Improving the Reliability of Privacy-Enhancing Technology (PET) Systems

PhD Thesis Proposal Defence


Title: "Improving the Reliability of Privacy-Enhancing Technology (PET) Systems"

by

Mr. Dongwei XIAO


Abstract:

Growing worries about data security and privacy are driving the development 
of privacy-enhancing technologies (PETs) like secure multiparty computation 
(MPC) and zero-knowledge (ZK) proofs. These technologies offer strong 
theoretical guarantees for protecting sensitive data while still allowing 
its use. Critical sectors like finance and healthcare are increasingly 
adopting PETs, facilitated by complex PET systems designed for secure and 
efficient implementation. However, despite the theoretical strengths of 
PETs, the intricate nature of these systems can create practical 
vulnerabilities. Severe incidents have already caused significant financial 
losses and eroded trust. This thesis tackles these reliability concerns by 
systematically testing modern PET systems.

The first work in this thesis uncovers logic bugs in secure multiparty 
computation (MPC) compilers. These compilers automatically transform 
high-level MPC programs, written in domain-specific languages (DSLs), into 
low-level MPC executables. We introduce MT-MPC, a metamorphic testing (MT) 
framework, to test MPC compilers using three tailored metamorphic relations 
(MRs). Despite the high engineering quality of MPC compilers, MT-MPC finds 
13 bugs in leading compilers, which compromises the dependability of MPC 
systems.

The second work focuses on the correctness and security of zero-knowledge 
(ZK) compilers, which compile ZK DSL programs into ZK circuits. We propose 
MTZK, a MT framework that uncovers logic bugs in ZK compilers. These bugs 
can allow attackers to generate false ZK proofs that ZK verifiers 
unexpectedly accept, leading to security breaches and financial losses. MTZK 
uses two carefully designed MRs to deliver effective test cases for ZK 
compilers. Evaluation of four industrial ZK compilers reveals 21 bugs. We 
also demonstrate the severe security implications of these bugs through 
potential exploits.


Date:                   Wednesday, 2 July 2025

Time:                   2:00pm - 4:00pm

Venue:                  Room 3494
                        Lifts 25/26

Committee Members:      Dr. Shuai Wang (Supervisor)
                        Dr. Lionel Parreaux (Chairperson)
                        Dr. Dongdong She