Cybernetica is the birthplace of Estonian information security research; we have 25 years of experience in aligning our research with societal demands, bringing the research results out from the lab to the real world, and supporting the digitisation of Estonian society. We are currently performing research in a number related directions that could be grouped under "privacy-enhanced computations", and are a good match for SPiDDS topics. These are:

• Secure multiparty computation. We have developed the Sharemind MPC platform. We have also created developer tools (compilers, libraries) for developing new privacy-preserving applications on top of the platform. These applications include privacy-preserving machine learning, federated learning, anomaly detection, etc., building on a variety of privacy-preserving subroutines that allow the computations used by these applications to go beyond arithmetic circuits. A more recent developer tool is PrivaLog, which allows the privacy-preserving computations to be specified in a Prolog-like language. The restricted shape of PrivaLog computations may be useful in speeding up misbehaviour checks of computing parties.
• Zero-knowledge proofs. We have developed the ZK-SecreC programming language and associated developer tools to state complex relations that one may want to prove in zero-knowledge. The tools have been integrated with a couple of different ZK backends. The programming language removes the complexity for the developer to state the relation between instances and witnesses.
• Threshold cryptography for authentication, key and message exchange. Our SplitKey authentication technology has been deployed in the Smart-ID service, with millions of regular users. It uses 2-out-of-2 threshold cryptography to protect the private key of the signer, with additional protection and detection mechanisms that allow one of the keyshares to be stored in a low-security device (e.g. smartphone). We have similar, more recent techniques available for protecting the private key in a decryption process.

We have demonstrated our capability of cryptographic protocol analysis, design, implementation, and deployment. Beside that, we have experience in attack tree based threat analyses of heterogeneous systems, e-voting, post-quantum cryptography, differential privacy, privacy-preserving business processes.