Dr Daniel Gardham
Academic and research departments
Surrey Centre for Cyber Security, Computer Science Research Centre, School of Computer Science and Electronic Engineering.About
Biography
I am an lecturer in the Surrey Centre for Cyber Security. My research is in applied cryptography, in particular in the areas of privacy-preserving cryptography and authentication protocols. Recently I have taken an interest in using post-quantum techniques, such as protocols using lattice-based cryptography.
Previously I was a postdoctoral researcher in the Crypto Group at Royal Holloway, University of London. Before then I obtained my PhD from the University of Surrey in 2021 under the supervision of Mark Manulis. My thesis aimed to develop functionality of attribute-based signatures in both classical and post-quantum settings. Before that, I completed an MMath at the University of Bath with focus on algebra, analysis and probability.
My qualifications
Teaching
2024/25
COM3030 Privacy Enhancing Technologies - Module Convener
COM1029 Data Structures & Algorithms - Module Co-convener
2023/24
COMM044 Symmetric Cryptography - Module Convener
COM3030 Privacy Enhancing Technologies - Module Co-convener
2022/23
COMM044 Symmetric Cryptography - Module Convener
Publications
Partially Oblivious Pseudorandom Functions (POPRFs) are 2-party protocols that allow a client to learn pseudorandom function (PRF) evaluations on inputs of its choice from a server. The client submits two inputs, one public and one private. The security properties ensure that the server cannot learn the private input, and the client cannot learn more than one evaluation per POPRF query. POPRFs have many applications including password-based key exchange and privacy-preserving authentication mechanisms. However, most constructions are based on classical assumptions, and those with post-quantum security suffer from large efficiency drawbacks. In this work, we construct a novel POPRF from lattice assumptions and the "Crypto Dark Matter" PRF candidate (TCC'18) in the random oracle model. At a conceptual level, our scheme exploits the alignment of this family of PRF candidates, relying on mixed modulus computations, and programmable bootstrapping in the torus fully homomorphic encryption scheme (TFHE). We show that our construction achieves malicious client security based on circuit-private FHE, and client privacy from the semantic security of the FHE scheme. We further explore a heuristic approach to extend our scheme to support verifiability, based on the difficulty of computing cheating circuits in low depth. This would yield a verifiable (P)OPRF. We provide a proof-of-concept implementation and preliminary benchmarks of our construction. For the core online OPRF functionality, we require amortised 10.0KB communication per evaluation and a one-time per-client setup communication of 2.5MB.
Older adults are particularly vulnerable to phishing attacks. Gamification has been shown to be less effective to develop confidence in distinguishing between genuine and phishing emails in this demographic. To overcome this, we present our novel, open source interactive training platform, Phish&Tips, based on a simulated inbox. Our multi-analysis approach provides comprehensive data that enables us to compare participant's self-assessed competence with their performance on the training platform. We present results based on pre-and post-training surveys, focus groups and the analysis of the training platform data (N = 37). Over half the participants demonstrated an improved understanding of various detection strategies and an increase in confidence in being able to interpret emails. However, these results were not evident in the analysis of the platform data. This disparity between participants' perceived knowledge and their performance on the platform highlights the challenges of applying their knowledge effectively.