ZISC Seminars

The DNS as National Critical Infrastructure in an Era of Geopolitical Tensions

March 24, 2026Harshad SathayeZISC Seminars

Abstract: The current geopolitical situation is characterized by growing dependence on digital infrastructures and increasing international tensions. For Switzerland, the Domain Name System (DNS) represents a crucial component in ensuring digital sovereignty and the protection of national interests. As a neutral state, Switzerland is particularly committed to maintaining its digital infrastructure in an independent, resilient,

Optimistic MEV in Ethereum Layer 2s: Why Blockspace Is Always in Demand

March 5, 2026Harshad SathayeZISC Seminars

Abstract: Abstract: Layer 2 rollups are rapidly absorbing DeFi activity, securing over $40 billion and accounting for nearly half of Ethereum’s DEX volume by Q1 2025, yet their MEV dynamics remain understudied. We address this gap by defining and quantifying optimistic MEV, a form of speculative, on-chain MEV whose detection and execution logic reside largely

Towards a New Generation of Cryptographic Software

February 27, 2026Harshad SathayeZISC Seminars

Abstract: Cryptographic software is currently facing two major challenges. First, upgrading our cryptographic infrastructure to post-quantum primitives is probably the largest and most demanding cryptographic migration effort ever. New software needs to be written, optimized for different platforms, extensively tested and audited, and eventually integrated into protocols and systems. Second, it becomes increasingly clear that

Did Security Notifications Reach the Owners of IoT Devices?

November 20, 2025Harshad SathayeZISC Seminars

Abstract: We have been working to discover IoT devices with security risks and to deliver security notifications to their owners. Our activities include discovering remote management devices used in critical infrastructure and notifying their operators; investigating IoT devices deployed within university networks and issuing notifications to administrators; and offering a security diagnostic service for consumer

What EU Product Security Regulation Means for Academia and Industry

November 13, 2025Harshad SathayeZISC Seminars

Abstract: On August 1, 2025, new cybersecurity requirements under the EU’s Radio Equipment Directive (RED) came into force. While the RED marks the first binding security obligations for a broad range of products, it is best understood as a stepping stone toward the EU’s more ambitious Cyber Resilience Act (CRA). Together, these initiatives signal a

Towards Scalable Secure Analytics of Personal Data

October 3, 2025Harshad SathayeZISC Seminars

Abstract: Awareness is growing that the statistical analysis of personal data, such as individuals’ mobility, financial, and health data, could be of significant benefit to society. However, liberal societies have refrained from such analytics, arguably due to the lack of trusted analytics platforms that scale to billions of records while reliably preventing the leakage and

Post-Quantum Threshold Ring Signature Applications from VOLE-in-the-Head

September 18, 2025Harshad SathayeZISC Seminars

Abstract: We propose efficient, post-quantum threshold ring signatures constructed from one-wayness of AES encryption and the VOLE-in-the-Head zero-knowledge proof system. Our scheme scales efficiently to large rings and extends the ring signatures paradigm. We define and construct key-binding deterministic tags for signature linkability, that also enable succinct aggregation with approximate lower bound arguments of knowledge;

CTRAPS: CTAP Client Impersonation and API Confusion on FIDO2

June 20, 2025Harshad SathayeZISC Seminars

Abstract: The talk covers the security and privacy of FIDO2, a standard and pervasive authentication technology. We focus on CTAP, an application layer protocol used during second-factor or single-factor authentication by a FIDO2 Authenticator and a FIDO2 Client, like a Yubikey USB/NFC dongle and a laptop. We uncover two new attack classes on CTAP called

Olvid – The good, the bad and the ugly

June 4, 2025Harshad SathayeZISC Seminars

Abstract: Olvid is a French messaging app with over 200,000 users, including high-risk users such as members of the French government. Despite bold claims positioning Olvid as the most secure messenger in the world and its important user base, limited independent analysis has been conducted on its security. Here we present our work, which takes

GhostRace: Exploiting and Mitigating Speculative Race Conditions

April 10, 2025Harshad SathayeZISC Seminars

Abstract: Race conditions arise when multiple threads attempt to access a shared resource without proper synchronization, often leading to vulnerabilities such as concurrent use-after-free. To mitigate their occurrence, operating systems rely on synchronization primitives such as mutexes, spinlocks, etc. In this paper, we present GhostRace, the first security analysis of these primitives on speculatively executed