UC Berkeley

Sensitive private information is increasingly processed on relatively public networks and systems. Location data is constantly gathered from users’ mobile phones and correlated with their activity, measuring both who they interact with in the real world, and their online behavior. Analytics workloads operate over the private data associated with millions of customers, which could include Amazon purchase histories, location trace data, or web browsing information derived from third-party cookies. Machine learning workloads are consuming every source of public (and non-public) data available through the Internet, as companies like OpenAI and Google compete to create the best and most accurate large language models. While cryptographic techniques can protect sensitive information, performant deployments are still out of reach because they assume better system capabilities than currently exist. As a result, in many cases where user privacy is at risk, the cost of protecting it directly trades off with commercial viability. For example, consumers likely would not tolerate a mo- bile app that privately interacted with nearby Internet of Things (IoT) devices but drained their battery, or a private ChatGPT version that required over a minute to respond to every question.

As a result, reducing the divide between the theoretical capabilities of advanced cryptographic primitives and what we can hope to reasonably compute in today’s cryptographic systems is critical to supporting user data privacy moving forward. Thankfully, not all is lost. A new generation of heterogeneous hardware is becoming commonplace, from millions of embedded sensors and consumer mobile platforms that are more energy-efficient and computationally powerful than ever before, to server-class graphics processing units (GPUs) with hundreds of cores for general-purpose computing. Critically, however, mobile platforms and GPUs exhibit significantly limited energy and memory availability, respectively, so crypto- graphic systems we develop must take these into consideration to achieve practicality.

In this dissertation, I present my work on adapting cryptography for hardware resource constraints in order to achieve both performance and privacy. I will cover several systems we developed: Nebula, a protocol for embedded sensors and mobile phones to retrieve data from anywhere without leaking user participation; Piranha, a platform to accelerate multiparty computation-based ML training to privately incorporate sensitive datasets into a collaboratively-computed model; and finally, a systems approach to increase both the scale and throughput of zero-knowledge proving to improve the performance of private identity systems, blockchains, and verifiable computation. In each of these cases, considering the compute, energy, and memory constraints of specialized hardware allows us to recast expensive cryptographic problems into practically-efficient systems.