Position within the page tree

Start
Institute
Team
Reisert, Pascal

Pascal Reisert

Dr.

Postdoc
Institute of Information Security

Contact

+49 711 685 61647
Email

Universitaetsstraße 38
70569 Stuttgart
Germany
Room: 2.454

Office Hours

According to prior agreement. Please contact me by e-mail or use the office hours of the corresponding lectures.

Subject

Mathematics, Cryptography, Information Security, (Physics)

Publications

2024
1. Pascal Reisert, Marc Rivinius, Toomas Krips, Sebastian Hasler, and Ralf Küsters, “Actively Secure Polynomial Evaluation from Shared Polynomial Encodings,” in Advances in Cryptology - ASIACRYPT 2024, 2024. To appear.
  - Abstract
  - BibTeX
  Abstract
  Many of the currently best actively secure Multi-Party Computation (MPC) protocols like SPDZ (Damgård et al., CRYPTO 2012) and improvements thereof use correlated randomness to speed up the time-critical online phase. Although many of these protocols still rely on classical Beaver triples, recent results show that more complex correlations like matrix or convolution triples lead to more efficient evaluations of the corresponding operations, i.e. matrix multiplications or tensor convolutions. In this paper, we address the evaluation of multivariate polynomials with a new form of randomness: polytuples. We use the polytuples to construct a new family of randomized encodings which then allow us to evaluate the given multivariate polynomial. Our approach can be fine-tuned in various ways to the constraints of applications at hand, in terms of round complexity, bandwidth, and tuple size. We show that for many real-world setups, a polytuples-based online phase outperforms state-of-the-art protocols based on Beaver triples.
  BibTeX
  @inproceedings{ReisertRiviniusKripsHaslerKuesters-ASIACRYPT-2024, abstract = {Many of the currently best actively secure Multi-Party Computation (MPC) protocols like SPDZ (Damgård et al., CRYPTO 2012) and improvements thereof use correlated randomness to speed up the time-critical online phase. Although many of these protocols still rely on classical Beaver triples, recent results show that more complex correlations like matrix or convolution triples lead to more efficient evaluations of the corresponding operations, i.e. matrix multiplications or tensor convolutions. In this paper, we address the evaluation of multivariate polynomials with a new form of randomness: polytuples. We use the polytuples to construct a new family of randomized encodings which then allow us to evaluate the given multivariate polynomial. Our approach can be fine-tuned in various ways to the constraints of applications at hand, in terms of round complexity, bandwidth, and tuple size. We show that for many real-world setups, a polytuples-based online phase outperforms state-of-the-art protocols based on Beaver triples.}, author = {Reisert, Pascal and Rivinius, Marc and Krips, Toomas and Hasler, Sebastian and K{\"{u}}sters, Ralf}, booktitle = {{Advances in Cryptology - ASIACRYPT 2024}}, note = {To appear.}, publisher = {Springer}, title = {{Actively Secure Polynomial Evaluation from Shared Polynomial Encodings}}, year = 2024 }
2. Pascal Reisert, Marc Rivinius, Toomas Krips, Sebastian Hasler, and Ralf Küsters, “Actively Secure Polynomial Evaluation from Shared Polynomial Encodings,” Cryptology ePrint Archive, Technical Report 2024/1435, 2024.
  Abstract
  Many of the currently best actively secure Multi-Party Computation (MPC) protocols like SPDZ (Damgård et al., CRYPTO 2012) and improvements thereof use correlated randomness to speed up the time-critical online phase. Although many of these protocols still rely on classical Beaver triples, recent results show that more complex correlations like matrix or convolution triples lead to more efficient evaluations of the corresponding operations, i.e. matrix multiplications or tensor convolutions. In this paper, we address the evaluation of multivariate polynomials with a new form of randomness: polytuples. We use the polytuples to construct a new family of randomized encodings which then allow us to evaluate the given multivariate polynomial. Our approach can be fine-tuned in various ways to the constraints of applications at hand, in terms of round complexity, bandwidth, and tuple size. We show that for many real-world setups, a polytuples-based online phase outperforms state-of-the-art protocols based on Beaver triples.
  BibTeX
  @techreport{ReisertRiviniusKripsHaslerKuesters-IACR-2024-1435, abstract = {Many of the currently best actively secure Multi-Party Computation (MPC) protocols like SPDZ (Damgård et al., CRYPTO 2012) and improvements thereof use correlated randomness to speed up the time-critical online phase. Although many of these protocols still rely on classical Beaver triples, recent results show that more complex correlations like matrix or convolution triples lead to more efficient evaluations of the corresponding operations, i.e. matrix multiplications or tensor convolutions. In this paper, we address the evaluation of multivariate polynomials with a new form of randomness: polytuples. We use the polytuples to construct a new family of randomized encodings which then allow us to evaluate the given multivariate polynomial. Our approach can be fine-tuned in various ways to the constraints of applications at hand, in terms of round complexity, bandwidth, and tuple size. We show that for many real-world setups, a polytuples-based online phase outperforms state-of-the-art protocols based on Beaver triples.}, author = {Reisert, Pascal and Rivinius, Marc and Krips, Toomas and Hasler, Sebastian and K{\"{u}}sters, Ralf}, institution = {Cryptology ePrint Archive}, number = {2024/1435}, title = {{Actively Secure Polynomial Evaluation from Shared Polynomial Encodings}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/reisertriviniuskripshaslerkuesters-iacr-2024-1435.pdf}, year = 2024 }
  Link
  https://publ.sec.uni-stuttgart.de/reisertriviniuskripshaslerkuesters-iacr-2024-1435.pdf
3. Mayar Elfares, Pascal Reisert, Zhiming Hu, Wenwu Tang, Ralf Küsters, and Andreas Bulling, “PrivatEyes: Appearance-based Gaze Estimation Using Federated Secure Multi-Party Computation,” Proc. ACM Hum.-Comput. Interact., vol. 8, no. ETRA, pp. 1--23, May 2024.
  Abstract
  Latest gaze estimation methods require large-scale training data but their collection and exchange pose significant privacy risks. We propose PrivatEyes - the first privacy-enhancing training approach for appearance-based gaze estimation based on federated learning (FL) and secure multi-party computation (MPC). PrivatEyes enables training gaze estimators on multiple local datasets across different users and server-based secure aggregation of the individual estimators' updates. PrivatEyes guarantees that individual gaze data remains private even if a majority of the aggregating servers is malicious. We also introduce a new data leakage attack DualView that shows that PrivatEyes limits the leakage of private training data more effectively than previous approaches. Evaluations on the MPIIGaze, MPIIFaceGaze, GazeCapture, and NVGaze datasets further show that the improved privacy does not lead to a lower gaze estimation accuracy or substantially higher computational costs - both of which are on par with its non-secure counterparts.
  BibTeX
  @article{ElfaresReisertHuTangKuestersBulling-ETRA-2024, abstract = {Latest gaze estimation methods require large-scale training data but their collection and exchange pose significant privacy risks. We propose PrivatEyes - the first privacy-enhancing training approach for appearance-based gaze estimation based on federated learning (FL) and secure multi-party computation (MPC). PrivatEyes enables training gaze estimators on multiple local datasets across different users and server-based secure aggregation of the individual estimators' updates. PrivatEyes guarantees that individual gaze data remains private even if a majority of the aggregating servers is malicious. We also introduce a new data leakage attack DualView that shows that PrivatEyes limits the leakage of private training data more effectively than previous approaches. Evaluations on the MPIIGaze, MPIIFaceGaze, GazeCapture, and NVGaze datasets further show that the improved privacy does not lead to a lower gaze estimation accuracy or substantially higher computational costs - both of which are on par with its non-secure counterparts.}, address = {New York, NY, USA}, author = {Elfares, Mayar and Reisert, Pascal and Hu, Zhiming and Tang, Wenwu and K{\"u}sters, Ralf and Bulling, Andreas}, doi = {10.1145/3655606}, journal = {{Proc. ACM Hum.-Comput. Interact.}}, month = {5}, number = {ETRA}, pages = {1--23}, publisher = {Association for Computing Machinery}, title = {{PrivatEyes: Appearance-based Gaze Estimation Using Federated Secure Multi-Party Computation}}, url = {https://doi.org/10.1145/3655606}, volume = 8, year = 2024 }
  Link
  https://doi.org/10.1145/3655606
4. Mayar Elfares, Pascal Reisert, Zhiming Hu, Wenwu Tang, Ralf Küsters, and Andreas Bulling, “PrivatEyes: Appearance-based Gaze Estimation Using Federated Secure Multi-Party Computation,” arXiv, Technical Report 2402.18970, 2024.
  Abstract
  Latest gaze estimation methods require large-scale training data but their collection and exchange pose significant privacy risks. We propose PrivatEyes - the first privacy-enhancing training approach for appearance-based gaze estimation based on federated learning (FL) and secure multi-party computation (MPC). PrivatEyes enables training gaze estimators on multiple local datasets across different users and server-based secure aggregation of the individual estimators' updates. PrivatEyes guarantees that individual gaze data remains private even if a majority of the aggregating servers is malicious. We also introduce a new data leakage attack DualView that shows that PrivatEyes limits the leakage of private training data more effectively than previous approaches. Evaluations on the MPIIGaze, MPIIFaceGaze, GazeCapture, and NVGaze datasets further show that the improved privacy does not lead to a lower gaze estimation accuracy or substantially higher computational costs - both of which are on par with its non-secure counterparts.
  BibTeX
  @techreport{ElfaresReisertHuTangKuestersBulling-arXiV-2024, abstract = {Latest gaze estimation methods require large-scale training data but their collection and exchange pose significant privacy risks. We propose PrivatEyes - the first privacy-enhancing training approach for appearance-based gaze estimation based on federated learning (FL) and secure multi-party computation (MPC). PrivatEyes enables training gaze estimators on multiple local datasets across different users and server-based secure aggregation of the individual estimators' updates. PrivatEyes guarantees that individual gaze data remains private even if a majority of the aggregating servers is malicious. We also introduce a new data leakage attack DualView that shows that PrivatEyes limits the leakage of private training data more effectively than previous approaches. Evaluations on the MPIIGaze, MPIIFaceGaze, GazeCapture, and NVGaze datasets further show that the improved privacy does not lead to a lower gaze estimation accuracy or substantially higher computational costs - both of which are on par with its non-secure counterparts.}, author = {Elfares, Mayar and Reisert, Pascal and Hu, Zhiming and Tang, Wenwu and K{\"{u}}sters, Ralf and Bulling, Andreas}, institution = {arXiv}, number = {2402.18970}, title = {{PrivatEyes: Appearance-based Gaze Estimation Using Federated Secure Multi-Party Computation}}, type = {Technical Report}, url = {https://arxiv.org/abs/2402.18970}, year = 2024 }
  Link
  https://arxiv.org/abs/2402.18970
5. Sebastian Hasler, Pascal Reisert, Marc Rivinius, and Ralf Küsters, “Multipars: Reduced-Communication MPC over Z2k,” Proceedings on Privacy Enhancing Technologies, no. 2, pp. 5--28, 2024.
  Abstract
  In recent years, actively secure SPDZ-like protocols for dishonest majority, like SPDZ2k, Overdrive2k, and MHz2k, over base rings Z2k have become more and more efficient. In this paper, we present a new actively secure MPC protocol Multipars that outperforms these state-of-the-art protocols over Z2k by more than a factor of 2 in the two-party setup in terms of communication. Multipars is the first actively secure N-party protocol over Z2k that is based on linear homomorphic encryption (LHE) in the offline phase (instead of oblivious transfer or somewhat homomorphic encryption in previous works). The strong performance of Multipars relies on a new adaptive packing for BGV ciphertexts that allows us to reduce the parameter size of the encryption scheme and the overall communication cost. Additionally, we use modulus switching for further size reduction, a new type of enhanced CPA security over Z2k, a truncation protocol for Beaver triples, and a new LHE-based offline protocol without sacrificing over Z2k. We have implemented Multipars and therewith provide the fastest preprocessing phase over Z2k. Our evaluation shows that Multipars offers at least a factor of 8 lower communication costs and up to a factor of 10.2 faster runtime in the WAN setting compared to the currently best available MPC implementation over Z2k.
  BibTeX
  @article{HaslerReisertRiviniusKuesters-PoPETs-2024, abstract = {In recent years, actively secure SPDZ-like protocols for dishonest majority, like SPDZ2k, Overdrive2k, and MHz2k, over base rings Z2k have become more and more efficient. In this paper, we present a new actively secure MPC protocol Multipars that outperforms these state-of-the-art protocols over Z2k by more than a factor of 2 in the two-party setup in terms of communication. Multipars is the first actively secure N-party protocol over Z2k that is based on linear homomorphic encryption (LHE) in the offline phase (instead of oblivious transfer or somewhat homomorphic encryption in previous works). The strong performance of Multipars relies on a new adaptive packing for BGV ciphertexts that allows us to reduce the parameter size of the encryption scheme and the overall communication cost. Additionally, we use modulus switching for further size reduction, a new type of enhanced CPA security over Z2k, a truncation protocol for Beaver triples, and a new LHE-based offline protocol without sacrificing over Z2k. We have implemented Multipars and therewith provide the fastest preprocessing phase over Z2k. Our evaluation shows that Multipars offers at least a factor of 8 lower communication costs and up to a factor of 10.2 faster runtime in the WAN setting compared to the currently best available MPC implementation over Z2k.}, author = {Hasler, Sebastian and Reisert, Pascal and Rivinius, Marc and K{\"{u}}sters, Ralf}, doi = {10.56553/popets-2024-0038}, journal = {{Proceedings on Privacy Enhancing Technologies}}, number = 2, pages = {5--28}, title = {{Multipars: Reduced-Communication MPC over Z2k}}, url = {https://publ.sec.uni-stuttgart.de/haslerreisertriviniuskuesters-popets-2024.pdf}, year = 2024 }
  Link
  https://publ.sec.uni-stuttgart.de/haslerreisertriviniuskuesters-popets-2024.pdf
2023
1. Sebastian Hasler, Pascal Reisert, Marc Rivinius, and Ralf Küsters, “Multipars: Reduced-Communication MPC over Z2k,” Cryptology ePrint Archive, Technical Report 2023/1932, 2023.
  Abstract
  In recent years, actively secure SPDZ-like protocols for dishonest majority, like SPDZ2k, Overdrive2k, and MHz2k, over base rings Z2k have become more and more efficient. In this paper, we present a new actively secure MPC protocol Multipars that outperforms these state-of-the-art protocols over Z2k by more than a factor of 2 in the two-party setup in terms of communication. Multipars is the first actively secure N-party protocol over Z2k that is based on linear homomorphic encryption (LHE) in the offline phase (instead of oblivious transfer or somewhat homomorphic encryption in previous works). The strong performance of Multipars relies on a new adaptive packing for BGV ciphertexts that allows us to reduce the parameter size of the encryption scheme and the overall communication cost. Additionally, we use modulus switching for further size reduction, a new type of enhanced CPA security over Z2k, a truncation protocol for Beaver triples, and a new LHE-based offline protocol without sacrificing over Z2k. We have implemented Multipars and therewith provide the fastest preprocessing phase over Z2k. Our evaluation shows that Multipars offers at least a factor of 8 lower communication costs and up to a factor of 10.2 faster runtime in the WAN setting compared to the currently best available MPC implementation over Z2k.
  BibTeX
  @techreport{HaslerReisertRiviniusKuesters-IACR-2023-1932, abstract = {In recent years, actively secure SPDZ-like protocols for dishonest majority, like SPDZ2k, Overdrive2k, and MHz2k, over base rings Z2k have become more and more efficient. In this paper, we present a new actively secure MPC protocol Multipars that outperforms these state-of-the-art protocols over Z2k by more than a factor of 2 in the two-party setup in terms of communication. Multipars is the first actively secure N-party protocol over Z2k that is based on linear homomorphic encryption (LHE) in the offline phase (instead of oblivious transfer or somewhat homomorphic encryption in previous works). The strong performance of Multipars relies on a new adaptive packing for BGV ciphertexts that allows us to reduce the parameter size of the encryption scheme and the overall communication cost. Additionally, we use modulus switching for further size reduction, a new type of enhanced CPA security over Z2k, a truncation protocol for Beaver triples, and a new LHE-based offline protocol without sacrificing over Z2k. We have implemented Multipars and therewith provide the fastest preprocessing phase over Z2k. Our evaluation shows that Multipars offers at least a factor of 8 lower communication costs and up to a factor of 10.2 faster runtime in the WAN setting compared to the currently best available MPC implementation over Z2k.}, author = {Hasler, Sebastian and Reisert, Pascal and Rivinius, Marc and K{\"{u}}sters, Ralf}, institution = {Cryptology ePrint Archive}, number = {2023/1932}, title = {{Multipars: Reduced-Communication MPC over Z2k}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/haslerreisertriviniuskuesters-iacr-2023-1932.pdf}, year = 2023 }
  Link
  https://publ.sec.uni-stuttgart.de/haslerreisertriviniuskuesters-iacr-2023-1932.pdf
2. David Mestel, Johannes Müller, and Pascal Reisert, “How Efficient Are Replay Attacks Against Vote Privacy? A Formal Quantitative Analysis (Extended Version),” Journal of Computer Security, pp. 1--47, 2023. This paper is an extended and revised version of a paper presented at CSF’22.
  Abstract
  Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.
  BibTeX
  @article{MestelMuellerReisert-JCS-2023, abstract = {Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.}, author = {Mestel, David and M{\"u}ller, Johannes and Reisert, Pascal}, doi = {10.3233/JCS-230047}, journal = {{Journal of Computer Security}}, note = {This paper is an extended and revised version of a paper presented at CSF'22.}, pages = {1--47}, publisher = {IOS Press}, title = {{How Efficient Are Replay Attacks Against Vote Privacy? A Formal Quantitative Analysis (Extended Version)}}, url = {https://publ.sec.uni-stuttgart.de/mestelmuellerreisert-jcs-2023.pdf}, year = 2023 }
  Link
  https://publ.sec.uni-stuttgart.de/mestelmuellerreisert-jcs-2023.pdf
3. Marc Rivinius, Pascal Reisert, Sebastian Hasler, and Ralf Küsters, “Convolutions in Overdrive: Maliciously Secure Convolutions for MPC,” Proceedings on Privacy Enhancing Technologies, vol. 2023, no. 3, pp. 321--353, 2023. Runner-Up for the PETS 2023 Best Student Paper Award.
  Abstract
  Machine learning (ML) has seen a strong rise in popularity in recent years and has become an essential tool for research and industrial applications. Given the large amount of high quality data needed and the often sensitive nature of ML data, privacy-preserving collaborative ML is of increasing importance. In this paper, we introduce new actively secure multiparty computation (MPC) protocols which are specially optimized for privacy-preserving machine learning applications. We concentrate on the optimization of (tensor) convolutions which belong to the most commonly used components in ML architectures, especially in convolutional neural networks but also in recurrent neural networks or transformers, and therefore have a major impact on the overall performance. Our approach is based on a generalized form of structured randomness that speeds up convolutions in a fast online phase. The structured randomness is generated with homomorphic encryption using adapted and newly constructed packing methods for convolutions, which might be of independent interest. Overall our protocols extend the state-of-the-art Overdrive family of protocols (Keller et al., EUROCRYPT 2018). We implemented our protocols on-top of MP-SPDZ (Keller, CCS 2020) resulting in a full-featured implementation with support for faster convolutions. Our evaluation shows that our protocols outperform state-of-the-art actively secure MPC protocols on ML tasks like evaluating ResNet50 by a factor of 3 or more. Benchmarks for depthwise convolutions show order-of-magnitude speed-ups compared to existing approaches.
  BibTeX
  @article{RiviniusReisertHaslerKuesters-PoPETs-2023, abstract = {Machine learning (ML) has seen a strong rise in popularity in recent years and has become an essential tool for research and industrial applications. Given the large amount of high quality data needed and the often sensitive nature of ML data, privacy-preserving collaborative ML is of increasing importance. In this paper, we introduce new actively secure multiparty computation (MPC) protocols which are specially optimized for privacy-preserving machine learning applications. We concentrate on the optimization of (tensor) convolutions which belong to the most commonly used components in ML architectures, especially in convolutional neural networks but also in recurrent neural networks or transformers, and therefore have a major impact on the overall performance. Our approach is based on a generalized form of structured randomness that speeds up convolutions in a fast online phase. The structured randomness is generated with homomorphic encryption using adapted and newly constructed packing methods for convolutions, which might be of independent interest. Overall our protocols extend the state-of-the-art Overdrive family of protocols (Keller et al., EUROCRYPT 2018). We implemented our protocols on-top of MP-SPDZ (Keller, CCS 2020) resulting in a full-featured implementation with support for faster convolutions. Our evaluation shows that our protocols outperform state-of-the-art actively secure MPC protocols on ML tasks like evaluating ResNet50 by a factor of 3 or more. Benchmarks for depthwise convolutions show order-of-magnitude speed-ups compared to existing approaches.}, author = {Rivinius, Marc and Reisert, Pascal and Hasler, Sebastian and K{\"{u}}sters, Ralf}, doi = {10.56553/popets-2023-0084}, journal = {{Proceedings on Privacy Enhancing Technologies}}, note = {Runner-Up for the PETS 2023 Best Student Paper Award}, number = 3, pages = {321--353}, title = {{Convolutions in Overdrive: Maliciously Secure Convolutions for MPC}}, url = {https://publ.sec.uni-stuttgart.de/riviniusreiserthaslerkuesters-popets-2023.pdf}, volume = 2023, year = 2023 }
  Link
  https://publ.sec.uni-stuttgart.de/riviniusreiserthaslerkuesters-popets-2023.pdf
4. Marc Rivinius, Pascal Reisert, Sebastian Hasler, and Ralf Küsters, “Convolutions in Overdrive: Maliciously Secure Convolutions for MPC,” Cryptology ePrint Archive, Technical Report 2023/359, 2023.
  Abstract
  Machine learning (ML) has seen a strong rise in popularity in recent years and has become an essential tool for research and industrial applications. Given the large amount of high quality data needed and the often sensitive nature of ML data, privacy-preserving collaborative ML is of increasing importance. In this paper, we introduce new actively secure multiparty computation (MPC) protocols which are specially optimized for privacy-preserving machine learning applications. We concentrate on the optimization of (tensor) convolutions which belong to the most commonly used components in ML architectures, especially in convolutional neural networks but also in recurrent neural networks or transformers, and therefore have a major impact on the overall performance. Our approach is based on a generalized form of structured randomness that speeds up convolutions in a fast online phase. The structured randomness is generated with homomorphic encryption using adapted and newly constructed packing methods for convolutions, which might be of independent interest. Overall our protocols extend the state-of-the-art Overdrive family of protocols (Keller et al., EUROCRYPT 2018). We implemented our protocols on-top of MP-SPDZ (Keller, CCS 2020) resulting in a full-featured implementation with support for faster convolutions. Our evaluation shows that our protocols outperform state-of-the-art actively secure MPC protocols on ML tasks like evaluating ResNet50 by a factor of 3 or more. Benchmarks for depthwise convolutions show order-of-magnitude speed-ups compared to existing approaches.
  BibTeX
  @techreport{RiviniusReisertHaslerKuesters-IACR-2023-359, abstract = {Machine learning (ML) has seen a strong rise in popularity in recent years and has become an essential tool for research and industrial applications. Given the large amount of high quality data needed and the often sensitive nature of ML data, privacy-preserving collaborative ML is of increasing importance. In this paper, we introduce new actively secure multiparty computation (MPC) protocols which are specially optimized for privacy-preserving machine learning applications. We concentrate on the optimization of (tensor) convolutions which belong to the most commonly used components in ML architectures, especially in convolutional neural networks but also in recurrent neural networks or transformers, and therefore have a major impact on the overall performance. Our approach is based on a generalized form of structured randomness that speeds up convolutions in a fast online phase. The structured randomness is generated with homomorphic encryption using adapted and newly constructed packing methods for convolutions, which might be of independent interest. Overall our protocols extend the state-of-the-art Overdrive family of protocols (Keller et al., EUROCRYPT 2018). We implemented our protocols on-top of MP-SPDZ (Keller, CCS 2020) resulting in a full-featured implementation with support for faster convolutions. Our evaluation shows that our protocols outperform state-of-the-art actively secure MPC protocols on ML tasks like evaluating ResNet50 by a factor of 3 or more. Benchmarks for depthwise convolutions show order-of-magnitude speed-ups compared to existing approaches.}, author = {Rivinius, Marc and Reisert, Pascal and Hasler, Sebastian and K{\"{u}}sters, Ralf}, institution = {Cryptology ePrint Archive}, number = {2023/359}, title = {{Convolutions in Overdrive: Maliciously Secure Convolutions for MPC}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/riviniusreiserthaslerkuesters-iacr-2023-359.pdf}, year = 2023 }
  Link
  https://publ.sec.uni-stuttgart.de/riviniusreiserthaslerkuesters-iacr-2023-359.pdf
5. Sebastian Hasler, Toomas Krips, Ralf Küsters, Pascal Reisert, and Marc Rivinius, “Overdrive LowGear 2.0: Reduced-Bandwidth MPC without Sacrifice,” Cryptology ePrint Archive, Technical Report 2023/462, 2023.
  Abstract
  Some of the most efficient protocols for Multi-Party Computation (MPC) follow a two-phase approach where correlated randomness, in particular Beaver triples, is generated in the offline phase and then used to speed up the online phase. Recently, more complex correlations have been introduced to optimize certain operations even further, such as matrix triples for matrix multiplications. In this paper, our goal is to improve the efficiency of the triple generation in general and in particular for classical field values as well as matrix operations. To this end, we modify the Overdrive LowGear protocol to remove the costly sacrificing step and therewith reduce the round complexity and the bandwidth. We extend the state-of- the-art MP-SPDZ implementation with our new protocols and show that the new offline phase outperforms state-of-the-art protocols for the generation of Beaver triples and matrix triples. For example, we save 33 % in bandwidth compared to Overdrive LowGear.
  BibTeX
  @techreport{HaslerKripsKuestersReisertRivinius-IACR-2023-462, abstract = {Some of the most efficient protocols for Multi-Party Computation (MPC) follow a two-phase approach where correlated randomness, in particular Beaver triples, is generated in the offline phase and then used to speed up the online phase. Recently, more complex correlations have been introduced to optimize certain operations even further, such as matrix triples for matrix multiplications. In this paper, our goal is to improve the efficiency of the triple generation in general and in particular for classical field values as well as matrix operations. To this end, we modify the Overdrive LowGear protocol to remove the costly sacrificing step and therewith reduce the round complexity and the bandwidth. We extend the state-of- the-art MP-SPDZ implementation with our new protocols and show that the new offline phase outperforms state-of-the-art protocols for the generation of Beaver triples and matrix triples. For example, we save 33 % in bandwidth compared to Overdrive LowGear.}, author = {Hasler, Sebastian and Krips, Toomas and K{\"{u}}sters, Ralf and Reisert, Pascal and Rivinius, Marc}, institution = {Cryptology ePrint Archive}, number = {2023/462}, title = {{Overdrive LowGear 2.0: Reduced-Bandwidth MPC without Sacrifice}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/haslerkripskuestersreisertrivinius-iacr-2023-462.pdf}, year = 2023 }
  Link
  https://publ.sec.uni-stuttgart.de/haslerkripskuestersreisertrivinius-iacr-2023-462.pdf
6. Pascal Reisert, Marc Rivinius, Toomas Krips, and Ralf Küsters, “Overdrive LowGear 2.0: Reduced-Bandwidth MPC without Sacrifice,” in ACM ASIA Conference on Computer and Communications Security (ASIA CCS 2023), 2023, pp. 372–386.
  Abstract
  Some of the most efficient protocols for Multi-Party Computation (MPC) follow a two-phase approach where correlated randomness, in particular Beaver triples, is generated in the offline phase and then used to speed up the online phase. Recently, more complex correlations have been introduced to optimize certain operations even further, such as matrix triples for matrix multiplications. In this paper, our goal is to improve the efficiency of the triple generation in general and in particular for classical field values as well as matrix operations. To this end, we modify the Overdrive LowGear protocol to remove the costly sacrificing step and therewith reduce the round complexity and the bandwidth. We extend the state-of- the-art MP-SPDZ implementation with our new protocols and show that the new offline phase outperforms state-of-the-art protocols for the generation of Beaver triples and matrix triples. For example, we save 33 % in bandwidth compared to Overdrive LowGear.
  BibTeX
  @inproceedings{ReisertRiviniusKripsKuesters-ASIACCS-2023, abstract = {Some of the most efficient protocols for Multi-Party Computation (MPC) follow a two-phase approach where correlated randomness, in particular Beaver triples, is generated in the offline phase and then used to speed up the online phase. Recently, more complex correlations have been introduced to optimize certain operations even further, such as matrix triples for matrix multiplications. In this paper, our goal is to improve the efficiency of the triple generation in general and in particular for classical field values as well as matrix operations. To this end, we modify the Overdrive LowGear protocol to remove the costly sacrificing step and therewith reduce the round complexity and the bandwidth. We extend the state-of- the-art MP-SPDZ implementation with our new protocols and show that the new offline phase outperforms state-of-the-art protocols for the generation of Beaver triples and matrix triples. For example, we save 33 % in bandwidth compared to Overdrive LowGear.}, author = {Reisert, Pascal and Rivinius, Marc and Krips, Toomas and K{\"u}sters, Ralf}, booktitle = {{ACM ASIA Conference on Computer and Communications Security (ASIA CCS 2023)}}, doi = {10.1145/3579856.3582809}, pages = {372-386}, publisher = {ACM}, title = {{Overdrive LowGear 2.0: Reduced-Bandwidth MPC without Sacrifice}}, url = {https://publ.sec.uni-stuttgart.de/reisertriviniuskripskuesters-asiaccs-2023.pdf}, year = 2023 }
  Link
  https://publ.sec.uni-stuttgart.de/reisertriviniuskripskuesters-asiaccs-2023.pdf
2022
1. Mayar Elfares, Zhiming Hu, Pascal Reisert, Andreas Bulling, and Ralf Küsters, “Federated Learning for Appearance-based Gaze Estimation in the Wild,” NeurIPS 2022 Workshop GMML, 2022.
  Abstract
  Gaze estimation methods have significantly matured in recent years but the large number of eye images required to train deep learning models poses significant privacy risks. In addition, the heterogeneous data distribution across different users can significantly hinder the training process. In this work, we propose the first federated learning approach for gaze estimation to preserve the privacy of gaze data. We further employ pseudo-gradients optimisation to adapt our federated learning approach to the divergent model updates to address the heterogeneous nature of in-the-wild gaze data in collaborative setups. We evaluate our approach on a real-world dataset (MPIIGaze dataset) and show that our work enhances the privacy guarantees of conventional appearance-based gaze estimation methods, handles the convergence issues of gaze estimators, and significantly outperforms vanilla federated learning by 15.8 % (from a mean error of 10.83 degrees to 8.95 degrees). As such, our work paves the way to develop privacy-aware collaborative learning setups for gaze estimation while maintaining the model's performance.
  BibTeX
  @techreport{ElfaresHuReisertBullingKuesters-NeurIPS-2022, abstract = {Gaze estimation methods have significantly matured in recent years but the large number of eye images required to train deep learning models poses significant privacy risks. In addition, the heterogeneous data distribution across different users can significantly hinder the training process. In this work, we propose the first federated learning approach for gaze estimation to preserve the privacy of gaze data. We further employ pseudo-gradients optimisation to adapt our federated learning approach to the divergent model updates to address the heterogeneous nature of in-the-wild gaze data in collaborative setups. We evaluate our approach on a real-world dataset (MPIIGaze dataset) and show that our work enhances the privacy guarantees of conventional appearance-based gaze estimation methods, handles the convergence issues of gaze estimators, and significantly outperforms vanilla federated learning by 15.8 % (from a mean error of 10.83 degrees to 8.95 degrees). As such, our work paves the way to develop privacy-aware collaborative learning setups for gaze estimation while maintaining the model's performance.}, author = {Elfares, Mayar and Hu, Zhiming and Reisert, Pascal and Bulling, Andreas and K{\"u}sters, Ralf}, booktitle = {{NeuRIPS 2022 Workshop on Gaze Meets ML}}, institution = {{NeurIPS 2022 Workshop GMML}}, title = {{Federated Learning for Appearance-based Gaze Estimation in the Wild}}, type = {Workshop Paper}, url = {https://publ.sec.uni-stuttgart.de/elfareshureisertbullingkuesters-neurips-2022.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/elfareshureisertbullingkuesters-neurips-2022.pdf
2. Mayar Elfares, Zhiming Hu, Pascal Reisert, Andreas Bulling, and Ralf Küsters, “Federated Learning for Appearance-based Gaze Estimation in the Wild,” arXiv, Technical Report 2211.07330, 2022.
  Abstract
  Gaze estimation methods have significantly matured in recent years but the large number of eye images required to train deep learning models poses significant privacy risks. In addition, the heterogeneous data distribution across different users can significantly hinder the training process. In this work, we propose the first federated learning approach for gaze estimation to preserve the privacy of gaze data. We further employ pseudo-gradients optimisation to adapt our federated learning approach to the divergent model updates to address the heterogeneous nature of in-the-wild gaze data in collaborative setups. We evaluate our approach on a real-world dataset (MPIIGaze dataset) and show that our work enhances the privacy guarantees of conventional appearance-based gaze estimation methods, handles the convergence issues of gaze estimators, and significantly outperforms vanilla federated learning by 15.8 % (from a mean error of 10.83 degrees to 8.95 degrees). As such, our work paves the way to develop privacy-aware collaborative learning setups for gaze estimation while maintaining the model's performance.
  BibTeX
  @techreport{ElfaresHuReisertBullingKuesters-arXiV-2022, abstract = {Gaze estimation methods have significantly matured in recent years but the large number of eye images required to train deep learning models poses significant privacy risks. In addition, the heterogeneous data distribution across different users can significantly hinder the training process. In this work, we propose the first federated learning approach for gaze estimation to preserve the privacy of gaze data. We further employ pseudo-gradients optimisation to adapt our federated learning approach to the divergent model updates to address the heterogeneous nature of in-the-wild gaze data in collaborative setups. We evaluate our approach on a real-world dataset (MPIIGaze dataset) and show that our work enhances the privacy guarantees of conventional appearance-based gaze estimation methods, handles the convergence issues of gaze estimators, and significantly outperforms vanilla federated learning by 15.8 % (from a mean error of 10.83 degrees to 8.95 degrees). As such, our work paves the way to develop privacy-aware collaborative learning setups for gaze estimation while maintaining the model's performance.}, author = {Elfares, Mayar and Hu, Zhiming and Reisert, Pascal and Bulling, Andreas and K{\"u}sters, Ralf}, institution = {arXiv}, number = {2211.07330}, title = {{Federated Learning for Appearance-based Gaze Estimation in the Wild}}, type = {Technical Report}, url = {https://arxiv.org/abs/2211.07330}, year = 2022 }
  Link
  https://arxiv.org/abs/2211.07330
3. Nicolas Huber, Ralf Küsters, Toomas Krips, Julian Liedtke, Johannes Müller, Daniel Rausch, Pascal Reisert, and Andreas Vogt, “Kryvos: Publicly Tally-Hiding Verifiable E-Voting,” in CCS ’22: ACM Conference on Computer and Communications Security, November 7--11, 2022, Los Angeles, USA, 2022, pp. 1443--1457.
  Abstract
  Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called tally-hiding. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin publicly tally-hiding, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system.
  BibTeX
  @inproceedings{HuberKuestersKripsLiedtkeMuellerRauschReisert-CCS-2022, abstract = {Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called \emph{tally-hiding}. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin \emph{publicly tally-hiding}, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system.}, author = {Huber, Nicolas and K{\"u}sters, Ralf and Krips, Toomas and Liedtke, Julian and M{\"u}ller, Johannes and Rausch, Daniel and Reisert, Pascal and Vogt, Andreas}, booktitle = {{CCS '22: ACM Conference on Computer and Communications Security, November 7--11, 2022, Los Angeles, USA}}, doi = {10.1145/3548606.3560701}, pages = {1443--1457}, publisher = {{ACM}}, title = {{Kryvos: Publicly Tally-Hiding Verifiable E-Voting}}, url = {https://publ.sec.uni-stuttgart.de/huberkuesterskripsliedtkemuellerrauschreisert-ccs-2022.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/huberkuesterskripsliedtkemuellerrauschreisert-ccs-2022.pdf
4. Nicolas Huber, Ralf Küsters, Toomas Krips, Julian Liedtke, Johannes Müller, Daniel Rausch, Pascal Reisert, and Andreas Vogt, “Kryvos: Publicly Tally-Hiding Verifiable E-Voting,” Cryptology ePrint Archive, Technical Report 2022/1132, 2022.
  Abstract
  Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called tally-hiding. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin publicly tally-hiding, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system.
  BibTeX
  @techreport{HuberKuestersKripsLiedtkeMuellerRauschReisert-IACR-2022, abstract = {Elections are an important corner stone of democratic processes. In addition to publishing the final result (e.g., the overall winner), elections typically publish the full tally consisting of all (aggregated) individual votes. This causes several issues, including loss of privacy for both voters and election candidates as well as so-called Italian attacks that allow for easily coercing voters. Several e-voting systems have been proposed to address these issues by hiding (parts of) the tally. This property is called \emph{tally-hiding}. Existing tally-hiding e-voting systems in the literature aim at hiding (part of) the tally from everyone, including voting authorities, while at the same time offering verifiability, an important and standard feature of modern e-voting systems which allows voters and external observers to check that the published election result indeed corresponds to how voters actually voted. In contrast, real elections often follow a different common practice for hiding the tally: the voting authorities internally compute (and learn) the full tally but publish only the final result (e.g., the winner). This practice, which we coin \emph{publicly tally-hiding}, indeed solves the aforementioned issues for the public, but currently has to sacrifice verifiability due to a lack of practical systems. In this paper, we close this gap. We formalize the common notion of publicly tally-hiding and propose the first provably secure verifiable e-voting system, called Kryvos, which directly targets publicly tally-hiding elections. We instantiate our system for a wide range of both simple and complex voting methods and various result functions. We provide an extensive evaluation which shows that Kryvos is practical and able to handle a large number of candidates, complex voting methods and result functions. Altogether, Kryvos shows that the concept of publicly tally-hiding offers a new trade-off between privacy and efficiency that is different from all previous tally-hiding systems and which allows for a radically new protocol design resulting in a practical e-voting system.}, author = {Huber, Nicolas and K{\"u}sters, Ralf and Krips, Toomas and Liedtke, Julian and M{\"u}ller, Johannes and Rausch, Daniel and Reisert, Pascal and Vogt, Andreas}, doi = {10.1145/3548606.3560701}, institution = {Cryptology ePrint Archive}, number = {2022/1132}, title = {{Kryvos: Publicly Tally-Hiding Verifiable E-Voting}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/huberkuesterskripsliedtkemuellerrauschreisert-iacr-2022.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/huberkuesterskripsliedtkemuellerrauschreisert-iacr-2022.pdf
5. David Mestel, Johannes Müller, and Pascal Reisert, “How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis,” in 35th IEEE Computer Security Foundations Symposium, CSF 2022, Haifa, Israel, August 7-10, 2022, 2022, pp. 179--194.
  - Abstract
  - BibTeX
  Abstract
  Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.
  BibTeX
  @inproceedings{MestelMuellerReisert-CSF-2022, abstract = {Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.}, author = {Mestel, David and M{\"{u}}ller, Johannes and Reisert, Pascal}, booktitle = {{35th {IEEE} Computer Security Foundations Symposium, {CSF} 2022, Haifa, Israel, August 7-10, 2022}}, doi = {10.1109/CSF54842.2022.9979167}, pages = {179--194}, publisher = {{IEEE}}, title = {{How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis}}, year = 2022 }
6. David Mestel, Johannes Müller, and Pascal Reisert, “How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis,” Cryptology ePrint Archive, Technical Report 2022/743, 2022.
  Abstract
  Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.
  BibTeX
  @techreport{MestelMuellerReisert-IACR-2022-743, abstract = {Replay attacks are among the most well-known attacks against vote privacy. Many e-voting systems have been proven vulnerable to replay attacks, including systems like Helios that are used in real practical elections. Despite their popularity, it is commonly believed that replay attacks are inefficient but the actual threat that they pose to vote privacy has never been studied formally. Therefore, in this paper, we precisely analyze for the first time how efficient replay attacks really are. We study this question from commonly used and complementary perspectives on vote privacy, showing as an independent contribution that a simple extension of a popular game-based privacy definition corresponds to a strong entropy-based notion. Our results demonstrate that replay attacks can be devastating for a voter's privacy even when an adversary's resources are very limited. We illustrate our formal findings by applying them to a number of real-world elections, showing that a modest number of replays can result in significant privacy loss. Overall, our work reveals that, contrary to a common belief, replay attacks can be very efficient and must therefore be considered a serious threat.}, author = {Mestel, David and M{\"{u}}ller, Johannes and Reisert, Pascal}, institution = {Cryptology ePrint Archive}, number = {2022/743}, title = {{How Efficient are Replay Attacks against Vote Privacy? A Formal Quantitative Analysis}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/mestelmuellerreisert-iacr-2022-743.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/mestelmuellerreisert-iacr-2022-743.pdf
7. Toomas Krips, Ralf Küsters, Pascal Reisert, and Marc Rivinius, “Arithmetic Tuples for MPC,” Cryptology ePrint Archive, Technical Report 2022/667, 2022.
  Abstract
  Some of the most efficient protocols for Multi-Party Computation (MPC) use a two-phase approach where correlated randomness, in particular Beaver triples, is generated in the offline phase and then used to speed up the online phase. Recently, more complex correlations have been introduced to optimize certain operations even further, such as matrix triples for matrix multiplications. In this paper, our goal is to speed up the evaluation of multivariate polynomials and therewith of whole arithmetic circuits in the online phase. To this end, we introduce a new form of correlated randomness: arithmetic tuples. Arithmetic tuples can be fine tuned in various ways to the constraints of application at hand, in terms of round complexity, bandwidth, and tuple size. We show that for many real-world setups an arithmetic tuples based online phase outperforms state-of-the-art protocols based on Beaver triples.
  BibTeX
  @techreport{ReisertRiviniusKripsKuesters-IACR-2022-667, abstract = {Some of the most efficient protocols for Multi-Party Computation (MPC) use a two-phase approach where correlated randomness, in particular Beaver triples, is generated in the offline phase and then used to speed up the online phase. Recently, more complex correlations have been introduced to optimize certain operations even further, such as matrix triples for matrix multiplications. In this paper, our goal is to speed up the evaluation of multivariate polynomials and therewith of whole arithmetic circuits in the online phase. To this end, we introduce a new form of correlated randomness: arithmetic tuples. Arithmetic tuples can be fine tuned in various ways to the constraints of application at hand, in terms of round complexity, bandwidth, and tuple size. We show that for many real-world setups an arithmetic tuples based online phase outperforms state-of-the-art protocols based on Beaver triples.}, author = {Krips, Toomas and K{\"{u}}sters, Ralf and Reisert, Pascal and Rivinius, Marc}, institution = {Cryptology ePrint Archive}, number = {2022/667}, title = {{Arithmetic Tuples for MPC}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/reisertriviniuskripskuesters-iacr-2022-667.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/reisertriviniuskripskuesters-iacr-2022-667.pdf
8. Marc Rivinius, Pascal Reisert, Daniel Rausch, and Ralf Küsters, “Publicly Accountable Robust Multi-Party Computation,” in 43rd IEEE Symposium on Security and Privacy (S&P 2022), 2022, pp. 2430--2449.
  Abstract
  In recent years, lattice-based secure multi-party computation (MPC) has seen a rise in popularity and is used more and more in large scale applications like privacy-preserving cloud computing, electronic voting, or auctions. Many of these applications come with the following high security requirements: a computation result should be publicly verifiable, with everyone being able to identify a malicious party and hold it accountable, and a malicious party should not be able to corrupt the computation, force a protocol restart, or block honest parties or an honest third-party (client) that provided private inputs from receiving a correct result. The protocol should guarantee verifiability and accountability even if all protocol parties are malicious. While some protocols address one or two of these often essential security features, we present the first publicly verifiable and accountable, and (up to a threshold) robust SPDZ-like MPC protocol without restart. We propose protocols for accountable and robust online, offline, and setup computations. We adapt and partly extend the lattice-based commitment scheme by Baum et al. (SCN 2018) as well as other primitives like ZKPs. For the underlying commitment scheme and the underlying BGV encryption scheme we determine ideal parameters. We give a performance evaluation of our protocols and compare them to state-of-the-art protocols both with and without our target security features: public accountability, public verifiability and robustness.
  BibTeX
  @inproceedings{RiviniusReisertRauschKuesters-SP-2022, abstract = {In recent years, lattice-based secure multi-party computation (MPC) has seen a rise in popularity and is used more and more in large scale applications like privacy-preserving cloud computing, electronic voting, or auctions. Many of these applications come with the following high security requirements: a computation result should be publicly verifiable, with everyone being able to identify a malicious party and hold it accountable, and a malicious party should not be able to corrupt the computation, force a protocol restart, or block honest parties or an honest third-party (client) that provided private inputs from receiving a correct result. The protocol should guarantee verifiability and accountability even if all protocol parties are malicious. While some protocols address one or two of these often essential security features, we present the first publicly verifiable and accountable, and (up to a threshold) robust SPDZ-like MPC protocol without restart. We propose protocols for accountable and robust online, offline, and setup computations. We adapt and partly extend the lattice-based commitment scheme by Baum et al. (SCN 2018) as well as other primitives like ZKPs. For the underlying commitment scheme and the underlying BGV encryption scheme we determine ideal parameters. We give a performance evaluation of our protocols and compare them to state-of-the-art protocols both with and without our target security features: public accountability, public verifiability and robustness.}, author = {Rivinius, Marc and Reisert, Pascal and Rausch, Daniel and K{\"{u}}sters, Ralf}, booktitle = {{43rd IEEE Symposium on Security and Privacy (S{\&}P 2022)}}, doi = {10.1109/SP46214.2022.9833608}, pages = {2430--2449}, publisher = {IEEE Computer Society}, title = {{Publicly Accountable Robust Multi-Party Computation}}, url = {https://publ.sec.uni-stuttgart.de/riviniusreisertrauschkuesters-sp-2022.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/riviniusreisertrauschkuesters-sp-2022.pdf
9. Marc Rivinius, Pascal Reisert, Daniel Rausch, and Ralf Küsters, “Publicly Accountable Robust Multi-Party Computation,” Cryptology ePrint Archive, Technical Report 2022/436, 2022.
  Abstract
  In recent years, lattice-based secure multi-party computation (MPC) has seen a rise in popularity and is used more and more in large scale applications like privacy-preserving cloud computing, electronic voting, or auctions. Many of these applications come with the following high security requirements: a computation result should be publicly verifiable, with everyone being able to identify a malicious party and hold it accountable, and a malicious party should not be able to corrupt the computation, force a protocol restart, or block honest parties or an honest third-party (client) that provided private inputs from receiving a correct result. The protocol should guarantee verifiability and accountability even if all protocol parties are malicious. While some protocols address one or two of these often essential security features, we present the first publicly verifiable and accountable, and (up to a threshold) robust SPDZ-like MPC protocol without restart. We propose protocols for accountable and robust online, offline, and setup computations. We adapt and partly extend the lattice-based commitment scheme by Baum et al. (SCN 2018) as well as other primitives like ZKPs. For the underlying commitment scheme and the underlying BGV encryption scheme we determine ideal parameters. We give a performance evaluation of our protocols and compare them to state-of-the-art protocols both with and without our target security features: public accountability, public verifiability and robustness.
  BibTeX
  @techreport{RiviniusReisertRauschKuesters-IACR-2022-436, abstract = {In recent years, lattice-based secure multi-party computation (MPC) has seen a rise in popularity and is used more and more in large scale applications like privacy-preserving cloud computing, electronic voting, or auctions. Many of these applications come with the following high security requirements: a computation result should be publicly verifiable, with everyone being able to identify a malicious party and hold it accountable, and a malicious party should not be able to corrupt the computation, force a protocol restart, or block honest parties or an honest third-party (client) that provided private inputs from receiving a correct result. The protocol should guarantee verifiability and accountability even if all protocol parties are malicious. While some protocols address one or two of these often essential security features, we present the first publicly verifiable and accountable, and (up to a threshold) robust SPDZ-like MPC protocol without restart. We propose protocols for accountable and robust online, offline, and setup computations. We adapt and partly extend the lattice-based commitment scheme by Baum et al. (SCN 2018) as well as other primitives like ZKPs. For the underlying commitment scheme and the underlying BGV encryption scheme we determine ideal parameters. We give a performance evaluation of our protocols and compare them to state-of-the-art protocols both with and without our target security features: public accountability, public verifiability and robustness.}, author = {Rivinius, Marc and Reisert, Pascal and Rausch, Daniel and K{\"{u}}sters, Ralf}, institution = {Cryptology ePrint Archive}, number = {2022/436}, title = {{Publicly Accountable Robust Multi-Party Computation}}, type = {Technical Report}, url = {https://publ.sec.uni-stuttgart.de/riviniusreisertrauschkuesters-iacr-2022-436.pdf}, year = 2022 }
  Link
  https://publ.sec.uni-stuttgart.de/riviniusreisertrauschkuesters-iacr-2022-436.pdf
2016
1. Pascal Reisert, “Moduli Spaces of Parabolic Twisted Generalized Higgs Bundles,” Ludwig-Maximilians University, Germany, 2016. Available as urn:nbn:de:bvb:19-198909.
  - BibTeX
  BibTeX
  @phdthesis{Reisert-Phd-2016, author = {Reisert, Pascal}, note = {Available as urn:nbn:de:bvb:19-198909.}, school = {Ludwig-Maximilians University, Germany}, title = {{Moduli Spaces of Parabolic Twisted Generalized Higgs Bundles}}, year = 2016 }
2011
1. Pascal Reisert, “Kobayashi-Hitchin Correspondence for Tame Harmonic Bundles,” Thesis, Ludwig-Maximilians University, Germany, 2011. Available as urn:nbn:de:bvb:19-epub-28472-2.
  - BibTeX
  BibTeX
  @mastersthesis{Reisert-urn-2011, author = {Reisert, Pascal}, note = {Available as urn:nbn:de:bvb:19-epub-28472-2.}, publisher = {Ludwig-Maximilians University, Germany}, title = {{Kobayashi-Hitchin Correspondence for Tame Harmonic Bundles}}, type = {Thesis}, year = 2011 }
2009
1. Pascal Reisert, “The Multiplicative Structure in Verlinde Algebras over SU(2),” Thesis, Ludwig-Maximilians University, Germany, 2009. Available as urn:nbn:de:bvb:19-epub-28471-6.
  - BibTeX
  BibTeX
  @mastersthesis{Reisert-urn-2009, author = {Reisert, Pascal}, note = {Available as urn:nbn:de:bvb:19-epub-28471-6.}, publisher = {Ludwig-Maximilians University, Germany}, title = {{The Multiplicative Structure in Verlinde Algebras over SU(2)}}, type = {Thesis}, year = 2009 }

Teaching

Winter Term 2024
- Lecture on Mathematical Foundations of (Post-Quantum) Cryptography.
- Seminar on Advanced Topics in Post-Quantum Cryptography together with the Department of Mathematics.
- Introduction to Modern Cryptography by Prof. Ralf Küsters (together with Dr. Daniel Rausch, Dr. Klaas Pruiksma).
Summer Term 2024
- Lecture on Post-Quantum Secure Cryptography.
Winter Term 2023
- Lecture on Mathematical Foundations of (Post-Quantum) Cryptography.
- Seminar on Advanced Topics in Post-Quantum Cryptography together with the Department of Mathematics.
Summer Term 2023
- Lecture on Post-Quantum Secure Cryptography.
Winter Term 2022
- Lecture on Mathematical Foundations of (Post-Quantum) Cryptography.
- Seminar on Advanced Topics in Post-Quantum Cryptography.
Summer Term 2022
- Lecture on Mathematical Foundations of (Post-Quantum) Cryptography.
- Lecture on Post-Quantum Secure Cryptography.
Winter Term 2021

Seminar on Advanced Topics in Post-Quantum Cryptography.
Summer Term 2021

Lecture on Post-Quantum Secure Cryptography.
Winter Term 2020

Introduction to Modern Cryptography by Prof. Ralf Küsters.
Summer Term 2020

Security and Privacy by Prof. Ralf Küsters.
Winter Term 2019

Introduction to Modern Cryptography by Prof. Ralf Küsters.
Summer Term 2019

Training program for tutors and peer educators in physics and mathematics, April 1st - 3rd, 2019 at LMU Munich. Lecture notes in german available at Tutor Qualification Program 2019.
Winter Term 2018/19

Cryptography by Prof. Otto Forster at LMU Munich. You will find further information on the exercise lessons here (german).
Summer Term 2018

Training program for tutors and peer educators in physics and mathematics at LMU Munich. Lecture notes in german: Tutor Qualification Program 2018.
Winter Term 2017/18

The Zeta function and the Riemann Hypothesis by Prof. Otto Forster at LMU Munich. You will find further information on the exercise lessons here (german).
Summer Term 2017

No lectures.
Winter Term 2016/17

No lectures.
Summer Term 2016

Riemann Surfaces by Prof. Otto Forster at LMU Munich. You will find further information on the exercise lessons here.
Winter Term 2015/16

Algorithmic Number Theory and Cryptography by Prof. Otto Forster at LMU Munich. You will find further information on the exercise lessons here (german).
Summer Term 2015

Foundations of mathematics II (german) by Dr. Erwin Schörner at LMU Munich.
Winter Term 2014/15

Foundations of mathematics I (german) by Dr. Erwin Schörner at LMU Munich.
Summer Term 2014

Linear Algebra II (german) by Dr. Erwin Schörner at LMU Munich.
Winter Term 2013/14

Analysis III (german) by Prof. Franz Merkl at LMU Munich.
Summer Term 2013

Analysis II (german) by Prof. Franz Merkl at LMU Munich.
Winter Term 2012/13

Riemann Surfaces by Prof. Otto Forster at LMU Munich.
You will find further information on the exercise lessons here.
Summer Term 2012

Linear Algebra II (link no longer available) by Prof. Andreas Rosenschon at LMU Munich.
Winter Term 2011/12

Linear Algebra I (link no longer available) by Prof. Andreas Rosenschon at LMU Munich.

Appointments to Program Committees, (Special) Session Chairs

USENIX Security Symposium (USENIX Security) 2025
IEEE Computer Security Foundations Symposium (CSF) 2025
Workshop on Advance in Secure Electronic Voting (Voting'25) at Financial Cryptography and Data Security 2025
International Conference on Availability, Reliability and Security (ARES 2024)
International Joint Conference on Electronic Voting (E-VOTE-ID) 2024
GI-Sicherheit 2024
IEEE Symposium on Security and Privacy (SP) 2023
IEEE Computer Security Foundations Symposium (CSF) 2023 (also Special Session Chair on Cryptography)
International Joint Conference on Electronic Voting (E-VOTE-ID) 2023
International Workshop on Cyberspace Security and Artificial Intelligence (CAI-2023)
International Joint Conference on Electronic Voting (E-VOTE-ID) 2022
GI-Sicherheit 2022
Indocrypt 2021

Are you a student and want to write a thesis / carry out a project at the SEC?

Please see our notes on theses and projects!

Pascal Reisert

Contact

Office Hours

Subject

Publications

2024

Abstract

BibTeX

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

2023

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

2022

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

Abstract

BibTeX

Link

2016

BibTeX

2011

BibTeX

2009

BibTeX

Teaching

Winter Term 2024

Summer Term 2024

Winter Term 2023

Summer Term 2023

Winter Term 2022

Summer Term 2022

Winter Term 2021