Abstract: Confidential Virtual Machines (CVMs) are the cornerstone of the modern push for Private AI and the future “default” for protecting data in use, however, the transition from architectural specification to secure deployment is fraught with challenges. While SEV-SNP and TDX offer a new paradigm for data-in-use protection, their security properties are not static. As
Abstract: The current geopolitical situation is characterized by growing dependence on digital infrastructures and increasing international tensions. For Switzerland, the Domain Name System (DNS) represents a crucial component in ensuring digital sovereignty and the protection of national interests. As a neutral state, Switzerland is particularly committed to maintaining its digital infrastructure in an independent, resilient,
Abstract: Abstract: Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum’s DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain MEV whose detection and execution logic reside largely
Abstract: Cryptographic software is currently facing two major challenges. First, upgrading our cryptographic infrastructure to post-quantum primitives is probably the largest and most demanding cryptographic migration effort ever. New software needs to be written, optimized for different platforms, extensively tested and audited, and eventually integrated into protocols and systems. Second, it becomes increasingly clear that
Abstract: We have been working to discover IoT devices with security risks and to deliver security notifications to their owners. Our activities include discovering remote management devices used in critical infrastructure and notifying their operators; investigating IoT devices deployed within university networks and issuing notifications to administrators; and offering a security diagnostic service for consumer
Abstract: On August 1, 2025, new cybersecurity requirements under the EU’s Radio Equipment Directive (RED) came into force. While the RED marks the first binding security obligations for a broad range of products, it is best understood as a stepping stone toward the EU’s more ambitious Cyber Resilience Act (CRA). Together, these initiatives signal a
Abstract: Awareness is growing that the statistical analysis of personal data, such as individuals’ mobility, financial, and health data, could be of significant benefit to society. However, liberal societies have refrained from such analytics, arguably due to the lack of trusted analytics platforms that scale to billions of records while reliably preventing the leakage and
Abstract: We propose efficient, post-quantum threshold ring signatures constructed from one-wayness of AES encryption and the VOLE-in-the-Head zero-knowledge proof system. Our scheme scales efficiently to large rings and extends the ring signatures paradigm. We define and construct key-binding deterministic tags for signature linkability, that also enable succinct aggregation with approximate lower bound arguments of knowledge;
Abstract: The talk covers the security and privacy of FIDO2, a standard and pervasive authentication technology. We focus on CTAP, an application layer protocol used during second-factor or single-factor authentication by a FIDO2 Authenticator and a FIDO2 Client, like a Yubikey USB/NFC dongle and a laptop. We uncover two new attack classes on CTAP called
Abstract: Olvid is a French messaging app with over 200,000 users, including high-risk users such as members of the French government. Despite bold claims positioning Olvid as the most secure messenger in the world and its important user base, limited independent analysis has been conducted on its security. Here we present our work, which takes