SecAppDev 2025 lecture details
COED Technologies: what they can and can't do
MPC, FHE and ZKP are complementary COED technologies that provide different flavours of confidentiality and verifiability within different trust settings and threat models. Often, neither one of them is a miracle solution alone.
Download handoutsTuesday June 3rd, 11:00 - 12:30
Room Lemaire
Add to calendar (ICS) Add to Google calendarAbstract
Computing On Encrypted Data is a recent technology providing security properties such as confidentiality, integrity or verifiability to data is use (as opposed to data at rest or in transit).
This session will discuss technologies such as multi-party computation (MPC), fully homomorphic encryption (FHE), and zero-knowledge proofs (ZKPs) to present the guaranties that they can (and can't) provide, the settings and assumptions that they require, and some application examples from recent years.
Key takeaway
Preserving data confidentiality during computation is a real-world possibility given the right choice and combination of COED tools.
Content level
Introductory
Target audience
Software and systems engineers looking to build privacy-preserving solutions
Prerequisites
Some intuitive understanding of security concepts such as confidentiality, verifiability, encryption and the like.
Cyprien de Saint Guilhem
Head of R&D, 3MI Labs
Expertise: Cryptography research and transfer engineering
Related lectures
Threat Modeling for Intimate Partner Abuse
Introductory lecture by Eva Galperin in room Lemaire
Monday June 2nd, 09:15 - 10:30
Most developers don't think of protection against domestic abusers as part of a product's security and they should.
Key takeaway: The intimate partner abuse threat model is different other models in important and unexpected ways.
Verifiable Credentials: Concepts to Practice
Introductory lecture by Kristina Yasuda in room Lemaire
Monday June 2nd,
14:00 - 15:30
Also available as a recorded session on
Tuesday June 3rd,
11:00 - 12:30
A technical introduction to Verifiable Credentials, highlighting use cases, implementation lessons, interoperability profiles, and recent updates to the related specifications.
Key takeaway: Interoperability in the wallet model requires aligned choices across the stack that meet use case requirements in terms of UX, security, privacy, etc.
PKI and eIDAS
Introductory lecture by Bart Preneel in room Lemaire
Wednesday June 4th, 09:00 - 10:30
This talk covers PKI technologies, their role in web security, key failures and fixes (e.g., EV, pinning, transparency), and the impact of eIDAS 2.0 on EU PKI services and upcoming European Digital Identity Wallets.
Key takeaway: PKI is a core technology that are essential to secure large open systems; surprisingly, it is technically complex and presents governance challenges.