Anunay develops novel privacy-enhancing techniques that improve accountability of digital systems integral to our social, political, and economic lives: public auctions, private communication, foreign intelligence surveillance, content moderation, and censorship. His research spans computer security, privacy, and applied cryptography, and is motivated by gaps in current public policy.
Previously, Anunay investigated manipulation in cryptocurrency markets at the MIT Sloan School of Management, worked on a distributed encrypted filesystem at Keybase, and designed reranking models for search results at Bloomberg. As a Jane Stanford Fellow for Public Service, he worked with Member of Parliament Dr. Shashi Tharoor in his constituency of Thiruvananthapuram, Kerala.
Fingerprinting Censorship Systems
Working Paper (2023)
Anunay Kulshrestha, Mona Wang, Jonathan Mayer
Surveillance Transparency after Quantum Computing: Quantum-Resistant Multiparty Private Set Operations
In Submission (2023)
Anunay Kulshrestha, Jonathan Mayer
Under Section 702 of the Foreign Intelligence Surveillance Act, the U.S. Intelligence Community (IC) can intercept communications to or from a foreign target when stored in or passing through the United States. This surveillance, controversially, does not require a warrant. While the target must be foreign, communications involving Americans can be “incidentally” collected and used for law enforcement purposes. Recent work has demonstrated the feasibility of quantitatively estimating incidental collection, responding to congressional oversight and the IC’s openness to new empirical methods. The key insight is to convert the incidental collection estimation problem into a secure multiparty computation problem, which could be addressed with a variant of private set intersection. That prior work relies on elliptic curve cryptography, which is efficient—but the IC has expressed concern about the protocol’s vulnerability to future quantum attacks. In this work, we extend the proposal for estimating incidental collection under Section 702 to provide resistance against quantum computing. We first describe the specific security risks that a quantum adversary would pose for the protocol in prior work, Multiparty Private Set Intersection with Union and Sum (MPSIU-Sum). We then harden the protocol against quantum attack by updating the construction with lattice-based cryptography based on the ring learning with errors problem. We implement and benchmark the quantum-resistant version of MPSI-Sum, demonstrating that it remains practical for estimating Section 702 incidental collection.
Public Verification for Private Hash Matching
(Upcoming) IEEE Symposium on Security and Privacy (2023)
Sarah Scheffler, Anunay Kulshrestha, Jonathan Mayer
End-to-end encryption (E2EE) challenges online content moderation, because communications services lack access to plaintext content. The tension between E2EE and efforts to combat child sexual abuse material (CSAM) has become a global flashpoint, since the predominant method of detection—perceptual hash matching on plaintext content—is unavailable. Recent applied cryptography advances enable private hash matching (PHM), where a service can identify a match against a set of known CSAM images without revealing the hash set to users or nonmatching content to the service. These designs, especially a 2021 proposal for identifying CSAM in Apple’s iCloud Photos service, have attracted widespread criticism for creating risks to security, privacy, and free expression. In this work, we aim to advance scholarship and dialogue about PHM by describing new cryptographic methods for system verification by the general public. We begin with motivation, describing the rationale for PHM to detect CSAM and the serious societal and technical issues with its deployment. Verification could partially address shortcomings of PHM, and we systematize critiques into two areas for auditing: trust in the hash set and trust in the implementation. We explain how, while these two issues cannot be fully resolved by technology alone, there are possible cryptographic trust improvements. The primary contribution of this paper consists of novel cryptographic protocols that enable three types of public verification for PHM: (1) certification that child safety groups approve the hash set, (2) proof that particular lawful content is not in the hash set, and (3) eventual notification to users of false positive matches. The protocols that we describe are practical, efficient, and compatible with existing PHM constructions.
Leveraging Strategic Connection Migration-Powered Traffic Splitting for Privacy
Proceedings of the 22nd Privacy Enhancing Technologies Symposium (2022)
Mona Wang, Anunay Kulshrestha, Liang Wang, Prateek Mittal
[Paper] [Code] [Runner-up Best Student Paper’22] [Best HotPETs’21 Talk]
Network-level adversaries have developed increasingly sophisticated techniques to surveil and control users’ network traffic. In this paper, we exploit our observation that many encrypted protocol connections are no longer tied to device IP address (e.g., the connection migration feature in QUIC, or IP roaming in WireGuard and Mosh), due to the need for performance in a mobile-first world. We design and implement a novel framework, Connection Migration Powered Splitting (CoMPS), that utilizes these performance features for enhancing user privacy. With CoMPS, we can split traffic mid-session across network paths and heterogeneous network protocols. Such traffic splitting mitigates the ability of a network-level adversary to perform traffic analysis attacks by limiting the amount of traffic they can observe. We use CoMPS to construct a website fingerprinting defense that is resilient against traffic analysis attacks by a powerful adaptive adversary in the open-world setting. We evaluate our system using both simulated splitting data and real-world traffic that is actively split using CoMPS. In our real-world experiments, CoMPS reduces the precision and recall of VarCNN to 29.9% and 36.7% respectively in the open-world setting with 100 monitored classes. CoMPS is not only immediately deployable with any unaltered server that supports connection migration, but also incurs little overhead, decreasing throughput by only 5-20%.
Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum
31st USENIX Security Symposium (2022)
Anunay Kulshrestha, Jonathan Mayer
[Paper] [Code] [Slides] [Video] [Demo]
Section 702 of the Foreign Intelligence Surveillance Act authorizes U.S. intelligence agencies to intercept communications content without obtaining a warrant. While Section 702 requires targeting foreigners abroad for intelligence purposes, agencies “incidentally” collect communications to or from Americans and can search that data for purposes beyond intelligence gathering. For over a decade, members of Congress and civil society organizations have called on the U.S. Intelligence Community (IC) to estimate the scale of incidental collection. Senior intelligence officials have acknowledged the value of quantitative transparency for incidental collection, but the IC has not identified a satisfactory estimation method that respects individual privacy, protects intelligence sources and methods, and imposes minimal burden on IC resources. In this work, we propose a novel approach to estimating incidental collection using secure multiparty computation (MPC). The IC possesses records about the parties to intercepted communications, and communications services possess country-level location for users. By combining these datasets with MPC, it is possible to generate an automated aggregate estimate of incidental collection that maintains confidentiality for intercepted communications and user locations. We formalize our proposal as a new variant of private set intersection, which we term multiparty private set intersection with union and sum (MPSIU-Sum). We then design and evaluate an efficient MPSIU-Sum protocol, based on elliptic curve cryptography and partially homomorphic encryption. Our protocol performs well at the large scale necessary for estimating incidental collection in Section 702 surveillance.
Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation
30th USENIX Security Symposium (2021)
Anunay Kulshrestha, Jonathan Mayer
[Paper] [Slides] [Video] [Demo]
End-to-end encryption (E2EE) poses a challenge for automated detection of harmful media, such as child sexual abuse material and extremist content. The predominant approach at present, perceptual hash matching, is not viable because in E2EE a communications service cannot access user content. In this work, we explore the technical feasibility of privacy-preserving perceptual hash matching for E2EE services. We begin by formalizing the problem space and identifying fundamental limitations for protocols. Next, we evaluate the predictive performance of common perceptual hash functions to understand privacy risks to E2EE users and contextualize errors associated with the protocols we design. Our primary contribution is a set of constructions for privacy-preserving perceptual hash matching. We design and evaluate client-side constructions for scenarios where disclosing the set of harmful hashes is acceptable. We then design and evaluate interactive protocols that optionally protect the hash set and do not disclose matches to users. The constructions that we propose are practical for deployment on mobile devices and introduce a limited additional risk of false negatives.
- Estimating Incidental Collection in Foreign Intelligence Surveillance
September 2022: Privacy and Civil Liberties Oversight Board
June 2022: Boston University
- Data Privacy and Policy Implications
November 2021: U.S. Senate Committee on Commerce
- Privacy Preserving Health Misinformation Detection
March 2021: Stanford Internet Observatory E2EE Workshop
- Response to RFC: Indian Telecommunication Bill 2022
Public Comment · Nov 9, 2022
Anunay Kulshrestha, Gurshabad Grover
- Response to RFC: PCLOB Oversight Project Examining Section 702 of FISA
Public Comment · Nov 4, 2022
Anunay Kulshrestha, Jonathan Mayer
- Response to RFI: Advancing Privacy-Enhancing Technologies by the Office of Science and Technology Policy
Public Comment · Jul 8, 2022
Anunay Kulshrestha, Jonathan Mayer, Sarah Scheffler
- Response to RFC: Scoping the Evaluation of CSAM Prevention and Detection Tools in the Context of E2EE Environments
Public Comment · Apr 8, 2022
Sarah Scheffler, Jonathan Mayer, Anunay Kulshrestha
- We built a system like Apple’s to flag child sexual abuse material — and concluded the tech was dangerous
The Washington Post · Aug 19, 2021
Jonathan Mayer, Anunay Kulshrestha
Selected Press Coverage
Introduction to Cryptography (CS 255): Winter 2017-18
Analysis of Networks (CS 224W): Fall 2017-18
- Artifact Evaluation Committee: USENIX Security 2023
- External Reviewer: USENIX Security 2021