Publications
Contributions to cryptography and verifiable AI.
FALAFEL: Modular Zero-Knowledge Proofs of Training in the Federated Setting
Cryptology ePrint Archive, Paper 2026/1335
2026
Abstract
We introduce FALAFEL, a modular scheme for Fast, Authenticated, Locally Attested FEderated Learning, with which parties can create a zero-knowledge proof of training (zkPoT) for Federated Learning (FL). The proof guarantees active security during the federated training process as well as publicly verifiable correctness of the final, trained model. All without revealing any additional information about the local datasets or intermediate local model states.Specifically, our approach targets FL of (deep) neural networks with a centralized server for weight updates. Our zkPoT not only offers attestation for local training steps, but also for the centralized weight update, as well as taking into account input authenticity by introducing a trusted auditor. This way an external verifier can check the entire training process, from dataset to final model.
In contrast to prior work on zkPoTs, our construction solely relies on well-understood cryptographic assumptions and primitives, is highly parallelizable, and takes a modular approach. This modular (commit-and-prove) approach uses several novel core proof components, that could be swapped for other building blocks if desired. We show that, for LeNet, we generate a zkPoT of 70 kB in roughly 150 seconds for a single training round. FALAFEL’s prover time is in line with prior work, and its proof size is significantly smaller (10–15×), without relying on less-understood assumptions or instantiating Fiat–Shamir using arithmetic hash functions.
Secure Addition of Floating Points
International Journal of Applied Cryptography
2025
Abstract
Secure multi-party computation (MPC) and homomorphic encryption are powerful tools for computing with secret numbers without revealing inputs or intermediate values. To securely achieve high accuracy with varying number sizes, one needs to work with floating points in the secret domain. The main bottleneck of secure floating points is addition. We improve its efficiency by designing a protocol for multiple additions, using standard building blocks available in most MPC platforms. The more additions n are combined, the larger the relative gain — up to a factor of 13 with n = 1,024. Additionally, we introduce a new protocol for securely computing the bitlength (given upper bound M), the first with linear time complexity and constant round complexity.A Survey on the Quantum Security of Block Cipher-Based Cryptography
IEEE Access
2024
Abstract
The development of quantum computers represents an important advancement in computing, using quantum mechanics to address problems that were previously difficult to solve. This technological advancement poses a challenge for cryptographic systems. While some methods are known to be vulnerable, the impact of quantum computing on symmetric cryptography has received less research attention, largely because the common advice is to simply double the key size. This paper explores how quantum computing affects symmetric cryptography, focusing on block cipher-based cryptography. It surveys existing literature on the quantum resilience of symmetric cryptographic primitives based on block ciphers and their security in various scenarios. Not all symmetric cryptographic functionalities are quantum-secure, and their security depends on the specific adversary model being considered. We provide an overview of the research conducted and pinpoint areas where further investigation is needed.On Certain Elliptic Surfaces With j-Invariant Zero Over Prime Fields of Positive Characteristic
University of Groningen
2023