[Moodle] [CAS Campus]

Prof. Anja Lehmann,Karla Friedrichs, Cordian Daniluk

Requirements

• The lecture requires successful participation in the lecture (Introduction to) Cryptography, or a similar course.

Description

The lecture deals with advanced methods and protocols of cryptography, such as secret sharing and zero-knowledge proofs. A central topic will be the security goal of privacy/data protection, and the lecture will give an overview of how the presented cryptographic methods can be used for privacy-preserving protocols.

Lecture Content

• (Partially) Homomorphic Encryption
• Secret Sharing & Threshold Crypto
• Advanced Signatures: Threshold / Multi / Blind Signatures
• Zero-knowledge Proofs (Theory & Applications)
• Multi-Party Computation (Yao's Garbled Circuits, Private Set Intersection, ...)

For cybersecurity students: Please do not confuse the lecture Advanced Cryptography with the compulsory module Advanced Cryptography. The compulsory module consists of the lecture (Introduction to) Cryptography.

[Moodle] [CAS Campus]

Prof. Anja Lehmann, Dennis Dayanikli

Requirements

• Basic knowledge of cryptography and provable security (Cryptography course at HPI or equivalent)
• Interest in algebra/number theory

Description

Traditional cryptographic schemes based on RSA and discrete logarithms will become insecure when powerful quantum computers exist. To address this challenge, new quantum-safe alternatives have been developed and scrutinized through an open Post-Quantum Cryptography (PQC) competition. As a result, NIST standardized two lattice-based schemes: Kyber (ML-KEM) for encryption and Dilithium (ML-DSA) for signatures.

In this lecture, we will study these new lattice-based encryption and signatures schemes, and the mathematical foundations of lattice-based cryptography that are necessary to understand and reason about the security of these new schemes.

Lecture Content

The lecture will be based on the tutorial Basic Lattice Cryptography by Vadim Lyubashevsky (https://eprint.iacr.org/2024/1287.pdf). 

We will cover topics such as: Lattices and their associated hard problems (LWE, SIS, SVP, CVP), polynomial rings, the FO-transform, LLL, the Fiat-Shamir transform, NTT, Kyber, Dilithium.

[Poster]

Prof. Anja Lehmann, Dr.-Ing. Jiska Classen

Background

We recommend a background in cryptography and/or applied security research including reverse engineering. These topics are part of the lectures Cryptography and Mobile Security. 

Description

Modern Artificial Intelligence (AI) applications exhaust resources on mobile devices, such as smartphones and laptops. Thus, AI tasks are oftentimes performed on external servers, highly improving performance and providing users with seamless feedback to their queries. This is problematic from a privacy standpoint, as user prompts may include data that should never leave their local device – such as sensitive photos or patentable ideas. Apple came up with a solution to this problem, called Private Cloud Compute (PCC). While user data is processed on a cloud instance, Apple promises to handle cloud data privately. Prompts and responses are end-to-end encrypted between a user’s device and the specific cloud node that processes the user’s data. The node only runs Apple’s trustworthy software that lacks any interface to extract user data from a node while it is being processed, and data is deleted directly after a cloud compute task finishes. Privacy by promise can be problematic, unless these promises can be verified. Apple added transparency with their new PCC Vulnerability Research Environment (VRE), which allows security researchers to reproduce the same environment and analyze it for security issues. Along with the PCC VRE, Apple open-sourced critical software components for review by experts and introduced a new PCC-specific bug bounty program. After getting familiar with the basic security properties provided by Apple’s PCC, your research can go into different directions. Depending on your team’s knowledge, you can choose some of the following tasks. 

We offer

• a supportive work environment.
• To get you started, we’ll give you a brief introduction into Apple’s PCC VRE (Vulnerability Research Environment).
• During the project, there’ll be weekly meetings.
• Your group will be provided with a recent Mac that supports running the PCC VRE.

Possible Tasks

• Analyze the cryptographic properties of the protocols used to attestate the cloud node’s software state, pose end-to-end encrypted queries, and verifying the transparency log.
• Fuzz for security issues in the parsing logic of user requests, which could lead to bypassing user separation within one PCC node or running unintended code.
• Look for potential interfaces that would allow attackers with physical access to modify software on the machine or extract user data.

References

• https://security.apple.com/blog/private-cloud-compute/
• https://security.apple.com/blog/pcc-security-research/
• https://security.apple.com/documentation/private-cloud-compute/