model while keeping their data private, eliminating the need for data sharing. Two common approaches to secure aggregation (SA) in FL are the single-aggregator and multiple-aggregator models. This work focuses on improving the multiple-aggregator model. Existing multiple-aggregator protocols such as Prio (NSDI 2017), Prio+ (SCN 2022), Elsa (S&P 2023) either offer robustness only in the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1190" class="paperlink" href="/2024/1190">2024/1190</a> <span class="ms-2"><a href="/2024/1190.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-07-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Two-Party Secure Aggregation via Incremental Distributed Point Function</strong> <div class="mt-1"><span class="fst-italic">Nan Cheng, Aikaterini Mitrokotsa, Feng Zhang, Frank Hartmann</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Computing the maximum from a list of secret inputs is a widely-used functionality that is employed ei- ther indirectly as a building block in secure computation frameworks, such as ABY (NDSS’15) or directly used in multiple applications that solve optimisation problems, such as secure machine learning or secure aggregation statistics. Incremental distributed point function (I-DPF) is a powerful primitive (IEEE S&P’21) that significantly reduces the client- to-server communication and are...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1081" class="paperlink" href="/2024/1081">2024/1081</a> <span class="ms-2"><a href="/2024/1081.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-07-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Practical Non-interactive Multi-signatures, and a Multi-to-Aggregate Signatures Compiler</strong> <div class="mt-1"><span class="fst-italic">Matthieu Rambaud, Christophe Levrat</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In a fully non-interactive multi-signature, resp. aggregate-signature scheme (fNIM, resp. fNIA), signatures issued by many signers on the same message, resp. on different messages, can be succinctly ``combined'', resp. ``aggregated''. fNIMs are used in the Ethereum consensus protocol, to produce the certificates of validity of blocks which are to be verified by billions of clients. fNIAs are used in some PBFT-like consensus protocols, such as the production version of Diem by Aptos, to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1045" class="paperlink" href="/2024/1045">2024/1045</a> <span class="ms-2"><a href="/2024/1045.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-06-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Secret Sharing for Large-Scale Applications</strong> <div class="mt-1"><span class="fst-italic">Sarvar Patel, Giuseppe Persiano, Joon Young Seo, Kevin Yeo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Threshold secret sharing enables distributing a message to $n$ parties such that no subset of fewer than $t$ parties can learn the message, whereas any subset of at least $t$ parties can recover the message. Despite being a fundamental primitive, secret sharing still suffers from one significant drawback, where its message reconstruction algorithm is computationally expensive for large privacy thresholds $t$. In this paper, we aim to address this significant drawback. We study general...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1028" class="paperlink" href="/2024/1028">2024/1028</a> <span class="ms-2"><a href="/2024/1028.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-06-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FASIL: A challenge-based framework for secure and privacy-preserving federated learning</strong> <div class="mt-1"><span class="fst-italic">Ferhat Karakoç, Betül Güvenç Paltun, Leyli Karaçay, Ömer Tuna, Ramin Fuladi, Utku Gülen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Enhancing privacy in federal learning (FL) without considering robustness can create an open door for attacks such as poisoning attacks on the FL process. Thus, addressing both the privacy and security aspects simultaneously becomes vital. Although, there are a few solutions addressing both privacy and security in the literature in recent years, they have some drawbacks such as requiring two non-colluding servers, heavy cryptographic operations, or peer-to-peer communication topology. In...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/987" class="paperlink" href="/2024/987">2024/987</a> <span class="ms-2"><a href="/2024/987.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-07-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>CoGNN: Towards Secure and Efficient Collaborative Graph Learning</strong> <div class="mt-1"><span class="fst-italic">Zhenhua Zou, Zhuotao Liu, Jinyong Shan, Qi Li, Ke Xu, Mingwei Xu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Collaborative graph learning represents a learning paradigm where multiple parties jointly train a graph neural network (GNN) using their own proprietary graph data. To honor the data privacy of all parties, existing solutions for collaborative graph learning are either based on federated learning (FL) or secure machine learning (SML). Although promising in terms of efficiency and scalability due to their distributed training scheme, FL-based approaches fall short in providing provable...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/942" class="paperlink" href="/2024/942">2024/942</a> <span class="ms-2"><a href="/2024/942.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-06-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Let Them Drop: Scalable and Efficient Federated Learning Solutions Agnostic to Client Stragglers</strong> <div class="mt-1"><span class="fst-italic">Riccardo Taiello, Melek Önen, Clémentine Gritti, Marco Lorenzi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure Aggregation (SA) stands as a crucial component in modern Federated Learning (FL) systems, facilitating collaborative training of a global machine learning model while protecting the privacy of individual clients' local datasets. Many existing SA protocols described in the FL literature operate synchronously, leading to notable runtime slowdowns due to the presence of stragglers (i.e. late-arriving clients). To address this challenge, one common approach is to consider stragglers as...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/936" class="paperlink" href="/2024/936">2024/936</a> <span class="ms-2"><a href="/2024/936.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Willow: Secure Aggregation with One-Shot Clients</strong> <div class="mt-1"><span class="fst-italic">James Bell-Clark, Adrià Gascón, Baiyu Li, Mariana Raykova, Phillipp Schoppmann</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A common drawback of secure vector summation protocols in the single-server model is that they impose at least one synchronization point between all clients contributing to the aggregation. This results in clients waiting on each other to advance through the rounds of the protocol, leading to large latency (or failures due to too many dropouts) even if the protocol is computationally efficient. In this paper we propose protocols in the single-server model where clients contributing data to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/870" class="paperlink" href="/2024/870">2024/870</a> <span class="ms-2"><a href="/2024/870.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Computationally Secure Aggregation and Private Information Retrieval in the Shuffle Model</strong> <div class="mt-1"><span class="fst-italic">Adrià Gascón, Yuval Ishai, Mahimna Kelkar, Baiyu Li, Yiping Ma, Mariana Raykova</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The shuffle model has recently emerged as a popular setting for differential privacy, where clients can communicate with a central server using anonymous channels or an intermediate message shuffler. This model was also explored in the context of cryptographic tasks such as secure aggregation and private information retrieval (PIR). However, this study was almost entirely restricted to the stringent notion of information-theoretic security. In this work, we study computationally secure...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/723" class="paperlink" href="/2024/723">2024/723</a> <span class="ms-2"><a href="/2024/723.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>$\mathsf{OPA}$: One-shot Private Aggregation with Single Client Interaction and its Applications to Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Harish Karthikeyan, Antigoni Polychroniadou</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Our work aims to minimize interaction in secure computation due to the high cost and challenges associated with communication rounds, particularly in scenarios with many clients. In this work, we revisit the problem of secure aggregation in the single-server setting where a single evaluation server can securely aggregate client-held individual inputs. Our key contribution is the introduction of One-shot Private Aggregation ($\mathsf{OPA}$) where clients speak only once (or even choose not to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/643" class="paperlink" href="/2024/643">2024/643</a> <span class="ms-2"><a href="/2024/643.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Key-Homomorphic and Aggregate Verifiable Random Functions</strong> <div class="mt-1"><span class="fst-italic">Giulio Malavolta</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A verifiable random function (VRF) allows one to compute a random-looking image, while at the same time providing a unique proof that the function was evaluated correctly. VRFs are a cornerstone of modern cryptography and, among other applications, are at the heart of recently proposed proof-of-stake consensus protocols. In this work we initiate the formal study of aggregate VRFs, i.e., VRFs that allow for the aggregation of proofs/images into a small digest, whose size is independent of the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/535" class="paperlink" href="/2024/535">2024/535</a> <span class="ms-2"><a href="/2024/535.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-04-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>NodeGuard: A Highly Efficient Two-Party Computation Framework for Training Large-Scale Gradient Boosting Decision Tree</strong> <div class="mt-1"><span class="fst-italic">Tianxiang Dai, Yufan Jiang, Yong Li, Fei Mei</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Gradient Boosting Decision Tree (GBDT) is a well-known machine learning algorithm, which achieves high performance and outstanding interpretability in real-world scenes such as fraud detection, online marketing and risk management. Meanwhile, two data owners can jointly train a GBDT model without disclosing their private dataset by executing secure Multi-Party Computation (MPC) protocols. In this work, we propose NodeGuard, a highly efficient two party computation (2PC) framework for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/506" class="paperlink" href="/2024/506">2024/506</a> <span class="ms-2"><a href="/2024/506.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-03-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Decentralized Federated Learning using Reputation</strong> <div class="mt-1"><span class="fst-italic">Olive Chakraborty, Aymen Boudguiga</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Nowadays Federated learning (FL) is established as one of the best techniques for collaborative machine learning. It allows a set of clients to train a common model without disclosing their sensitive and private dataset to a coordination server. The latter is in charge of the model aggregation. However, FL faces some problems, regarding the security of updates, integrity of computation and the availability of a server. In this paper, we combine some new ideas like clients’ reputation with...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/476" class="paperlink" href="/2024/476">2024/476</a> <span class="ms-2"><a href="/2024/476.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-03-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>OPSA: Efficient and Verifiable One-Pass Secure Aggregation with TEE for Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Zhangshuang Guan, Yulin Zhao, Zhiguo Wan, Jinsong Han</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In federated learning, secure aggregation (SA) protocols like Flamingo (S\&P'23) and LERNA (ASIACRYPT'23) have achieved efficient multi-round SA in the malicious model. However, each round of their aggregation requires at least three client-server round-trip communications and lacks support for aggregation result verification. Verifiable SA schemes, such as VerSA (TDSC'21) and Eltaras et al.(TIFS'23), provide verifiable aggregation results under the security assumption that the server does...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/469" class="paperlink" href="/2024/469">2024/469</a> <span class="ms-2"><a href="/2024/469.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-03-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Malicious Security for Sparse Private Histograms</strong> <div class="mt-1"><span class="fst-italic">Lennart Braun, Adrià Gascón, Mariana Raykova, Phillipp Schoppmann, Karn Seth</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present a construction for secure computation of differentially private sparse histograms that aggregates the inputs from a large number of clients. Each client contributes a value to the aggregate at a specific index. We focus on the case where the set of possible indices is superpolynomially large. Hence, the resulting histogram will be sparse, i.e., most entries will have the value zero. Our construction relies on two non-colluding servers and provides security against malicious...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/455" class="paperlink" href="/2024/455">2024/455</a> <span class="ms-2"><a href="/2024/455.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-03-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Anonymous Complaint Aggregation for Secure Messaging</strong> <div class="mt-1"><span class="fst-italic">Connor Bell, Saba Eskandarian</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Private messaging platforms provide strong protection against platform eavesdropping, but malicious users can use privacy as cover for spreading abuse and misinformation. In an attempt to identify the sources of misinformation on private platforms, researchers have proposed mechanisms to trace back the source of a user-reported message (CCS '19,'21). Unfortunately, the threat model considered by initial proposals allowed a single user to compromise the privacy of another user whose...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/263" class="paperlink" href="/2024/263">2024/263</a> <span class="ms-2"><a href="/2024/263.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-02-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Threshold Encryption with Silent Setup</strong> <div class="mt-1"><span class="fst-italic">Sanjam Garg, Dimitris Kolonelos, Guru-Vamsi Policharla, Mingyuan Wang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We build a concretely efficient threshold encryption scheme where the joint public key of a set of parties is computed as a deterministic function of their locally computed public keys, enabling a silent setup phase. By eliminating interaction from the setup phase, our scheme immediately enjoys several highly desirable features such as asynchronous setup, multiverse support, and dynamic threshold. Prior to our work, the only known constructions of threshold encryption with silent setup...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/179" class="paperlink" href="/2024/179">2024/179</a> <span class="ms-2"><a href="/2024/179.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Traitor Tracing without Trusted Authority from Registered Functional Encryption</strong> <div class="mt-1"><span class="fst-italic">Pedro Branco, Russell W. F. Lai, Monosij Maitra, Giulio Malavolta, Ahmadreza Rahimi, Ivy K. Y. Woo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Traitor-tracing systems allow identifying the users who contributed to building a rogue decoder in a broadcast environment. In a traditional traitor-tracing system, a key authority is responsible for generating the global public parameters and issuing secret keys to users. All security is lost if the \emph{key authority itself} is corrupt. This raises the question: Can we construct a traitor-tracing scheme, without a trusted authority? In this work, we propose a new model for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/145" class="paperlink" href="/2024/145">2024/145</a> <span class="ms-2"><a href="/2024/145.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-02-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Practical Batch Proofs of Exponentiation</strong> <div class="mt-1"><span class="fst-italic">Charlotte Hoffmann, Pavel Hubáček, Svetlana Ivanova</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A Proof of Exponentiation (PoE) allows a prover to efficiently convince a verifier that $y=x^e$ in some group of unknown order. PoEs are the basis for practical constructions of Verifiable Delay Functions (VDFs), which, in turn, are important for various higher-level protocols in distributed computing. In applications such as distributed consensus, many PoEs are generated regularly, motivating protocols for secure aggregation of batches of statements into a few statements to improve the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/141" class="paperlink" href="/2024/141">2024/141</a> <span class="ms-2"><a href="/2024/141.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-02-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Secure Statistical Analysis on Multiple Datasets: Join and Group-By</strong> <div class="mt-1"><span class="fst-italic">Gilad Asharov, Koki Hamada, Dai Ikarashi, Ryo Kikuchi, Ariel Nof, Benny Pinkas, Junichi Tomida</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We implement a secure platform for statistical analysis over multiple organizations and multiple datasets. We provide a suite of protocols for different variants of JOIN and GROUP-BY operations. JOIN allows combining data from multiple datasets based on a common column. GROUP-BY allows aggregating rows that have the same values in a column or a set of columns, and then apply some aggregation summary on the rows (such as sum, count, median, etc.). Both operations are fundamental tools for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/081" class="paperlink" href="/2024/081">2024/081</a> <span class="ms-2"><a href="/2024/081.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-01-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SuperFL: Privacy-Preserving Federated Learning with Efficiency and Robustness</strong> <div class="mt-1"><span class="fst-italic">Yulin Zhao, Hualin Zhou, Zhiguo Wan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated Learning (FL) accomplishes collaborative model training without the need to share local training data. However, existing FL aggregation approaches suffer from inefficiency, privacy vulnerabilities, and neglect of poisoning attacks, severely impacting the overall performance and reliability of model training. In order to address these challenges, we propose SuperFL, an efficient two-server aggregation scheme that is both privacy preserving and secure against poisoning attacks. The...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/074" class="paperlink" href="/2024/074">2024/074</a> <span class="ms-2"><a href="/2024/074.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-01-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PRIDA: PRIvacy-preserving Data Aggregation with multiple data customers</strong> <div class="mt-1"><span class="fst-italic">Beyza Bozdemir, Betül Aşkın Özdemir, Melek Önen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose a solution for user privacy-oriented privacy-preserving data aggregation with multiple data customers. Most existing state-of-the-art approaches present too much importance on performance efficiency and seem to ignore privacy properties except for input privacy. Most solutions for data aggregation do not generally discuss the users’ birthright, namely their privacy for their own data control and anonymity when they search for something on the browser or volunteer to participate in...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/053" class="paperlink" href="/2024/053">2024/053</a> <span class="ms-2"><a href="/2024/053.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-01-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Anonymous Homomorphic IBE with Application to Anonymous Aggregation</strong> <div class="mt-1"><span class="fst-italic">Michael Clear, Ciaran McGoldrick, Hitesh Tewari</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">All anonymous identity-based encryption (IBE) schemes that are group homomorphic (to the best of our knowledge) require knowledge of the identity to compute the homomorphic operation. This paper is motivated by this open problem, namely to construct an anonymous group-homomorphic IBE scheme that does not sacrifice anonymity to perform homomorphic operations. Note that even when strong assumptions such as indistinguishability obfuscation (iO) are permitted, no schemes are known. We succeed in...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1936" class="paperlink" href="/2023/1936">2023/1936</a> <span class="ms-2"><a href="/2023/1936.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-12-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>LERNA: Secure Single-Server Aggregation via Key-Homomorphic Masking</strong> <div class="mt-1"><span class="fst-italic">Hanjun Li, Huijia Lin, Antigoni Polychroniadou, Stefano Tessaro</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper introduces LERNA, a new framework for single-server secure aggregation. Our protocols are tailored to the setting where multiple consecutive aggregation phases are performed with the same set of clients, a fraction of which can drop out in some of the phases. We rely on an initial secret sharing setup among the clients which is generated once-and-for-all, and reused in all following aggregation phases. Compared to prior works [Bonawitz et al. CCS’17, Bell et al. CCS’20], the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1900" class="paperlink" href="/2023/1900">2023/1900</a> <span class="ms-2"><a href="/2023/1900.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-06-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Conan: Distributed Proofs of Compliance for Anonymous Data Collection</strong> <div class="mt-1"><span class="fst-italic">Mingxun Zhou, Elaine Shi, Giulia Fanti</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We consider how to design an anonymous data collection protocol that enforces compliance rules. Imagine that each client contributes multiple data items (e.g., votes, location crumbs, or secret shares of its input) to an anonymous network, which mixes all clients' data items so that the receiver cannot determine which data items belong to the same user. Now, each user must prove to an auditor that the set it contributed satisfies a compliance predicate, without identifying which items it...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1820" class="paperlink" href="/2023/1820">2023/1820</a> <span class="ms-2"><a href="/2023/1820.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-11-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Chipmunk: Better Synchronized Multi-Signatures from Lattices</strong> <div class="mt-1"><span class="fst-italic">Nils Fleischhacker, Gottfried Herold, Mark Simkin, Zhenfei Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Multi-signatures allow for compressing many signatures for the same message that were generated under independent keys into one small aggregated signature. This primitive is particularly useful for proof-of-stake blockchains, like Ethereum, where the same block is signed by many signers, who vouch for the block's validity. Being able to compress all signatures for the same block into a short string significantly reduces the on-chain storage costs, which is an important efficiency metric...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1774" class="paperlink" href="/2023/1774">2023/1774</a> <span class="ms-2"><a href="/2023/1774.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-11-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Decentralized Private Steam Aggregation from Lattices</strong> <div class="mt-1"><span class="fst-italic">Uddipana Dowerah, Aikaterini Mitrokotsa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">As various industries and government agencies increasingly seek to build quantum computers, the development of post-quantum constructions for different primitives becomes crucial. Lattice-based cryptography is one of the top candidates for constructing quantum-resistant primitives. In this paper, we propose a decentralized Private Stream Aggregation (PSA) protocol based on the Learning with Errors (LWE) problem. PSA allows secure aggregation of time-series data over multiple users without...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1446" class="paperlink" href="/2023/1446">2023/1446</a> <span class="ms-2"><a href="/2023/1446.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-09-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>HE$^3$DB: An Efficient and Elastic Encrypted Database Via Arithmetic-And-Logic Fully Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Song Bian, Zhou Zhang, Haowen Pan, Ran Mao, Zian Zhao, Yier Jin, Zhenyu Guan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">As concerns are increasingly raised about data privacy, encrypted database management system (DBMS) based on fully homomorphic encryption (FHE) attracts increasing research attention, as FHE permits DBMS to be directly outsourced to cloud servers without revealing any plaintext data. However, the real-world deployment of FHE-based DBMS faces two main challenges: i) high computational latency, and ii) lack of elastic query processing capability, both of which stem from the inherent...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/1120" class="paperlink" href="/2023/1120">2023/1120</a> <span class="ms-2"><a href="/2023/1120.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-07-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>TVA: A multi-party computation system for secure and expressive time series analytics</strong> <div class="mt-1"><span class="fst-italic">Muhammad Faisal, Jerry Zhang, John Liagouris, Vasiliki Kalavri, Mayank Varia</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present TVA, a multi-party computation (MPC) system for secure analytics on secret-shared time series data. TVA achieves strong security guarantees in the semi-honest and malicious settings, and high expressivity by enabling complex analytics on inputs with unordered and irregular timestamps. TVA is the first system to support arbitrary composition of oblivious window operators, keyed aggregations, and multiple filter predicates, while keeping all data attributes private, including record...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/804" class="paperlink" href="/2023/804">2023/804</a> <span class="ms-2"><a href="/2023/804.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-06-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Falkor: Federated Learning Secure Aggregation Powered by AES-CTR GPU Implementation</strong> <div class="mt-1"><span class="fst-italic">Mariya Georgieva Belorgey, Sofia Dandjee, Nicolas Gama, Dimitar Jetchev, Dmitry Mikushin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose a novel protocol, Falkor, for secure aggregation for Federated Learning in the multi-server scenario based on masking of local models via a stream cipher based on AES in counter mode and accelerated by GPUs running on the aggregating servers. The protocol is resilient to client dropout and has reduced clients/servers communication cost by a factor equal to the number of aggregating servers (compared to the naïve baseline method). It scales simultaneously in the two major...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/675" class="paperlink" href="/2023/675">2023/675</a> <span class="ms-2"><a href="/2023/675.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efﬁcient and Secure Quantile Aggregation of Private Data Streams</strong> <div class="mt-1"><span class="fst-italic">Xiao Lan, Hongjian Jin, Hui Guo, Xiao Wang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Computing the quantile of a massive data stream has been a crucial task in networking and data management. However, existing solutions assume a centralized model where one data owner has access to all data. In this paper, we put forward a study of secure quantile aggregation between private data streams, where data streams owned by different parties would like to obtain a quantile of the union of their data without revealing anything else about their inputs. To this end, we designed efﬁcient...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/652" class="paperlink" href="/2023/652">2023/652</a> <span class="ms-2"><a href="/2023/652.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-05-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ScionFL: Efficient and Robust Secure Quantized Aggregation</strong> <div class="mt-1"><span class="fst-italic">Yaniv Ben-Itzhak, Helen Möllering, Benny Pinkas, Thomas Schneider, Ajith Suresh, Oleksandr Tkachenko, Shay Vargaftik, Christian Weinert, Hossein Yalame, Avishay Yanai</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure aggregation is commonly used in federated learning (FL) to alleviate privacy concerns related to the central aggregator seeing all parameter updates in the clear. Unfortunately, most existing secure aggregation schemes ignore two critical orthogonal research directions that aim to (i) significantly reduce client-server communication and (ii) mitigate the impact of malicious clients. However, both of these additional properties are essential to facilitate cross-device FL with thousands...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/527" class="paperlink" href="/2023/527">2023/527</a> <span class="ms-2"><a href="/2023/527.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-07-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Squirrel: A Scalable Secure Two-Party Computation Framework for Training Gradient Boosting Decision Tree</strong> <div class="mt-1"><span class="fst-italic">Wen-jie Lu, Zhicong Huang, Qizhi Zhang, Yuchen Wang, Cheng Hong</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Gradient Boosting Decision Tree (GBDT) and its variants are widely used in industry, due to their strong interpretability. Secure multi-party computation allows multiple data owners to compute a function jointly while keeping their input private. In this work, we present Squirrel, a two-party GBDT training framework on a vertically split dataset, where two data owners each hold different features of the same data samples. Squirrel is private against semi-honest adversaries, and no sensitive...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/498" class="paperlink" href="/2023/498">2023/498</a> <span class="ms-2"><a href="/2023/498.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-01-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Subset-optimized BLS Multi-signature with Key Aggregation</strong> <div class="mt-1"><span class="fst-italic">Foteini Baldimtsi, Konstantinos Kryptos Chalkias, Francois Garillot, Jonas Lindstrom, Ben Riva, Arnab Roy, Mahdi Sedaghat, Alberto Sonnino, Pun Waiwitlikhit, Joy Wang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose a variant of the original Boneh, Drijvers, and Neven (Asiacrypt '18) BLS multi-signature aggregation scheme best suited to applications where the full set of potential signers is fixed and known and any subset $I$ of this group can create a multi-signature over a message $m$. This setup is very common in proof-of-stake blockchains where a $2f+1$ majority of $3f$ validators sign transactions and/or blocks and is secure against $\textit{rogue-key}$ attacks without requiring a proof...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/486" class="paperlink" href="/2023/486">2023/486</a> <span class="ms-2"><a href="/2023/486.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Flamingo: Multi-Round Single-Server Secure Aggregation with Applications to Private Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Yiping Ma, Jess Woods, Sebastian Angel, Antigoni Polychroniadou, Tal Rabin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper introduces Flamingo, a system for secure aggregation of data across a large set of clients. In secure aggregation, a server sums up the private inputs of clients and obtains the result without learning anything about the individual inputs beyond what is implied by the final sum. Flamingo focuses on the multi-round setting found in federated learning in which many consecutive summations (averages) of model weights are performed to derive a good model. Previous protocols, such as...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/268" class="paperlink" href="/2023/268">2023/268</a> <span class="ms-2"><a href="/2023/268.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-09-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Verifiable Decentralized Multi-Client Functional Encryption for Inner Product</strong> <div class="mt-1"><span class="fst-italic">Dinh Duy Nguyen, Duong Hieu Phan, David Pointcheval</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Joint computation on encrypted data is becoming increasingly crucial with the rise of cloud computing. In recent years, the development of multi-client functional encryption (MCFE) has made it possible to perform joint computation on private inputs, without any interaction. Well-settled solutions for linear functions have become efficient and secure, but there is still a shortcoming: if one user inputs incorrect data, the output of the function might become meaningless for all other users...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/239" class="paperlink" href="/2023/239">2023/239</a> <small class="ms-auto">Last updated: 2023-02-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved Preimage Sampling for Lattices</strong> <div class="mt-1"><span class="fst-italic">Corentin Jeudy, Adeline Roux-Langlois, Olivier Sanders</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Preimage Sampling is a fundamental process in lattice-based cryptography whose performance directly affects the one of the cryptographic mechanisms that rely on it. In 2012, Micciancio and Peikert proposed a new way of generating trapdoors (and an associated preimage sampling procedure) with very interesting features. Unfortunately, in some applications such as digital signatures, the performance may not be as competitive as other approaches like Fiat-Shamir with Aborts. In this work we...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/198" class="paperlink" href="/2023/198">2023/198</a> <span class="ms-2"><a href="/2023/198.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Chopsticks: Fork-Free Two-Round Multi-Signatures from Non-Interactive Assumptions</strong> <div class="mt-1"><span class="fst-italic">Jiaxin Pan, Benedikt Wagner</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Multi-signatures have been drawing lots of attention in recent years, due to their applications in cryptocurrencies. Most early constructions require three-round signing, and recent constructions have managed to reduce the round complexity to two. However, their security proofs are mostly based on non-standard, interactive assumptions (e.g. one-more assumptions) and come with a huge security loss, due to multiple uses of rewinding (aka the Forking Lemma). This renders the quantitative...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/141" class="paperlink" href="/2023/141">2023/141</a> <span class="ms-2"><a href="/2023/141.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-02-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Secure Bandwidth-Efficient Treatment for Dropout-Resistant Time-Series Data Aggregation</strong> <div class="mt-1"><span class="fst-italic">Reyhaneh Rabaninejad, Alexandros Bakas, Eugene Frimpong, Antonis Michalas</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Aggregate statistics derived from time-series data collected by individual users are extremely beneficial in diverse fields, such as e-health applications, IoT-based smart metering networks, and federated learning systems. Since user data are privacy-sensitive in many cases, the untrusted aggregator may only infer the aggregation without breaching individual privacy. To this aim, secure aggregation techniques have been extensively researched over the past years. However, most existing...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/078" class="paperlink" href="/2023/078">2023/078</a> <small class="ms-auto">Last updated: 2023-06-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>An Efficient Multi-Signature Scheme for Blockchain</strong> <div class="mt-1"><span class="fst-italic">Mostefa Kara, Abdelkader Laouid, Mohammad Hammoudeh</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Blockchain is a newly emerging technology, however, it has proven effective in many applications because it provides multiple advantages, mainly as it represents a trust system in which data is encrypted in a way that cannot be tampered with or forged. Because it contains many details such as smart contracts, consensus, authentication, etc. the blockchain is a fertile ground for researchers where they can continually improve previous versions of these concepts. This paper introduces a new...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2023/028" class="paperlink" href="/2023/028">2023/028</a> <span class="ms-2"><a href="/2023/028.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-01-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Information-Theoretic Distributed Point Functions</strong> <div class="mt-1"><span class="fst-italic">Elette Boyle, Niv Gilboa, Yuval Ishai, Victor I. Kolobov</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A distributed point function (DPF) (Gilboa-Ishai, Eurocrypt 2014) is a cryptographic primitive that enables compressed additive secret-sharing of a secret weight-1 vector across two or more servers. DPFs support a wide range of cryptographic applications, including efficient private information retrieval, secure aggregation, and more. Up to now, the study of DPFs was restricted to the computational security setting, relying on one-way functions. This assumption is necessary in the case of a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1695" class="paperlink" href="/2022/1695">2022/1695</a> <span class="ms-2"><a href="/2022/1695.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-12-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ELSA: Secure Aggregation for Federated Learning with Malicious Actors</strong> <div class="mt-1"><span class="fst-italic">Mayank Rathee, Conghao Shen, Sameer Wagh, Raluca Ada Popa</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated learning (FL) is an increasingly popular approach for machine learning (ML) in cases where the train- ing dataset is highly distributed. Clients perform local training on their datasets and the updates are then aggregated into the global model. Existing protocols for aggregation are either inefficient, or don’t consider the case of malicious actors in the system. This is a major barrier in making FL an ideal solution for privacy-sensitive ML applications. We present ELSA,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1674" class="paperlink" href="/2022/1674">2022/1674</a> <span class="ms-2"><a href="/2022/1674.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-12-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Practical Multi-Key Homomorphic Encryption for More Flexible and Efficient Secure Federated Aggregation (preliminary work)</strong> <div class="mt-1"><span class="fst-italic">Alberto Pedrouzo-Ulloa, Aymen Boudguiga, Olive Chakraborty, Renaud Sirdey, Oana Stan, Martin Zuber</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work, we introduce a lightweight communication-efficient multi-key approach suitable for the Federated Averaging rule. By combining secret-key RLWE-based HE, additive secret sharing and PRFs, we reduce approximately by a half the communication cost per party when compared to the usual public-key instantiations, while keeping practical homomorphic aggregation performances. Additionally, for LWE-based instantiations, our approach reduces the communication cost per party from quadratic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1600" class="paperlink" href="/2022/1600">2022/1600</a> <span class="ms-2"><a href="/2022/1600.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-11-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Secret-Shared Joins with Multiplicity from Aggregation Trees</strong> <div class="mt-1"><span class="fst-italic">Saikrishna Badrinarayanan, Sourav Das, Gayathri Garimella, Srinivasan Raghuraman, Peter Rindal</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present novel protocols to compute SQL-like join operations on secret shared database tables with non-unique join keys. Previous approaches to the problem had the restriction that the join keys of both the input tables must be unique or had quadratic overhead. Our work lifts this restriction, allowing one or both of the secret shared input tables to have an unknown and unbounded number of repeating join keys while achieving efficient $O(n\log n)$ asymptotic communication/computation and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1544" class="paperlink" href="/2022/1544">2022/1544</a> <span class="ms-2"><a href="/2022/1544.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-11-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Towards Efficient Decentralized Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Christodoulos Pappas, Dimitrios Papadopoulos, Dimitris Chatzopoulos, Eleni Panagou, Spyros Lalis, Manolis Vavalis</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We focus on the problem of efficiently deploying a federated learning training task in a decentralized setting with multiple aggregators. To that end, we introduce a number of improvements and modifications to the recently proposed IPLS protocol. In particular, we relax its assumption for direct communication across participants, using instead indirect communication over a decentralized storage system, effectively turning it into a partially asynchronous protocol. Moreover, we secure it...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1461" class="paperlink" href="/2022/1461">2022/1461</a> <span class="ms-2"><a href="/2022/1461.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-08-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ACORN: Input Validation for Secure Aggregation</strong> <div class="mt-1"><span class="fst-italic">James Bell, Adrià Gascón, Tancrède Lepoint, Baiyu Li, Sarah Meiklejohn, Mariana Raykova, Cathie Yun</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure aggregation enables a server to learn the sum of client-held vectors in a privacy-preserving way, and has been successfully applied to distributed statistical analysis and machine learning. In this paper, we both introduce a more efficient secure aggregation construction and extend secure aggregation by enabling input validation, in which the server can check that clients' inputs satisfy required constraints such as $L_0$, $L_2$, and $L_\infty$ bounds. This prevents malicious clients...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1271" class="paperlink" href="/2022/1271">2022/1271</a> <span class="ms-2"><a href="/2022/1271.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-04-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Privacy-preserving Federated Singular Value Decomposition</strong> <div class="mt-1"><span class="fst-italic">Bowen LIU, Balázs Pejó, Qiang TANG</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Modern Singular Value Decomposition (SVD) computation dates back to the 1960s when the basis for the eigensystem package and linear algebra package routines was created. Since then, SVD has gained attraction and been widely applied in various scenarios, such as recommendation systems and principal component analyses. Federated SVD has recently emerged, where different parties could collaboratively compute SVD without exchanging raw data. Besides its inherited privacy protection, noise...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1185" class="paperlink" href="/2022/1185">2022/1185</a> <span class="ms-2"><a href="/2022/1185.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-09-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PEA: Practical private epistasis analysis using MPC</strong> <div class="mt-1"><span class="fst-italic">Kay Hamacher, Tobias Kussel, Thomas Schneider, Oleksandr Tkachenko</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Due to the significant drop in prices for genome sequencing in the last decade, genome databases were constantly growing. This enabled genome analyses such as Genome-Wide Association Studies (GWAS) that study associations between a gene and a disease and allow to improve medical treatment. However, GWAS fails at the analysis of complex diseases caused by non-linear gene-gene interactions such as sporadic breast cancer or type 2 diabetes. Epistasis Analysis (EA) is a more powerful approach...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/1073" class="paperlink" href="/2022/1073">2022/1073</a> <span class="ms-2"><a href="/2022/1073.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-08-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fixing Issues and Achieving Maliciously Secure Verifiable Aggregation in ``VeriFL: Communication-Efficient and Fast Verifiable Aggregation for Federated Learning''</strong> <div class="mt-1"><span class="fst-italic">Xiaojie Guo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work addresses the security flaw in the original VeriFL protocol and proposes a patched protocol. The patched protocol is secure against any static malicious adversary with a certain threshold and only introduces moderate modifications to the original protocol.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/829" class="paperlink" href="/2022/829">2022/829</a> <span class="ms-2"><a href="/2022/829.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-06-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>TERSE: Tiny Encryptions and Really Speedy Execution for Post-Quantum Private Stream Aggregation</strong> <div class="mt-1"><span class="fst-italic">Jonathan Takeshita, Zachariah Carmichael, Ryan Karl, Taeho Jung</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The massive scale and performance demands of privacy-preserving data aggregation make integration of security and privacy difficult. Traditional tools in private computing are not well-suited to handle these challenges, especially for more limited client devices. Efficient primitives and protocols for secure and private data aggregation are a promising approach for private data analytics with resource-constrained devices. However, even such efficient primitives may be much slower than...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/784" class="paperlink" href="/2022/784">2022/784</a> <span class="ms-2"><a href="/2022/784.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-06-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fully Privacy-Preserving Federated Representation Learning via Secure Embedding Aggregation</strong> <div class="mt-1"><span class="fst-italic">Jiaxiang Tang, Jinbao Zhu, Songze Li, Kai Zhang, Lichao Sun</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We consider a federated representation learning framework, where with the assistance of a central server, a group of $N$ distributed clients train collaboratively over their private data, for the representations (or embeddings) of a set of entities (e.g., users in a social network). Under this framework, for the key step of aggregating local embeddings trained at the clients in a private manner, we develop a secure embedding aggregation protocol named SecEA, which provides...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/714" class="paperlink" href="/2022/714">2022/714</a> <span class="ms-2"><a href="/2022/714.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-31</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>MicroSecAgg: Streamlined Single-Server Secure Aggregation</strong> <div class="mt-1"><span class="fst-italic">Yue Guo, Antigoni Polychroniadou, Elaine Shi, David Byrd, Tucker Balch</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work introduces MicroSecAgg, a framework that addresses the intricacies of secure aggregation in the single-server landscape, specifically tailored to situations where distributed trust among multiple non-colluding servers presents challenges. Our protocols are purpose-built to handle situations featuring multiple successive aggregation phases among a dynamic pool of clients who can drop out during the aggregation. Our different protocols thrive in three distinct cases: firstly, secure...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/694" class="paperlink" href="/2022/694">2022/694</a> <span class="ms-2"><a href="/2022/694.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-09-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Squirrel: Efficient Synchronized Multi-Signatures from Lattices</strong> <div class="mt-1"><span class="fst-italic">Nils Fleischhacker, Mark Simkin, Zhenfei Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The focus of this work are multi-signatures schemes in the synchronized setting. A multi-signature scheme allows multiple signatures for the same message but from independent signers to be compressed into one short aggregated signature, which allows verifying all of the signatures simultaneously. In the synchronized setting, the signing algorithm takes the current time step as an additional input. It is assumed that no signer signs more than one message per time step and we aim to aggregate...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/680" class="paperlink" href="/2022/680">2022/680</a> <span class="ms-2"><a href="/2022/680.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-01-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Practical Delegatable Anonymous Credentials From Equivalence Class Signatures</strong> <div class="mt-1"><span class="fst-italic">Omid Mir, Daniel Slamanig, Balthazar Bauer, René Mayrhofer</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Anonymous credentials systems (ACs) are a powerful cryptographic tool for privacy-preserving applications and provide strong user privacy guarantees for authentication and access control. ACs allow users to prove possession of attributes encoded in a credential without revealing any information beyond them. A delegatable AC (DAC) system is an enhanced AC system that allows the owners of credentials to delegate the obtained credential to other users. This allows to model hierarchies as...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/390" class="paperlink" href="/2022/390">2022/390</a> <small class="ms-auto">Last updated: 2022-06-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>An Efficient and Robust Multidimensional Data Aggregation Scheme for Smart Grid Based on Blockchain</strong> <div class="mt-1"><span class="fst-italic">Lin You, Xinhua Zhang, Gengran Hu, Longbo Han</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In order to analyze real-time power data without revealing user's privacy, privacy-preserving data aggregation has been extensively researched in smart grid. However, most of the existing schemes either have too much computation overhead and cannot achieve dynamic users, or require a trusted center. In this paper, we propose an efficient and robust multidimensional data aggregation scheme based on blockchain. In our scheme, a leader election algorithm in Raft protocol is used to select a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/222" class="paperlink" href="/2022/222">2022/222</a> <span class="ms-2"><a href="/2022/222.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-02-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Half-Aggregation of Schnorr Signatures with Tight Reductions</strong> <div class="mt-1"><span class="fst-italic">Yanbo Chen, Yunlei Zhao</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">An aggregate signature (AS) scheme allows an unspecified aggregator to compress many signatures into a short aggregation. AS schemes can save storage costs and accelerate verification. They are desirable for applications where many signatures need to be stored, transferred, or verified together, like blockchain systems, network routing, e-voting, and certificate chains. However, constructing AS schemes based on general groups, only requiring the hardness of the discrete logarithm problem, is...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2022/018" class="paperlink" href="/2022/018">2022/018</a> <span class="ms-2"><a href="/2022/018.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-05-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Pairing-based Accountable Subgroup Multi-signatures with Verifiable Group Setup</strong> <div class="mt-1"><span class="fst-italic">Ahmet Ramazan Ağırtaş, Oğuz Yayla</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">An accountable subgroup multi-signature is a kind of multi-signature scheme in which any subgroup $\mathcal{S}$ of a group $\mathcal{G}$ of potential signers jointly sign a message $m$, ensuring that each member of $\mathcal{S}$ is accountable for the resulting signature. In this paper, we propose three novel pairing-based accountable subgroup multi-signature (ASM) schemes, which are secure against existential forgery under chosen-message attacks and computational co-Diffie-Hellman...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1490" class="paperlink" href="/2021/1490">2021/1490</a> <span class="ms-2"><a href="/2021/1490.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-05-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Precio: Private Aggregate Measurement via Oblivious Shuffling</strong> <div class="mt-1"><span class="fst-italic">F. Betül Durak, Chenkai Weng, Erik Anderson, Kim Laine, Melissa Chase</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We introduce Precio, a new secure aggregation method for computing layered histograms and sums over secret shared data in a client-server setting. Precio is motivated by ad conversion measurement scenarios, where online advertisers and ad networks want to measure the performance of ad campaigns without requiring privacy-invasive techniques, such as third-party cookies. Precio has linear (time and communication) complexity in the number of data points and guarantees differentially private...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1412" class="paperlink" href="/2021/1412">2021/1412</a> <span class="ms-2"><a href="/2021/1412.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-03-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A General Framework of Homomorphic Encryption for Multiple Parties with Non-Interactive Key-Aggregation</strong> <div class="mt-1"><span class="fst-italic">Hyesun Kwak, Dongwon Lee, Yongsoo Song, Sameer Wagh</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Homomorphic Encryption (HE) is a useful primitive for secure computation, but it is not generally applicable when multiple parties are involved, as the authority is solely concentrated in a single party, the secret key owner. To solve this issue, several variants of HE have emerged in the context of multiparty setting, resulting in two major lines of work -- Multi-Party HE (MPHE) and Multi-Key HE (MKHE). In short, MPHEs tend to be more efficient, but all parties should be specified at the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1370" class="paperlink" href="/2021/1370">2021/1370</a> <span class="ms-2"><a href="/2021/1370.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Masquerade: Verifiable Multi-Party Aggregation with Secure Multiplicative Commitments</strong> <div class="mt-1"><span class="fst-italic">Dimitris Mouris, Nektarios Georgios Tsoutsos</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In crowd-sourced data aggregation over the Internet, participants share their data points with curators. However, a lack of strong privacy guarantees may discourage participation, which motivates the need for privacy-preserving aggregation protocols. Moreover, existing solutions remain limited with respect to public auditing without revealing the participants' data. In realistic applications, however, there is an increasing need for public verifiability (i.e., verifying the protocol...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/1048" class="paperlink" href="/2021/1048">2021/1048</a> <span class="ms-2"><a href="/2021/1048.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-03-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Aggregating and thresholdizing hash-based signatures using STARKs</strong> <div class="mt-1"><span class="fst-italic">Irakliy Khaburzaniya, Konstantinos Chalkias, Kevin Lewi, Harjasleen Malvai</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work presents an approach for compressing hash-based signatures using STARKs (Ben-Sasson et. al.'18). We focus on constructing a hash-based t-of-n threshold signature scheme, as well as an aggregate signature scheme. In both constructions, an aggregator collects individual one-time hash-based signatures and outputs a STARK proof attesting that the signatures are valid and meet the required thresholds. This proof then serves the role of the aggregate or threshold signature. We...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/993" class="paperlink" href="/2021/993">2021/993</a> <span class="ms-2"><a href="/2021/993.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-07-28</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FLOD: Oblivious Defender for Private Byzantine-Robust Federated Learning with Dishonest-Majority</strong> <div class="mt-1"><span class="fst-italic">Ye Dong, Xiaojun Chen, Kaiyun Li, Dakui Wang, Shuai Zeng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">\textit{Privacy} and \textit{Byzantine-robustness} are two major concerns of federated learning (FL), but mitigating both threats simultaneously is highly challenging: privacy-preserving strategies prohibit access to individual model updates to avoid leakage, while Byzantine-robust methods require access for comprehensive mathematical analysis. Besides, most Byzantine-robust methods only work in the \textit{honest-majority} setting. We present $\mathsf{FLOD}$, a novel oblivious defender for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/771" class="paperlink" href="/2021/771">2021/771</a> <span class="ms-2"><a href="/2021/771.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-06-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Securing Secure Aggregation: Mitigating Multi-Round Privacy Leakage in Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Jinhyun So, Ramy E. Ali, Basak Guler, Jiantao Jiao, Salman Avestimehr</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure aggregation is a critical component in federated learning, which enables the server to learn the aggregate model of the users without observing their local models. Conventionally, secure aggregation algorithms focus only on ensuring the privacy of individual users in a single training round. We contend that such designs can lead to significant privacy leakages over multiple training rounds, due to partial user selection/participation at each round of federated learning. In fact, we...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/654" class="paperlink" href="/2021/654">2021/654</a> <span class="ms-2"><a href="/2021/654.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-05-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Non-Interactive, Secure Verifiable Aggregation for Decentralized, Privacy-Preserving Learning</strong> <div class="mt-1"><span class="fst-italic">Carlo Brunetta, Georgia Tsaloli, Bei Liang, Gustavo Banegas, Aikaterini Mitrokotsa</span></div> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose a novel primitive called NIVA that allows the distributed aggregation of multiple users' secret inputs by multiple untrusted servers. The returned aggregation result can be publicly verified in a non-interactive way, i.e. the users are not required to participate in the aggregation except for providing their secret inputs. NIVA allows the secure computation of the sum of a large amount of users' data and can be employed, for example, in the federated learning setting in order to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/631" class="paperlink" href="/2021/631">2021/631</a> <span class="ms-2"><a href="/2021/631.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-08-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SwapCT: Swap Confidential Transactions for Privacy-Preserving Multi-Token Exchanges</strong> <div class="mt-1"><span class="fst-italic">Felix Engelmann, Lukas Müller, Andreas Peter, Frank Kargl, Christoph Bösch</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Decentralized token exchanges allow for secure trading of tokens without a trusted third party. However, decentralization is mostly achieved at the expense of transaction privacy. For a fair exchange, transactions must remain private to hide the participants and volumes while maintaining the possibility for non-interactive execution of trades. In this paper we present a swap confidential transaction system (SwapCT) which is related to ring confidential transactions (e.g. used in Monero) but...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/567" class="paperlink" href="/2021/567">2021/567</a> <span class="ms-2"><a href="/2021/567.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-05-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Forward-secure Multi-user Aggregate Signatures based on zk-SNARKs</strong> <div class="mt-1"><span class="fst-italic">Jeonghyuk Lee, Jihye Kim, Hyunok Oh</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">As a solution to mitigate the key exposure problems in the digital signature, forward security has been proposed. The forward security guarantees the integrity of the messages generated in the past despite leaks of a current time period secret key by evolving a secret key on each time period. However, there is no forward secure signature scheme whose all metrics have constant complexities. Furthermore, existing works do not support multi-user aggregation of signatures. In this paper, we...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/473" class="paperlink" href="/2021/473">2021/473</a> <span class="ms-2"><a href="/2021/473.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-06-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptonomial: A Framework for Private Time-Series Polynomial Calculations</strong> <div class="mt-1"><span class="fst-italic">Ryan Karl, Jonathan Takeshita, Alamin Mohammed, Aaron Striegel, Taeho Jung</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In modern times, data collected from multi-user distributed applications must be analyzed on a massive scale to support critical business objectives. While analytics often requires the use of personal data, it may compromise user privacy expectations if this analysis is conducted over plaintext data. Private Stream Aggregation (PSA) allows for the aggregation of time-series data, while still providing strong privacy guarantees, and is significantly more efficient over a network than related...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/386" class="paperlink" href="/2021/386">2021/386</a> <span class="ms-2"><a href="/2021/386.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-03-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SAFELearn: Secure Aggregation for private FEderated Learning</strong> <div class="mt-1"><span class="fst-italic">Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Helen Möllering, Thien Duc Nguyen, Phillip Rieger, Ahmad Reza Sadeghi, Thomas Schneider, Hossein Yalame, Shaza Zeitouni</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated learning (FL) is an emerging distributed machine learning paradigm which addresses critical data privacy issues in machine learning by enabling clients, using an aggregation server (aggregator), to jointly train a global model without revealing their training data. Thereby, it improves not only privacy but is also efficient as it uses the computation power and data of potentially millions of clients for training in parallel. However, FL is vulnerable to so-called inference attacks...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/131" class="paperlink" href="/2021/131">2021/131</a> <span class="ms-2"><a href="/2021/131.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-02-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Privacy-Preserving Video Classification with Convolutional Neural Networks</strong> <div class="mt-1"><span class="fst-italic">Sikha Pentyala, Rafael Dowsley, Martine De Cock</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Many video classification applications require access to personal data, thereby posing an invasive security risk to the users' privacy. We propose a privacy-preserving implementation of single-frame method based video classification with convolutional neural networks that allows a party to infer a label from a video without necessitating the video owner to disclose their video to other entities in an unencrypted manner. Similarly, our approach removes the requirement of the classifier owner...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2021/025" class="paperlink" href="/2021/025">2021/025</a> <span class="ms-2"><a href="/2021/025.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-02-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FLAME: Taming Backdoors in Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, Thomas Schneider</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated Learning (FL) is a collaborative machine learning approach allowing participants to jointly train a model without having to share their private, potentially sensitive local datasets with others. Despite its benefits, FL is vulnerable to so-called backdoor attacks, in which an adversary injects manipulated model updates into the federated model aggregation process so that the resulting model will provide targeted false predictions for specific adversary-chosen inputs. Proposed...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1611" class="paperlink" href="/2020/1611">2020/1611</a> <span class="ms-2"><a href="/2020/1611.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2022-02-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SLAP: Simple Lattice-Based Private Stream Aggregation Protocol</strong> <div class="mt-1"><span class="fst-italic">Jonathan Takeshita, Ryan Karl, Ting Gong, Taeho Jung</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Private Stream Aggregation (PSA) protocols allow for the secure aggregation of time-series data, affording security and privacy to users' private data, with significantly better efficiency than general secure computation such as homomorphic encryption, multiparty computation, and secure hardware based approaches. Earlier PSA protocols face limitations including needless complexity, a lack of post-quantum security, or other practical issues. In this work, we present SLAP, a Simple...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1599" class="paperlink" href="/2020/1599">2020/1599</a> <span class="ms-2"><a href="/2020/1599.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-12-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Function Secret Sharing for PSI-CA: With Applications to Private Contact Tracing</strong> <div class="mt-1"><span class="fst-italic">Samuel Dittmer, Yuval Ishai, Steve Lu, Rafail Ostrovsky, Mohamed Elsabagh, Nikolaos Kiourtis, Brian Schulte, Angelos Stavrou</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work we describe a token-based solution to Contact Tracing via Distributed Point Functions (DPF) and, more generally, Function Secret Sharing (FSS). The key idea behind the solution is that FSS natively supports secure keyword search on raw sets of keywords without a need for processing the keyword sets via a data structure for set membership. Furthermore, the FSS functionality enables adding up numerical payloads associated with multiple matches without additional interaction. These...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1561" class="paperlink" href="/2020/1561">2020/1561</a> <span class="ms-2"><a href="/2020/1561.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2021-12-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptonite: A Framework for Flexible Time-Series Secure Aggregation with Online Fault Tolerance</strong> <div class="mt-1"><span class="fst-italic">Ryan Karl, Jonathan Takeshita, Nirajan Koirla, Taeho Jung</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Private stream aggregation (PSA) allows an untrusted data aggregator to compute statistics over a set of multiple participants' data while ensuring the data remains private. Existing works rely on a trusted third party to enable an aggregator to achieve fault tolerance, that requires interactive recovery, but in the real world this may not be practical or secure. We develop a new formal framework for PSA that accounts for user faults, and can support non-interactive recovery, while still...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1261" class="paperlink" href="/2020/1261">2020/1261</a> <span class="ms-2"><a href="/2020/1261.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2023-10-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>MuSig2: Simple Two-Round Schnorr Multi-Signatures</strong> <div class="mt-1"><span class="fst-italic">Jonas Nick, Tim Ruffing, Yannick Seurin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Multi-signatures enable a group of signers to produce a joint signature on a joint message. Recently, Drijvers et al. (S&P'19) showed that all thus far proposed two-round multi-signature schemes in the pure DL setting (without pairings) are insecure under concurrent signing sessions. While Drijvers et al. proposed a secure two-round scheme, this efficiency in terms of rounds comes with the price of having signatures that are more than twice as large as Schnorr signatures, which are becoming...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1172" class="paperlink" href="/2020/1172">2020/1172</a> <span class="ms-2"><a href="/2020/1172.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-09-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptanalysis of a round optimal lattice-based multisignature scheme</strong> <div class="mt-1"><span class="fst-italic">Zi-Yuan Liu, Yi-Fan Tseng, Raylin Tso</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Kansal and Dutta recently proposed a multisignature scheme at AFRICACRYPT 2020. This is the first lattice-based multisignature scheme that generates a multisignature in only a single round of interaction and supports public key aggregation. In this letter, we provide a cryptanalysis of this multisignature scheme and demonstrate that the scheme does not satisfy unforgeability requirements. We present an attack strategy to demonstrate that if an adversary obtains a sufficient number of...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/1057" class="paperlink" href="/2020/1057">2020/1057</a> <span class="ms-2"><a href="/2020/1057.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-10-15</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>MuSig-DN: Schnorr Multi-Signatures with Verifiably Deterministic Nonces</strong> <div class="mt-1"><span class="fst-italic">Jonas Nick, Tim Ruffing, Yannick Seurin, Pieter Wuille</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">MuSig is a multi-signature scheme for Schnorr signatures, which supports key aggregation and is secure in the plain public key model. Standard derandomization techniques for discrete logarithm-based signatures such as RFC 6979, which make the signing procedure immune to catastrophic failures in the randomness generation, are not applicable to multi-signatures as an attacker could trick an honest user into producing two different partial signatures with the same randomness, which would reveal...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/806" class="paperlink" href="/2020/806">2020/806</a> <span class="ms-2"><a href="/2020/806.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-06-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Toward Comparable Homomorphic Encryption for Crowd-sensing Network</strong> <div class="mt-1"><span class="fst-italic">Daxin Huang, Qingqing Gan, Xiaoming Wang, Chengpeng Huang, Yijian Lin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">As a popular paradigm, crowd-sensing network emerges to achieve sensory data collection and task allocation to mobile users. On one hand these sensory data could be private and sensitive, and on the other hand, data transmission separately could incur heavy communication overhead. Fortunately, the technique of homomorphic encryption (HE) allows the addictive and/or multiplicative operations over the encrypted data as well as privacy protection. Therefore, several data aggregation schemes...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/796" class="paperlink" href="/2020/796">2020/796</a> <span class="ms-2"><a href="/2020/796.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-12-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Generalization of Paillier's Public-Key System With Fast Decryption</strong> <div class="mt-1"><span class="fst-italic">Ying Guo, Zhenfu Cao, Xiaolei Dong</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PUBLICKEY">Public-key cryptography</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Paillier's scheme is a homomorphic public key encryption scheme which is widely used in practical. For instance, Paillier's scheme can be used in the data aggregation in smart grid. Damg$\mathring{a}$rd and Jurik generalized Paillier's scheme to reduce the ciphertext expansion factor. However, the decryption scheme of Damg$\mathring{a}$rd and Jurik's scheme is more complicated than Paillier's original scheme. In this paper, we propose a new generalization of Paillier's scheme and all the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/704" class="paperlink" href="/2020/704">2020/704</a> <span class="ms-2"><a href="/2020/704.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-11-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Secure Single-Server Aggregation with (Poly)Logarithmic Overhead</strong> <div class="mt-1"><span class="fst-italic">James Bell, K. A. Bonawitz, Adrià Gascón, Tancrède Lepoint, Mariana Raykova</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure aggregation is a cryptographic primitive that enables a server to learn the sum of the vector inputs of many clients. Bonawitz et al. (CCS 2017) presented a construction that incurs computation and communication for each client linear in the number of parties. While this functionality enables a broad range of privacy preserving computational tasks, scaling concerns limit its scope of use. We present the first constructions for secure aggregation that achieve polylogarithmic...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2020/167" class="paperlink" href="/2020/167">2020/167</a> <span class="ms-2"><a href="/2020/167.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2020-05-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Turbo-Aggregate: Breaking the Quadratic Aggregation Barrier in Secure Federated Learning</strong> <div class="mt-1"><span class="fst-italic">Jinhyun So, Basak Guler, A. Salman Avestimehr</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated learning is gaining significant interests as it enables model training over a large volume of data that is distributedly stored over many users, while protecting the privacy of the individual users. However, a major bottleneck in scaling federated learning to a large number of users is the overhead of secure model aggregation across many users. In fact, the overhead of state-of-the-art protocols for secure model aggregation grows quadratically with the number of users. We propose a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/979" class="paperlink" href="/2019/979">2019/979</a> <span class="ms-2"><a href="/2019/979.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-08-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PrivFL: Practical Privacy-preserving Federated Regressions on High-dimensional Data over Mobile Networks</strong> <div class="mt-1"><span class="fst-italic">Kalikinkar Mandal, Guang Gong</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Federated Learning (FL) enables a large number of users to jointly learn a shared machine learning (ML) model, coordinated by a centralized server, where the data is distributed across multiple devices. This approach enables the server or users to train and learn an ML model using gradient descent, while keeping all the training data on users' devices. We consider training an ML model over a mobile network where user dropout is a common phenomenon. Although federated learning was aimed at...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/771" class="paperlink" href="/2019/771">2019/771</a> <span class="ms-2"><a href="/2019/771.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-07-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>DDH-based Multisignatures with Public Key Aggregation</strong> <div class="mt-1"><span class="fst-italic">Duc-Phong Le, Guomin Yang, Ali Ghorbani</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-PROTOCOLS">Cryptographic protocols</small> </div> </div> <p class="mb-0 mt-1 search-abstract">A multisignature scheme allows a group of signers to produce a joint signature on a common message, which is more compact than a collection of distinct signatures from all signers. Given this signature and the list of signers' public keys, a verifier is able to check if every signer in the group participated in signing. Recently, a multisignature scheme with public key aggregation has drawn a lot of attention due to their applications into the blockchain technology. Such multisignatures...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2019/734" class="paperlink" href="/2019/734">2019/734</a> <span class="ms-2"><a href="/2019/734.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2019-06-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>From Usability to Secure Computing and Back Again</strong> <div class="mt-1"><span class="fst-italic">Lucy Qin, Andrei Lapets, Frederick Jansen, Peter Flockhart, Kinan Dak Albab, Ira Globus-Harris, Shannon Roberts, Mayank Varia</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-APPLICATIONS">Applications</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure multi-party computation (MPC) allows multiple parties to jointly compute the output of a function while preserving the privacy of any individual party's inputs to that function. As MPC protocols transition from research prototypes to real-world applications, the usability of MPC-enabled applications is increasingly critical to their successful deployment and wide adoption. Our Web-MPC platform, designed with a focus on usability, has been deployed for privacy-preserving data...</p> </div> </div> <div class="w-75 mx-auto"> <ul class="pagination mt-5 mb-5"> <li class="page-item active"><span class="page-link">1</span></li> <li class="page-item"><a rel="nofollow" class="page-link" href="/search?q=Secure+Aggregation&offset=100">2</a></li> <li class="page-item"> <a rel="nofollow" class="page-link" href="/search?q=Secure+Aggregation&offset=100">Next »</a> </li> </ul> </div> </div> </div> </div> <script> document.getElementById('clearButton').addEventListener('click', function(ev) { document.querySelectorAll('input').forEach(el => { el.value = ''; }); document.getElementById('category').selectedIndex = "0"; }); function validateForm() { // check that dates are compatible. let submittedAfter = document.getElementById('submittedafter'); let submittedBefore = document.getElementById('submittedbefore'); let revisedAfter = document.getElementById('revisedafter'); let revisedBefore = document.getElementById('revisedbefore'); if (submittedAfter.value && submittedBefore.value && submittedAfter.value > submittedBefore.value) { submittedAfter.classList.add('is-invalid'); submittedBefore.classList.add('is-invalid'); return false; } if (revisedAfter.value && revisedBefore.value && revisedAfter.value > revisedBefore.value) { revisedAfter.classList.add('is-invalid'); revisedBefore.classList.add('is-invalid'); return false; } if (revisedBefore.value && submittedAfter.value && revisedBefore.value < submittedAfter.value) { revisedBefore.classList.add('is-invalid'); submittedAfter.classList.add('is-invalid'); return false; } return true; } </script> <script src="/js/mark.min.js"></script> <script> var instance = new Mark("div.results"); let urlParams = new URLSearchParams(window.location.search); if (urlParams.get('q')) { instance.mark(urlParams.get('q')); } if (urlParams.get('title')) { instance.mark(urlParams.get('title')); } if (urlParams.get('authors')) { instance.mark(urlParams.get('authors')); } </script>  </main> <div class="container-fluid mt-auto" id="eprintFooter"> <a href="https://iacr.org/"> <img id="iacrlogo" src="/img/iacrlogo_small.png" class="img-fluid d-block mx-auto" alt="IACR Logo"> </a> <div class="colorDiv"></div> <div class="alert alert-success w-75 mx-auto"> Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content. </div> </div> <script src="/css/bootstrap/js/bootstrap.bundle.min.js"></script> <script> var topNavbar = document.getElementById('topNavbar'); if (topNavbar) { document.addEventListener('scroll', function(e) { if (window.scrollY > 100) { topNavbar.classList.add('scrolled'); } else { topNavbar.classList.remove('scrolled'); } }) } </script> </body> </html>

CINXE.COM

Search results