The ENCRYPTO Group is involved in the following teaching activities.
Current Lectures, Labs, and Seminars
Past Lectures, Labs, and Seminars
Open Thesis Topics
2 items found. Show all theses.
Machine learning (ML) is widely used nowadays to extract new information from existing data and to make predictions based on the learned information. The use of ML, however, raises privacy concerns due to learning on users' data – which often leaks information about the training set – and/or the possibility of learning the service provider's model based on its forecasts. Because of the latter, for example, an adversary possessing the ML model of a company that offers ML as a service (MLaaS), which is a company secret, would (i) not require to pay to the company for the classification anymore and (ii) could even sell the model to a third party which would cause the company to loose in value.
This thesis will focus on deducing the server's Support Vector Machines (SVM) model based on its predictions. Although many solutions were proposed for privacy-preserving machine learning (including frameworks based on multi-party computation), there was a lack of attention to the attacks on the ideal functionality of machine learning. These enable an adversary to learn the service provider's model using specially crafted queries without interfering with the protocol. Possible attacks are shown in, for example, . Furthermore, an example of vulnerable SVM can be found in . go
Many protocols for secure computation represent the function to be computed as a Boolean circuit consisting of XOR and AND gates. Here, the XOR gates can be computed locally without the use of cryptographic operations, whereas the AND gates require interaction between the parties and are thus expensive. The goal of this thesis is to optimize n-input gates (the gates that map an n-bit input to the corresponding 1-bit output) by replacing them with the minimum number of AND gates and some amount of XOR gates in order to reduce their AND-size.
Pinkas et al.  have shown that exactly half of the n-input gates (namely those where the Hamming weight of the function table is even) can be computed by at most n-2 AND gates and free XORs for n<4. The research question is if this holds true also for n=4, 5, etc. The idea is to enumerate all circuits consisting of up to i=0,1, 2, …, n-1 AND gates on n inputs and see to which n-input functionality they correspond. go