The paper introduces $\pi$Creds, a novel system for generating privacy-preserving, decentralized verifiable credentials by leveraging LLM inference over authenticated data, significantly expanding the…

The paper proposes and proves the security of a generic, full end-to-end credential revocation system for European Digital Identity Wallets, relying on a single server and secure channels.

The paper proposes bPk#, a distributed architecture for pseudonyms that enhances privacy and availability in national eID systems by delegating pseudonym computation rights to users and service provid…

The paper proves that standard account-based ledgers cannot non-custodially enforce asset disposition, and introduces a novel commitment-based ledger structure, the 'envelope,' that achieves this capa…

zkSBOM introduces a zero-knowledge mechanism for sharing Software Bills of Materials (SBOMs) that allows consumers to check for vulnerabilities without suppliers revealing the full, sensitive contents…

FIDEM introduces a standard-compliant framework that uses Zero-Knowledge Proofs to securely bind IoT devices to their Manufacturer Usage Description (MUD) profiles, mitigating risks associated with in…

The paper introduces GAAP, an execution environment that deterministically guarantees the confidentiality of private user data by enforcing user-defined permission specifications on AI agents, even ag…

This paper investigates privacy risks associated with credential disclosure in the upcoming EU Digital Identity Wallet, demonstrating that users tend to overshare information, and proposes a Credentia…

BodhiPromptShield is a policy-aware framework that mediates prompt privacy by detecting sensitive data and replacing it with secure placeholders across multiple stages (retrieval, memory, tools) to pr…

The paper proposes a comprehensive cryptographic distribution provenance system to structurally defend against dependency confusion attacks in software package ecosystems.

The paper introduces a Contextual Integrity (CI) framework and a new benchmark (DelegateCI-Bench) to rewrite user queries sent to cloud LLMs, ensuring only task-essential information is retained while…

The paper introduces $I$-$(OT)^2$, a novel base 1-out-of-2 Oblivious Transfer (OT) protocol designed to minimize computation and interaction for resource-constrained IoT devices.

The paper proposes the Redpanda Agentic Data Plane (ADP), an architecture that uses out-of-band metadata channels to deterministically enforce security policies and governance for autonomous AI agents…

The paper proposes Information Sufficiency (IS) as a comprehensive framework for privacy-preserving LLM communication, demonstrating that free-text pseudonymization outperforms existing suppression an…

The paper introduces a novel, scalable, and provably secure biometric authentication system designed to authenticate millions of users against cloud databases without requiring auxiliary identifiers.

The paper proposes the User Data Sharing System (UDSS), a hardware-anchored middleware that securely manages PII exchange across diverse consumer electronics devices, significantly reducing onboarding…

The paper introduces the PrivacyIceberg framework to systematically categorize and empirically demonstrate the high risk of automated, deep personal profiling using LLM agents, revealing a significant…

Pepper is a novel, high-bandwidth anonymous broadcast protocol that achieves cryptographic sender anonymity and significantly improves messaging throughput compared to existing state-of-the-art system…

This paper proposes a multi-layered defense strategy combining pre-output monitoring, calibrated canary detection, and cumulative information-flow tracking to prevent LLM agents from exfiltrating sens…

This study provides the first measurement of authentication security in real-world remote Model Context Protocol (MCP) servers, finding pervasive and critical authentication weaknesses, particularly i…