Apple recently introduced “Private Cloud Compute” as their privacy-preserving solution for cloud processing of compute-intensive AI prompts. Users can now summarize texts, generate emojis and images, and profit from prioritized notifications. The goal of Private Cloud Compute is to implement all these features in the cloud with the same level of privacy as local on-device processing. Apple has openly encouraged security researchers to validate their lofty security promises.
In this talk we will focus on the custom authentication protocol of the PCC system. The authentication protocol aims to provide privacy-preserving yet restricted access control to the Apple service, and is build from blind signatures. This small crash course into cryptographic authentication and modeling will give you a gentle introduction into the theoretical side of security (and answer the question what games have to do with cryptography!).
Finally, we will present our modelling of the security and privacy goals that Apple set out for themselves, and discuss whether the current authentication system fulfills these properties.
Presentation: https://www.youtube.com/live/ch1l45uKcAs?si=UwAsZgD5P5w4dR85&t=7591