About Me

I am a researcher at the Secure Information Technology (SIT) research group at TU Darmstadt. My research interests are in applied cryptography, privacy enhancing technologies (PETs) and Internet infrastructure security. My current focus is on cryptographic protocols and, in particular, practical aspects of secure multiparty computation. I am also interested in bridging tech-policy gap.

Recent Blog Posts

Father of A Sun

When we are faced with situations in life that question the identity we hold close to our hearts, we sometimes distance ourselves from the event. If the event involves someone we know, then we create a story in our mind that makes the present easier to live. We avoid the wrongs and focus on the positives.

A-Wen in the 2019 film A Sun is one such person. His identity as a father is questioned when the younger of his two sons is sent to juvenile detention for accompanying a friend who chopped-off the hand of a similar-aged boy. A-Wen’s approach to continue living his life involves a mental tweak. Whenever someone asks him how many children he has, he responds confidently that he has one son. This mental tweak helps him to avoid thinking about his role as a father in the development of his younger son.

This mental tweak helps him for a few days until he faces another tragedy. One evening, the older son jumps to his death from the roof of their apartment building. His older son had been the spark in the family. Excellent student at school and high-achieving. He was shy and thoughtful. No one really knew what he was thinking about. Just that he was often deep in thought. He was the son the father was proud of.

How many sons did the father have now? He still had one son, the one he did not want to acknowledge. No mental tweak needed now. As the younger one tells one of the officers in the detention center, the older brother was brilliant. He was just brilliant. But, it does not matter anymore. Only the younger one is alive now.

A-Wen reminded me of a conversation with a friend. This friend told me how they are proud of a grand father who fixed planes. The grandfather fixed planes during the second world war. They, a pacifist, mentioned how their grandfather did not kill anyone during the war and they only fixed planes. I was struck by this line of thought. The planes were used to bomb cities. Their grandfather may not have shot anyone, but they did contribute to the apparatus that was used to kill thousands of people. Nevertheless, the belief that their grandfather had not killed anyone during the war made them proud and limited the guilt they might otherwise have felt.

Apple PSI

Earlier in August, Apple announced a technology to limit the spread of Child Sexual Abuse Material by detecting them before they are uploaded to iCloud. Child safety advocates have voiced their support for this technology while privacy advocates emphasize that this technology can be misused and there is no protection against this technology being used for other purposes by states around the world.

Many others have written about the system, how it works and the potential privacy and surveillance issues. As part of the system, Apple uses a variant of private set intersection (PSI) that when properly used can provide cryptographic privacy. I want to focus on this part of the system and whether its use provides even cryptographic privacy in this context.

PSI is a cryptographic technique where only the intersection of two data sets is revealed and nothing else about the data sets is revealed. Lets say that you and I are huge fans of Marcel Proust’s In Search of Lost Time. But, neither of us has the entire collection of seven volumes. We want to avoid embarrassing each other by mentioning Proust’s writing from the volumes that one of us has not read. We want to identify the books that both of us have read. We also don’t want to leak which other volumes we have read. For this purpose, we could run a PSI protocol to identify which volumes both of us have while not revealing anything else.

Apple PSI does something similar. In fact, it does even better. It does not even reveal the intersection, only the associated data when there is an intersection. However, I think that the assumptions required for the protocol to provide cryptographic privacy in this particular setting of Apple do not hold.

PSI protocols run between a server and a client are a specific instance of secure two-party computation (2PC), which allows two parties to run a protocol and compute a function, without revealing anything other than the outputs of the function. In the case of PSI, the output is the elements that are common among the participating entities. In the case of Apple PSI, if there are common elements between the sets held by the server and those on the client device, then the server is informed through the associated data while the elements themselves are not revealed to the server. The client receives no output.

When we run a PSI protocol, the client and server need to be available. In simpler words, both of them want to participate in the protocol at a desired time. The server and the client need to be independent and they should not collude with each other. Non-collusion is important in this discussion and it is a requirement if we are to prove any kind of security for these protocols, such as in Section 4.4 of The Apple PSI System.

Is this requirement of non-collusion satisfied in the technology proposed by Apple? The server is controlled by Apple. The client is also controlled by Apple. The end-user may be able to disable syncing with iCloud, but the end user cannot control whether or not to participate in the PSI protocol if they want to use iCloud. If the end user could control whether or not to participate in this technology, then Apple’s CSAM limiting technology will fail. So, Apple has good reasons to prevent user control. However, this also means that Apple cannot claim to provide the end user cryptographic privacy as the requirement for running PSI requires that the end-user wants to participate in the protocol and that the client does not collude with the server, which is not the case here.

Communicating around the content

It was 2007 and text messaging was in the vogue, at least where I lived. Not sending messages over instant messaging apps such as Signal or WhatsApp, but Short Message Service (SMS). This was the time when I had one of my earliest mobile phones. It did not have internet connectivity. SMS and calling were its main functions.

Sending and receiving SMSes was a habit. Some days a few tens of messages and on other days a little more than hundred messages. SMSes were not free. We were able to pay a small lump-sum to have the privilege to send a few thousand SMSes over a month.

As useful as text messages were, there were times when we had to call each other. Calls were much more expensive. For someone still in school, with no income, saving costs was the priority. So we had to figure out a way to use the calling function of our mobile phones without having to pay for them. This was possible, as long as we did not need to speak over the phone. You might wonder, what might be the use of calling without speaking. Read on.

Lets say I was to travel to a book exhibition by train with my friend Sam. Sam lives a few kilometres away from my place and we board the train at different train stations. Sam boards the train at station A and I board the train at station B. Sam wants to make sure that we board the same train so that we can have a pleasant chat during the journey. We had decided that we will board the first carriage of the train in the direction of travel. We still needed a way to make sure we do not board different trains, especially as there was one train every 5 minutes on that particular route.

As Sam boarded the train before me, we decided that Sam will give me a “missed call” when he boards the train. A missed call is an intended termination of a call before the recipient answers it. I might miss an SMS without noticing it and we wanted to save costs by not speaking when he called. The missed call was a good solution for us.

We had recognized that we can communicate more than one message through missed calls. That is, the utility of missed calls went beyond 1-bit messages. We added another variable. The length of the ring before the call was terminated. When Sam boarded the train, he would give me a missed call that was terminated after the first ring. This missed call was sufficient for me to decide when to leave home. However, it was possible that I might walk slower than expected or might have to wait to buy train tickets. This meant that another nudge from Sam about the location of the train before it arrives at station B would help me.

Sam would give me another missed call. When the train had left the station preceding station B. This time he terminated the call after two rings. The second call was to alert me that the train was nearing station A and that I should rush had I not already arrived at the platform.

Seeing the sky, wherever you are

Imagine a group of mortals gathered in a room to stare through a rectangular opening that is covered in glass. They have gathered just before sunset. Not to see the sun set, but to see the sky while the sun sets. To see the colors of the sky.

What they watch is not mediated by a film director or a advertiser. But their view is “designed” by a artist. Their view is mediated by the lights in the room that have been carefully setup to control the colors they see, the colors of the sky.

The room lights that seem irrelevant when the sun is glowing bright in the sky, slowly but steadily, become prominent as the sun’s day at sky office comes to an end. The room is filled with warm light, which makes the sky look blue, even on a rainy day. This is James Turrell’s Meeting at MoMA PS1 in New York City, which was open for many years, including in early 2020 when I visited it 1.

Here is a work of an artist that brings people together to quietly observe the sky. To observe how the color of the sky changes. To observe how the color of the sky changes as the color of the lights in the room changes 2. It is almost meditative to be able to disconnect from our surroundings and to just observe the sky.

Is this why people visit places to see the sunset? Places where they don’t live. Places where they don’t work. Places where they are tagged as tourists. Places where they have the time and space to get off the road, stand-still and just watch the sun and the sky. To see the sky turn from blue to red to pink and orange. It is beautiful.

  1. https://www.moma.org/audio/playlist/288/3732↩︎

  2. https://gothamist.com/arts-entertainment/photos-james-turrells-mesmerizing-meeting-at-ps1-open-after-long-renovation↩︎

Luxury to disconnect

There are vast parts of the world that are yet to be connected to the Internet. Some more have very slow Internet connection. Then there are few who have, what some call, fast Internet connection.

There is so much that needs to be done to get some people connected. Community networks such as Zenzeleni are doing an incredible job at connecting regions that are not served by telecom providers.

But what about the rest? What about those who have fast Internet connection? How are we doing? Do we feel calm? Or are we drowning in anxiety?

How does it feel when you jump from one call to another? From one platform to another. Back to back calls. Is this the kind of Internet usage we want? Do we wanted to be (Inter)connected 24/7 but not feel connected to our surroundings?

Then there is speed. Feeling annoyed that the download is too slow or that the video is buffering for too long. Think of the people in the first category. They don’t have this possibility yet. In our quest for speed, we sometimes fall short in our appreciation of what we have.

Not everyone is getting anxious because we have to join yet another video call. Some of us are able to slow things down, choose what we do, and how we do them. We can choose not to join yet another social network platform. We can avoid the fear of missing out when we do not check our Twitter feeds incessantly. We can put aside electronic devices when we don’t need to use them. Hours before we head to bed for a good night’s sleep.

If you identify with the last paragraph, remember you are not the norm. We have the possibility to be idle during our personal time. We have no qualms about not being productive during the weekends. We are also the people who would comfortably reject invitations to social gatherings if they did not excite us. Maybe some of us prioritize higher quality work that comes with long hours of focus without distraction.