Encrypted Neural Networks without Overflows

Fully homomorphic encryption FHE enables private inference by evaluating neural networks on encrypted data. In this way, we can delegate the computation to a third party server without ever revealing the user's data. Currently, the CKKS scheme is the backbone of most efficient FHE implementations...

Machine-Checked Cardinality Bounds for Masked Barrett Reduction: A 1-Bit Side-Channel Leakage Barrier in Post-Quantum Cryptographic Hardware

Barrett reduction is the nonlinear core of every practical NTT-based post-quantum cryptography implementation. Existing composition frameworks ISW, t-SNI, PINI, DOM address Boolean masking over GF2; none provides a machine-checked characterization of Barrett's leakage under first-order arithmetic...

Mythos and the Unverified Cage: Z3-Based Pre-Deployment Verification for Frontier-Model Sandbox Infrastructure

The April 2026 Claude Mythos sandbox escape exposed a critical weakness in frontier AI containment: the infrastructure surrounding advanced models remains susceptible to formally characterizable arithmetic vulnerabilities. Anthropic has not publicly characterized the escape vector; some secondary...

Broken by Default: A Formal Verification Study of Security Vulnerabilities in AI-Generated Code

AI coding assistants are now used to generate production code in security-sensitive domains, yet the exploitability of their outputs remains unquantified. We address this gap with Broken by Default: a formal verification study of 3,500 code artifacts generated by seven frontier LLMs across 500...

VulnScout-C: A Lightweight Transformer for C Code Vulnerability Detection

Vulnerability detection in C programs is a critical challenge in software security. Although large language models LLMs achieve strong detection performance, their multi-billion-parameter scale makes them impractical for integration into development workflows requiring low latency and continuous...

What a Mesh: Formal Security Analysis of WPA3 SAE Wireless Authentication

The latest Wi-Fi security standard, IEEE 802.11, includes a secure authentication protocol called SAE, whose use is mandatory for WPA3-Personal networks. The protocol is specified at two separate but linked levels: a traditional cryptographic description of the communication logic between network...

ATLAS: AI-Assisted Threat-To-Assertion Learning for System-On-Chip Security Verification

This work presents ATLAS, an LLM-driven framework that bridges standardized threat modeling and property-based formal verification for System-on-Chip SoC security. Starting from vulnerability knowledge bases such as Common Weakness Enumeration CWE, ATLAS identifies SoC-specific assets, maps...

Proving DNSSEC Correctness: A Formal Approach to Secure Domain Name Resolution

The Domain Name System Security Extensions DNSSEC are critical for preventing DNS spoofing, yet its specifications contain ambiguities and vulnerabilities that elude traditional "break-and-fix" approaches. A holistic, foundational security analysis of the protocol has thus remained an open proble...

Towards a Formal Verification of Secure Vehicle Software Updates

With the rise of software-defined vehicles SDVs, where software governs most vehicle functions alongside enhanced connectivity, the need for secure software updates has become increasingly critical. Software vulnerabilities can severely impact safety, the economy, and society. In response to this...

Bridging Threat Models and Detections: Formal Verification Via CADP

Threat detection systems rely on rule-based logic to identify adversarial behaviors, yet the conformance of these rules to high-level threat models is rarely verified formally. We present a formal verification framework that models both detection logic and attack trees as labeled transition syste...

Concrete Security Bounds for Simulation-Based Proofs of Multi-Party Computation Protocols

The concrete security paradigm aims to give precise bounds on the probability that an adversary can subvert a cryptographic mechanism. This is in contrast to asymptotic security, where the probability of subversion may be eventually small, but large enough in practice to be insecure. Fully...

Architectural Backdoors in Deep Learning: a Survey of Vulnerabilities, Detection, and Defense

Architectural backdoors pose an under-examined but critical threat to deep neural networks, embedding malicious logic directly into a model's computational graph. Unlike traditional data poisoning or parameter manipulation, architectural backdoors evade standard mitigation techniques and persist...

One for All: Formally Verifying Protocols Which Use Aggregate Signatures (Extended Version)

Aggregate signatures are digital signatures that compress multiple signatures from different parties into a single signature, thereby reducing storage and bandwidth requirements. BLS aggregate signatures are a popular kind of aggregate signature, deployed by Ethereum, Dfinity, and Cloudflare...

You believe that there is no vulnerability in the code? Americans are Research-vulnerability warning-the black bar safety net

Internet of everything era, in addition to People's lives provides a convenient, also brought many security risks, more and more devices more vulnerable to hacking attacks. There is no possibility of the birth of a cannot is the invasion code? DARPA-the US Defense Advanced Research Projects Agenc...

seL4 Secure Microkernel Made Open Source

General Dynamics C4 Systems and Australia’s Information and Communications Technology Research Centre NICTA today open sourced the code-base of a secure microkernel project known as seL4. Touted as “the most trustworthy general purpose microkernel in the world,” seL4 has previously been adapted b...