Anunay Kulshrestha

---

Anunay is an information security and technology policy researcher. He is currently a doctoral candidate in Computer Science at the Center for Information Technology Policy at Princeton University.

Anunay develops novel privacy-enhancing techniques that improve accountability of digital systems integral to our social, political, and economic lives: public auctions, private communication, foreign intelligence surveillance, content moderation, and censorship. His research spans computer security, privacy, and applied cryptography, and is motivated by gaps in current public policy.

Previously, Anunay investigated manipulation in cryptocurrency markets at the MIT Sloan School of Management, worked on a distributed encrypted filesystem at Keybase, and designed reranking models for search results at Bloomberg. As a Jane Stanford Fellow for Public Service, he worked with Member of Parliament Dr. Shashi Tharoor in his constituency of Thiruvananthapuram, Kerala.

Anunay graduated from Stanford University with undergraduate degrees in Mathematics and Computer Science, and a graduate degree in Public Policy.

---

Recent Research

• Fingerprinting Censorship Systems
  Working Paper (2023)
  Anunay Kulshrestha, Mona Wang, Jonathan Mayer
  
• Surveillance Transparency after Quantum Computing: Quantum-Resistant Multiparty Private Set Operations
  In Submission (2023)
  Anunay Kulshrestha, Jonathan Mayer
  

  Under Section 702 of the Foreign Intelligence Surveillance Act, the U.S. Intelligence Community (IC) can intercept communications to or from a foreign target when stored in or passing through the United States. This surveillance, controversially, does not require a warrant. While the target must be foreign, communications involving Americans can be “incidentally” collected and used for law enforcement purposes. Recent work has demonstrated the feasibility of quantitatively estimating incidental collection, responding to congressional oversight and the IC’s openness to new empirical methods. The key insight is to convert the incidental collection estimation problem into a secure multiparty computation problem, which could be addressed with a variant of private set intersection. That prior work relies on elliptic curve cryptography, which is efficient—but the IC has expressed concern about the protocol’s vulnerability to future quantum attacks. In this work, we extend the proposal for estimating incidental collection under Section 702 to provide resistance against quantum computing. We first describe the specific security risks that a quantum adversary would pose for the protocol in prior work, Multiparty Private Set Intersection with Union and Sum (MPSIU-Sum). We then harden the protocol against quantum attack by updating the construction with lattice-based cryptography based on the ring learning with errors problem. We implement and benchmark the quantum-resistant version of MPSI-Sum, demonstrating that it remains practical for estimating Section 702 incidental collection.

• Public Verification for Private Hash Matching
  (Upcoming) IEEE Symposium on Security and Privacy (2023)
  Sarah Scheffler, Anunay Kulshrestha, Jonathan Mayer
  

  End-to-end encryption (E2EE) challenges online content moderation, because communications services lack access to plaintext content. The tension between E2EE and efforts to combat child sexual abuse material (CSAM) has become a global flashpoint, since the predominant method of detection—perceptual hash matching on plaintext content—is unavailable. Recent applied cryptography advances enable private hash matching (PHM), where a service can identify a match against a set of known CSAM images without revealing the hash set to users or nonmatching content to the service. These designs, especially a 2021 proposal for identifying CSAM in Apple’s iCloud Photos service, have attracted widespread criticism for creating risks to security, privacy, and free expression. In this work, we aim to advance scholarship and dialogue about PHM by describing new cryptographic methods for system verification by the general public. We begin with motivation, describing the rationale for PHM to detect CSAM and the serious societal and technical issues with its deployment. Verification could partially address shortcomings of PHM, and we systematize critiques into two areas for auditing: trust in the hash set and trust in the implementation. We explain how, while these two issues cannot be fully resolved by technology alone, there are possible cryptographic trust improvements. The primary contribution of this paper consists of novel cryptographic protocols that enable three types of public verification for PHM: (1) certification that child safety groups approve the hash set, (2) proof that particular lawful content is not in the hash set, and (3) eventual notification to users of false positive matches. The protocols that we describe are practical, efficient, and compatible with existing PHM constructions.

• Leveraging Strategic Connection Migration-Powered Traffic Splitting for Privacy
  Proceedings of the 22nd Privacy Enhancing Technologies Symposium (2022)
  Mona Wang, Anunay Kulshrestha, Liang Wang, Prateek Mittal
  [Paper] [Code]   [Runner-up Best Student Paper’22] [Best HotPETs’21 Talk]

  Network-level adversaries have developed increasingly sophisticated techniques to surveil and control users’ network traffic. In this paper, we exploit our observation that many encrypted protocol connections are no longer tied to device IP address (e.g., the connection migration feature in QUIC, or IP roaming in WireGuard and Mosh), due to the need for performance in a mobile-first world. We design and implement a novel framework, Connection Migration Powered Splitting (CoMPS), that utilizes these performance features for enhancing user privacy. With CoMPS, we can split traffic mid-session across network paths and heterogeneous network protocols. Such traffic splitting mitigates the ability of a network-level adversary to perform traffic analysis attacks by limiting the amount of traffic they can observe. We use CoMPS to construct a website fingerprinting defense that is resilient against traffic analysis attacks by a powerful adaptive adversary in the open-world setting. We evaluate our system using both simulated splitting data and real-world traffic that is actively split using CoMPS. In our real-world experiments, CoMPS reduces the precision and recall of VarCNN to 29.9% and 36.7% respectively in the open-world setting with 100 monitored classes. CoMPS is not only immediately deployable with any unaltered server that supports connection migration, but also incurs little overhead, decreasing throughput by only 5-20%.

• Estimating Incidental Collection in Foreign Intelligence Surveillance: Large-Scale Multiparty Private Set Intersection with Union and Sum
  31st USENIX Security Symposium (2022)
  Anunay Kulshrestha, Jonathan Mayer
  [Paper] [Code] [Slides] [Video] [Demo]

  Section 702 of the Foreign Intelligence Surveillance Act authorizes U.S. intelligence agencies to intercept communications content without obtaining a warrant. While Section 702 requires targeting foreigners abroad for intelligence purposes, agencies “incidentally” collect communications to or from Americans and can search that data for purposes beyond intelligence gathering. For over a decade, members of Congress and civil society organizations have called on the U.S. Intelligence Community (IC) to estimate the scale of incidental collection. Senior intelligence officials have acknowledged the value of quantitative transparency for incidental collection, but the IC has not identified a satisfactory estimation method that respects individual privacy, protects intelligence sources and methods, and imposes minimal burden on IC resources. In this work, we propose a novel approach to estimating incidental collection using secure multiparty computation (MPC). The IC possesses records about the parties to intercepted communications, and communications services possess country-level location for users. By combining these datasets with MPC, it is possible to generate an automated aggregate estimate of incidental collection that maintains confidentiality for intercepted communications and user locations. We formalize our proposal as a new variant of private set intersection, which we term multiparty private set intersection with union and sum (MPSIU-Sum). We then design and evaluate an efficient MPSIU-Sum protocol, based on elliptic curve cryptography and partially homomorphic encryption. Our protocol performs well at the large scale necessary for estimating incidental collection in Section 702 surveillance.

• Identifying Harmful Media in End-to-End Encrypted Communication: Efficient Private Membership Computation
  30th USENIX Security Symposium (2021)
  Anunay Kulshrestha, Jonathan Mayer
  [Paper] [Slides] [Video] [Demo]

  End-to-end encryption (E2EE) poses a challenge for automated detection of harmful media, such as child sexual abuse material and extremist content. The predominant approach at present, perceptual hash matching, is not viable because in E2EE a communications service cannot access user content. In this work, we explore the technical feasibility of privacy-preserving perceptual hash matching for E2EE services. We begin by formalizing the problem space and identifying fundamental limitations for protocols. Next, we evaluate the predictive performance of common perceptual hash functions to understand privacy risks to E2EE users and contextualize errors associated with the protocols we design. Our primary contribution is a set of constructions for privacy-preserving perceptual hash matching. We design and evaluate client-side constructions for scenarios where disclosing the set of harmful hashes is acceptable. We then design and evaluate interactive protocols that optionally protect the hash set and do not disclose matches to users. The constructions that we propose are practical for deployment on mobile devices and introduce a limited additional risk of false negatives.

---

Talks

• Estimating Incidental Collection in Foreign Intelligence Surveillance
  September 2022: Privacy and Civil Liberties Oversight Board
  June 2022: Boston University
• Data Privacy and Policy Implications
  November 2021: U.S. Senate Committee on Commerce
• Privacy Preserving Health Misinformation Detection
  March 2021: Stanford Internet Observatory E2EE Workshop

Other Writing

• Response to RFC: Indian Telecommunication Bill 2022
  Public Comment · Nov 9, 2022
  Anunay Kulshrestha, Gurshabad Grover
  
• Response to RFC: PCLOB Oversight Project Examining Section 702 of FISA
  Public Comment · Nov 4, 2022
  Anunay Kulshrestha, Jonathan Mayer
  
• Response to RFI: Advancing Privacy-Enhancing Technologies by the Office of Science and Technology Policy
  Public Comment · Jul 8, 2022
  Anunay Kulshrestha, Jonathan Mayer, Sarah Scheffler
  
• Response to RFC: Scoping the Evaluation of CSAM Prevention and Detection Tools in the Context of E2EE Environments
  Public Comment · Apr 8, 2022
  Sarah Scheffler, Jonathan Mayer, Anunay Kulshrestha
  
• We built a system like Apple’s to flag child sexual abuse material — and concluded the tech was dangerous
  The Washington Post · Aug 19, 2021
  Jonathan Mayer, Anunay Kulshrestha
  

Selected Press Coverage

• European Commission to Release Draft Law Enforcing Mandatory Detection of Child Sexual Abuse Material on Digital Platforms
  MacRumors · May 11, 2022
• Your Phone Is Your Private Space
  The Atlantic · Sep 4, 2021
• iPhone privacy: How Apple’s plan to go after child abuse could affect you
  CNET · Sep 3, 2021
• S5E7: Apple’s #SpyPhone, an Apple App Store Settlement, and the Expansion of Government Facial Recognition Software
  DevNews Podcast · Sep 2, 2021
• The slippery slope of surveillance is real
  The Boston Globe · Sep 1, 2021
• Edward Snowden Slams Apple’s CSAM Scanning as a ’Disaster-in-the-Making’
  PC Magazine · Aug 26, 2021
• Princeton prof warns Apple over CSAM scanning – we’ve been there, don’t
  The Register · Aug 23, 2021
• Researchers Label Apple’s CSAM Detection System ‘Dangerous’
  Forbes · Aug 21, 2021
• University Researchers Who Built a CSAM Scanning System Urge Apple to Not Use the ’Dangerous’ Technology
  MacRumors · Aug 20, 2021
• Researchers say they built a CSAM detection system like Apple’s and discovered flaws
  Engadget · Aug 20, 2021
• Apple’s Not Digging Itself Out of This One
  Gizmodo · Aug 19, 2021
• How Line is fighting disinformation without sacrificing privacy
  Rest of World · Mar 7, 2021
• How The BJP Out-Tweeted The Competition To Win The 2014 General Election
  The Huffington Post · May 17, 2017
• BJP way ahead of competition on social media in 2014, says Stanford University study
  Hindustan Times · May 17, 2017

---

Teaching Assistantships

Princeton University

• Economics and Computation (COS 445): Spring 2020-21

• Cryptography (COS 433): Fall 2020-21

Stanford University

• Computer and Network Security (CS 155): Spring 2017-18, Spring 2016-17

• Introduction to Cryptography (CS 255): Winter 2017-18

• Analysis of Networks (CS 224W): Fall 2017-18

---

Service

• Artifact Evaluation Committee: USENIX Security 2023
• External Reviewer: USENIX Security 2021

---

Colophon

This static webpage was generated by Jekyll (using Jekyll Scholar) and served by CloudFlare Pages. Pronunciation was generated using IPA Reader. The font is Space Mono and icons are from Font Awesome. JavaScript is used to play audio.