Teaching
The ENCRYPTO Group is involved in the following teaching activities.
Current Lectures, Labs, and Seminars
CRYPROT SS18
ENCRYPTO Oberseminar
Past Lectures, Labs, and Seminars
Open Thesis Topics
2 items found. Show all theses.

Silently Learning your Support Vector Machines Models
Bachelor Thesis, Master Thesis
Machine learning (ML) is widely used nowadays to extract new information from existing data and to make predictions based on the learned information. The use of ML, however, raises privacy concerns due to learning on users' data – which often leaks information about the training set – and/or the possibility of learning the service provider's model based on its forecasts. Because of the latter, for example, an adversary possessing the ML model of a company that offers ML as a service (MLaaS), which is a company secret, would (i) not require to pay to the company for the classification anymore and (ii) could even sell the model to a third party which would cause the company to loose in value.
This thesis will focus on deducing the server's Support Vector Machines (SVM) model based on its predictions. Although many solutions were proposed for privacypreserving machine learning (including frameworks based on multiparty computation), there was a lack of attention to the attacks on the ideal functionality of machine learning. These enable an adversary to learn the service provider's model using specially crafted queries without interfering with the protocol. Possible attacks are shown in, for example, [1]. Furthermore, an example of vulnerable SVM can be found in [2]. go

Reducing the AND complexity of Boolean circuits using replacement rules for ninput gates
Bachelor Thesis, Master Thesis
Many protocols for secure computation represent the function to be computed as a Boolean circuit consisting of XOR and AND gates. Here, the XOR gates can be computed locally without the use of cryptographic operations, whereas the AND gates require interaction between the parties and are thus expensive. The goal of this thesis is to optimize ninput gates (the gates that map an nbit input to the corresponding 1bit output) by replacing them with the minimum number of AND gates and some amount of XOR gates in order to reduce their ANDsize.
Pinkas et al. [1] have shown that exactly half of the ninput gates (namely those where the Hamming weight of the function table is even) can be computed by at most n2 AND gates and free XORs for n<4. The research question is if this holds true also for n=4, 5, etc. The idea is to enumerate all circuits consisting of up to i=0,1, 2, …, n1 AND gates on n inputs and see to which ninput functionality they correspond. go