News

Paper accepted at USENIX Security 2026

09/07/2026

The USENIX Security Symposium is one of the world’s most prestigious cybersecurity research conferences, bringing together researchers, practitioners and developers each year to present and discuss the latest findings on security and privacy in computer systems and networks. Once again this year, papers co-authored by ATHENE researchers from TU Darmstadt have been accepted for presentation at this prestigious conference. 

SING: Improving the Efficiency of MPC Protocol Assignment using Graph Neural Networks
Jannis Blüml, Moritz Huppert, Nora Khayata, Joachim Schmidt, Thomas Schneider Secure Multi-Party Computation (MPC) protects private data from multiple parties during joint computations but is very slow. Hybrid MPC compilers split a given computation into parts and pick the most efficient MPC protocol for each part. So far, this choice relies on fixed rules set by experts or costly mathematical optimization. Such rules do not generalize well, and optimization can take very long for large computations. The presented framework SING instead trains neural networks to learn good choices. This speeds up the assignment process by up to 76,696-fold, with assignments of comparable quality to mathematical optimized ones. An additional neural network also estimates in advance how costly an assignment will be in practice. This makes MPC as a privacy-enhancing technology more practical, for example for health data or fraud detection between companies. The researchers also publish a new dataset of 704 example circuits to support further research. This work was conducted as part of the ATHENE project, "PriDA – Private Data Analysis via Cryptographic Protocols".
The research paper is publicly available via: https://eprint.iacr.org/2026/1237 

Do You Need a Receipt? Anonymous Credential Revocation at Continental Scale via Private Record Certification
Kasra EdalatNejad, Sebastian Faust, Jonas Hofmann, Philipp-Florens Lehwalder, Thomas SchneiderAnonymous credentials ensure accountability while protecting privacy, for example, in digital identity documents used online. But they are hard to revoke once invalid, without exposing the holder's identity. Existing solutions are either slow or reveal information about the holder, which breaks the anonymity. In the paper, the researchers present a new method called "Private Record Certification." It certifies the status of a database entry without revealing the entry itself or the requester's identity. This makes it possible to check whether an ID is revoked, without identifying the person. The method combines two cryptographic tools: private database queries and multiparty computation, in which several servers jointly compute on private data that none of the servers can access. Multiple independent revocation authorities work together, without any of them being able to track users. In tests, the system handles over one billion credentials in under one second. The method makes privacy-friendly digital identity practical at scales beyond a single country, for example, within the planned European Digital Identity (EUDI) Wallet. This work was conducted as part of the ATHENE project, "PriDA – Private Data Analysis via Cryptographic Protocols." The research paper is publicly available via: https://eprint.iacr.org/2026/1189

Analyzing the WebRTC Ecosystem and Breaking Authentication in DTLS-SRTP
Martin Bach, Vukašin Karadžić, Lukas Knittel, Robert Merget, Jean Paul Degabriele
In the paper, the researchers describe a large-scale analysis of the WebRTC ecosystem, focusing particularly on the authentication mechanism in the DTLS handshake during WebRTC connection establishment. To conduct their investigation, the researchers developed an automated testing framework called DTLS-MitM-Scanner (DMS), building upon the TLS-Attacker tool. Using DMS, the researchers identified vulnerabilities in nine out of twenty-four tested providers — which collectively serve hundreds of millions of users — that allow DTLS authentication to be bypassed. The only prerequisite for a successful attack is for the attacker to assume a man-in-the-middle position, such as via a compromised router or internet service provider. This work was conducted as part of the ATHENE project, "Probabilistic Data Structures in Adversarial Environments".
The research paper is publicly available via: https://eprint.iacr.org/2026/584

USENIX Security 2026 will take place from 12 to 14 August 2026 in Baltimore, USA.

 

show all news