Secure computation allows multiple parties to compute functions over their private inputs without revealing anything beyond the output. My thesis focuses on "on-the-fly" secure computation: protocols that require minimal interaction between parties and no special setup assumptions, making them ideal for real-world deployments. The work provides new theoretical frameworks and practical implementations that advance both the theory and practice of secure computation.

PDF · Slides We introduce Multi-Key Homomorphic Secret Sharing (MKHSS), a new primitive that enables two parties to secret share inputs and perform local computations without requiring a public-key or correlated-randomness setup. Our construction supports all NC1 computations from standard assumptions (DDH, DCR, or class groups) and requires only a common reference string. We demonstrate several applications including succinct two-round secure computation, attribute-based NIKE, public-key PCFs, and communication-efficient MPC.

Paper Joint work with Geoffroy Couteau, Lalita Devadas, Aditya Hegde, and Abhishek Jain.
We introduce Simultaneous-Message and Succinct (SMS) secure computation, a new style of secure computation scheme that enables two parties to compute on private inputs with minimal interaction and communication. Our scheme allows parties to exchange just a single round of messages simultaneously, with communication costs scaling sublinearly in the input of one party and output of the computed function. We show how to construct SMS from standard cryptographic assumptions (LWE) and demonstrate applications to trapdoor hash functions, rate-1 fully homomorphic encryption, and correlation-intractable hashing.

Paper Joint work with Elette Boyle, Abhishek Jain, and Akshayaram Srinivasan.
Distributed Point Functions (DPFs) are a fundamental building block in many privacy-preserving protocols, but traditionally require interactive setup between parties. We introduce Non-Interactive DPFs, which eliminate the need for interaction by allowing parties to publish special public keys. Any two parties can then locally derive DPF keys using only these public keys, without any communication. Our construction works with standard cryptographic assumptions and does not require heavy cryptographic tools like multi-key FHE or indistinguishability obfuscation.

Paper Joint work with Elette Boyle and Lalita Devadas.
Oblivious transfer is at the heart of secure computation protocols. In an OT extension, two parties can perform some secure computation protocol to generate "seeds" that they can then expand into many OT instances. In QuietOT, this setup process can be computed non-interactively using only the public key of the other party. Previous approaches offering a similar setup required computationally expensive techniques. In contrast, QuietOT generates millions of OTs per second, on commodity hardware. Separately, QuietOT offers a precomputability property that allows one party to generate all OT messages before even knowing the identity of the other party, which can be useful in practical settings.

Paper · Slides · Code Joint work with Geoffroy Couteau, Lalita Devadas, Alexander Koch, and Srinivas Devadas.
Constrained PRFs (CPRFs) have many applications. Until recently, we only knew how to construct CPRFs for simple constraint predicates under standard assumptions. We examine the case of inner product predicates (which give rise to a number of other useful predicates such as predicates described by constant-degree polynomials). We show that it is possible to construct constraint-hiding CPRFs for inner product predicates (1) unconditionally in the random oracle model, (2) under DDH, and (3) from the minimal assumption that one-way functions exist under certain restrictions. Previously, CPRFs for inner product constraints were only known from the DCR and LWE assumptions, or from non-standard assumptions. Our constructions are also the first to be concretely practical.

Paper · Slides · Code
Function secret sharing (FSS) has seen many applications in privacy-preserving systems. An important feature in these systems is the ability to enforce access control privately. We formalize this notion and provide several constructions for access control in FSS. We evaluate several applications of access control for FSS, including PIR with access control and faster anonymous communication.

Paper · Slides · Code Joint work with Simon Beyzerov, Eli Yablon, and Hyojae Park.
Mix-nets offer great scalability properties and can be used to instantiate anonymous broadcast (and communication) efficiently. We design and build Trellis, a new mix-net based anonymous broadcast system that offers: (1) concrete efficiency, (2) network robustness in the face of malicious servers, (3) scalability with added servers, and (4) security even when a majority of mix servers are malicious.

Paper · Slides · Code Joint work with Simon Langowski and Srinivas Devadas.
Tor can be significantly slower compared to regular browsing largely due to the way in which Tor routes traffic over the internet. Tor requires routing packets through multiple relays forming a "circuit." Traffic congestions between relays on a Tor circuit can lead to delays, increasing latency, and hindering user experience. ShorTor is an overlay for the Tor network which can help find shorter paths between relays using a trick deployed by major CDNs. ShorTor reduces latency between relays, is incrementally deployable, and minimally impacts the security of Tor.

Paper · Slides · Code Joint work with Kyle Hogan, Zachary Newman, Ben Weintraub, Cristina Nita-Rotaru, and Srinivas Devadas.
How do you find and retrieve similar items (a.k.a. nearest neighbors) from a remote database without revealing what you're looking for? We present Preco, an efficient privacy-preserving approximate nearest neighbor search protocol between a client and a remote database (replicated on two non-colluding servers). Preco takes into consideration the privacy of the client and the database. With Preco, clients can efficiently query for nearest neighbors in the database without the high communication overhead of prior work.

Paper · Slides · Code Joint work with Simon Langowski and Srinivas Devadas.
How do you broadcast high-bandwidth documents (e.g., video leaks) anonymously, even when the entire network is monitored?
We design and build Spectrum, a system for anonymously broadcasting large files over an untrusted network without leaking any metadata; even in the presence of a powerful network adversary.

Paper · Slides · Code Joint work with Zachary Newman and Srinivas Devadas.
Can we have privacy-preserving surveillance capitalism? In this paper, we explore how ad-tech companies can support high-fidelity targeted adverting while preserving user privacy. We design AdVeil: an ecosystem for private targeted advertising providing user data unlinkability and fraud-prevention guarantees.

Paper · Slides · Code Joint work with Kyle Hogan and Srinivas Devadas.