About Me

I am a researcher at the Secure Information Technology (SIT) research group at TU Darmstadt. My research interests are in applied cryptography, privacy enhancing technologies (PETs) and Internet infrastructure security. My current focus is on cryptographic protocols and, in particular, practical aspects of secure multiparty computation. I am also interested in bridging tech-policy gap.

Recent Blog Posts

Do you want cookies?

There are few film festivals in the world that are as famous as Festival de Cannes. Going by their website, they seem hospitable.

Before I decide what I want, they want to optimize my experience and they ask whether I want cookies. They offer not one, but two varieties.

For a moment, it felt like I had just arrived at a friend’s place and was being offered cookies (the crunchy ones). Alas, website cookies are less crunchy and more sticky.

So many websites ask visitors to allow cookies[^1]. This was the first occasion where I was asked “Do you want analytical cookies?” and “Do you want social media cookies?”

The framing of their question (do you want) seems like they are offering me delicious cookies. In reality, they are crunching data while I am left wondering how my experience is being optimized.

By default, they do not store cookies for analytics and their privacy policy is written in understandable language.

My experience at IEEE S&P Shadow PC

What is the purpose of review process in academic conferences? Reviewing the papers and then deciding whether to accept the paper for the conference. The order is important. Nevertheless, my experience has been that reviewing and judgment on a paper run in parallel and the review is often influenced by the decision, as the reviewer tries to justify their decision in the review.

It was a pleasant surprise then that when I was on the Shadow Program Committee of IEEE S&P 2021 the order was maintained: review first and decide later. The chairs–Reza Shokri and Yuan Tian–emphasized that the reviewers review the paper as objectively as possible rather than make a decision on the paper while they review. You can read more about the process here.

Things only got better from there on. How often have you received reviews where the reviewers contradict each other and you wondered why they did not discuss with each other? We had this issue covered. Once the reviews were submitted, the reviewers discussed the paper and each other’s reviews to clarify their understanding of the paper. Then, the discussion lead wrote a meta-review for the paper.

I found that these discussions worked well when all the reviewers were actively involved in the process and were eager to understand the paper and each other’s reviews better. Some reviewers updated their individual reviews to reflect their improved understanding. Unfortunately, for a couple of papers, some of the reviewers either did not contribute to the discussion at all or chipped in sporadically. These reviewers, in most cases, also wrote reviews that were short and nonconstructive. They would have benefited the most had they engaged more in the discussions.

And yes, we did decide on the papers afterwards. Apart from a few papers where the reviewers strongly disagreed with each other, the decision making was rather straight-forward as the prior discussions were helpful in bringing about a good level of common understanding of the paper.

Would this process work with program committees of other conferences? There are a couple of factors that need to be considered. Will all the reviewers submit their reviews on time? Will they engage actively in the discussions? Late reviews will make it harder to kick-start the discussion and passive reviewers will prevent the discussion phase from being useful.

Ikiru and Meaning-making

“What would you do if you had 6 months to live?”

That’s the question Kanji Watanabe is faced with in Akira Kurosawa’s Ikiru (1952).

Watanabe has spent most of his life at the city office. He is always busy, as are his colleagues. Yet, if one were to ask him what he does, there is not much that he can say. He stamps papers and moves them from one pile to another. If there is a request for action, he directs it to another department. He has, what we might call, a bullshit job.

Favourite Books 2020

These are the books that I enjoyed reading the most this year.

  1. The Code of Capital - Katherina Pistor

    The thesis of this book is that capital is coded in law. Ordinary assets can be transformed into capital “by cloaking it in the legal modules that were also used to code asset-backed securities and their derivatives.” While laws evolve and are uncertain, global commerce has moved to get over these obstacles by getting states to recognize foreign laws. This way capital chooses which law applies to it.

  2. You’re Not Listening - Kate Murphy

    This book asks: What prevents us from listening well? What is good listening? How do we become a good listener? While going through this book, I recognized that being comfortable in silence with a person indicates my willingness to listen to them.

Links - Centralization

  • Clouding Up the Internet

    While there is talk of centralization of the Internet and breaking up of Big Tech, this discussion is often limited to the application layer of the Internet. What about the infrastructure? This research paper by Moura et al. at Internet Measurement Conference (IMC) 2020 discusses the centralization of the Internet based on measurement of DNS traffic sent to .nl, .nz and b-root servers. Centralization affects end-users in both good (e.g., deployment of QNAME-minimization) and bad (e.g., single point of failure) ways.

  • The De-democratization of AI

    While this paper looks at who (large firms and elite universities, they say) gets papers into top AI conferences, I found Figure 2 interesting as it has a few security and networking conferences. I wonder why, in the early 2000s, the proportion of papers with at least one author from a tech firm drops off significantly at USENIX Security. For some reason, in the appendix, the authors classify INFOCOM as a visualization conference.