In the field of cryptography, we propose protocols that provide strong provable security guarantees, that is, one can mathematically prove that attacks against the scheme are impossible, or at least as hard to achieve as solving a computational problem that mathematicians failed to solve despite extensive research. When analyzing a more involved scheme that is based on several simpler cryptographic primitives, we prove that any attack against the scheme implies an attack against one of the underlying building blocks, where security of the building blocks in turn is based on mathematical hardness assumptions. In this talk, I will discuss the difficulty of proving security of so-called constrained pseudorandom functions (CPRFs).

A CPRF is a PRF with the following additional functionality: Given the secret key and a constraint, one can generate a constrained key which allows to evaluate the PRF on all inputs satisfying the constraint. For security, one requires that the function output on inputs not satisfying the constraint should remain pseudorandom. A prominent example of a CPRF is the construction of Goldreich, Goldwasser and Micali [GGM84], which supports prefix constraints and is based on pseudorandom generators. While selective security, where the adversary has to commit to its choices in the beginning of the security experiment, is relatively easy to prove for the GGM CPRF, it remained open to prove the stronger notion of adaptive security, where the adversary is allowed to make its choices on-the-fly, depending on what they learn during the game. I will discuss the difficulty of proving adaptive security of the GGM PRF and provide a very brief intuition on how we could finally solve the problem using a new rewinding proof technique.

Mobile malware continues to pose a serious threat to the security and privacy of mobile device users. In response, the research community has developed a wide range of machine learning-based detection approaches over the past decade, aiming to overcome the limitations of traditional signature-based techniques. While these learning-based methods have demonstrated strong potential, the field still faces a number of unresolved challenges—such as concept drift and evolving adversarial behaviors—that must be addressed to ensure sustained effectiveness in real-world environments. In this talk, we reflect on a decade of research in machine learning-based mobile malware detection, discuss key lessons learned, and highlight ongoing challenges that present opportunities for future work.

State-of-the-art image reconstruction often relies on complex, highly parameterized deep architectures. We propose an alternative: a data-driven reconstruction method inspired by the classic Tikhonov regularization. Our approach iteratively refines intermediate reconstructions by solving a sequence of quadratic problems. These updates have two key components: (i) learned filters to extract salient image features, and (ii) an attention mechanism that locally adjusts the penalty of filter responses. Thereby, it achieves performance on par with leading plug-and-play and learned regularizer approaches while offering interpretability, robustness, and convergent behavior. In effect, we bridge traditional regularization and deep learning with a principled reconstruction approach.

Large-scale quantum (computing) experiments do not work in isolation. Substantial classical computing power is required to control the architecture and process its results. This necessarily creates information-transmission bottlenecks at the interface between quantum and classical realms.

I will present quantum-classical interfaces that address these information-transmission bottlenecks. Dubbed classical shadows (of quantum systems), these leverage frame theory and high-dimensional probability theory to obtain a succinct classical description of the underlying quantum system. These can then be used to efficiently predict many features of the quantum system in a streaming fashion. Building on these ideas, we also establish mathematically rigorous synergies between quantum experiments (to obtain data) and machine learning (to learn how to make predictions).

Artificial Intelligence (AI) accomplishes tasks that have previously been reserved for biological intelligence. One of the current observations is that AI systems become increasingly capable because they (A) can be scaled to large sizes, and (B) can be trained on Big Data. But there are also many downsides of current, large-scale AI models that are intensively discussed. One major disadvantage is their ever increasing energy consumption. In my talk I will focus on alternative training technology for Machine Learning (ML) models with a focus on probabilistic models for unsupervised learning. I will highlight important optimization techniques that represent alternatives to mainstream approaches especially for limited data, for difficult data but also for Big Data. Advantages of the resulting ML algorithms in terms interpretability, capabilities and training efficiency will be discussed. As an outlook, I will argue that novel training technology is, in general, likely to be a significant factor for next generation AI systems.

How will future microarchitectures impact the security of existing cryptographic implementations? As we cannot keep reducing the size of transistors, chip vendors have started developing new microarchitectural optimizations to speed up computation. A recent study (Sanchez Vicarte et al., ISCA 2021) suggests that these optimizations might open the Pandora’s box of microarchitectural attacks. However, there is little guidance on how to evaluate the security impact of future optimization proposals. To help chip vendors explore the impact of microarchitectural optimizations on cryptographic implementations, we develop (i) an expressive domain-specific language, called LmSpec, that allows them to specify the leakage model for the given optimization and (ii) a testing framework, called LmTest, to automatically detect leaks under the specified leakage model within the given implementation. Using this framework, we conduct an empirical study of 18 proposed microarchitectural optimizations on 25 implementations of eight cryptographic primitives in five popular libraries. We find that every implementation would contain secret-dependent leaks, sometimes sufficient to recover a victim’s secret key, if these optimizations were realized. Ironically, some leaks are possible only because of coding idioms used to prevent leaks under the standard constant-time model.

Graph-Massivizer (https://graph-massivizer.eu/) is a Horizon Europe project coordinated by the University of Klagenfurt that researches and develops a holistic neuro-symbolic platform for processing and analytics of extreme data represented as semantic knowledge graphs with billions of nodes and edges. The talk presents a case study of using the platform for anomaly prediction in the CINECA supercomputing center using graph neural networks supported by machine learning-driven sampling algorithms for scalable training and inference on resource-constrained devices.

In this talk, I will discuss opportunities and challenges in discovering latent structure and causal relations from data using machine learning. I will introduce three key areas of causality research: causal reasoning, causal discovery, and causal representations. I will relate each one to methodologies in machine learning and show how advances in the latter enable new generations of algorithms. As an exemplar application of causal reasoning and representations, I will present results toward accelerating scientific discovery in real-world experimental ecology.

Agent-based program repair promises end-to-end bug fixing by combining planning, tool use, and code generation via large language models. While prior work has focused on open-source benchmarks like SWE-Bench, we explore the viability of such approaches in an enterprise context using a curated dataset of 178 real-world bugs from Google’s issue tracker—78 human-reported and 100 machine-reported. We present Passerine, an agent adapted to Google’s development environment, and evaluate its performance. Passerine achieves plausible fixes for 73% of machine-reported and 25.6% of human-reported bugs, with 43% and 17.9% of these being semantically equivalent to the ground truth. Our results establish a baseline for agentic repair in industrial settings, highlighting key differences from public benchmarks.