About

Ran Canetti is a professor of Computer Science at Boston University and the director of the Center for Reliable Information System and Cyber Security. He is a Fellow of the International Association for Cryptologic Research and serves as an associate editor of the Journal of Cryptology and Information and Computation. Canetti graduated from the Weizmann Institute of Science and has held research positions at IBM Watson Research Center, MIT, and was a professor at Tel Aviv University. His research interests span multiple aspects of cryptography and information security, with an emphasis on the design, analysis, and use of cryptographic protocols.

Research topics

• Computer Science
• Computer Security
• Artificial Intelligence
• Theoretical computer science
• Distributed computing
• Programming language
• Statistics
• Computer network
• Medicine
• Software engineering
• Physics
• Thermodynamics
• Environmental health
• Database
• Internet privacy
• Mathematics

Selected publications

• Universally Composable Succinct Vector Commitments and Applications

  Lecture notes in computer science · 2025-12-04 · 1 citations

  book-chapterOpen access1st authorCorresponding
  PublisherOA PDFDOI

• Differentially Private Release of Israel's National Registry of Live Births

  2025-05-12 · 6 citations

  articleSenior author

  In February 2024, Israel's Ministry of Health released microdata of live births in Israel in 2014. The dataset is based on Israel's National Registry of Live Births and offers substantial value in multiple areas, such as scientific research and policy-making, while providing pure differential privacy guarantee with ε = 9.98 for 2014's mothers and newborns. The release was co-designed by the authors along with stakeholders from both inside and outside the Ministry of Health. This paper presents the methodology used to obtain that release, which, to the best of our knowledge, is the first of its kind in the world. The design process has been challenging and required flexibility and open-mindedness on all sides involved, along with substantial technical innovation. In particular, we introduce new concepts regarding the desiderata from dataset releases in a microdata format, as well as a way to bundle together multiple quantitative desiderata for a differentially private release using the private selection algorithm of Liu and Talwar (STOC 2019). We hope that the experiences reported here will be useful to future differentially private releases.

  PublisherDOI

• Zero-Knowledge Mechanisms

  2025-07-02

  articleOpen access1st authorCorresponding

  A powerful feature in mechanism design is the ability to irrevocably commit to the rules of a mechanism. Commitment is achieved by public declaration, which enables players to verify incentive properties in advance and the outcome in retrospect. However, public declaration can reveal superfluous information that the mechanism designer might prefer not to disclose, such as her target function or private costs. Avoiding this may be possible via a trusted mediator; however, the availability of a trustworthy mediator, especially if mechanism secrecy must be maintained for years, might be unrealistic. We propose a new approach to commitment, and show how to commit to, and run, any given mechanism without disclosing it, while enabling the verification of incentive properties and the outcome—all without the need for any mediators. Our framework is based on zero-knowledge proofs—a cornerstone of modern cryptographic theory. Applications include both private-type settings such as auctions and private-action settings such as contracts, as well as non-mediated bargaining with hidden yet binding offers.

  PublisherOA PDFDOI

• Deniable Secret Sharing

  Lecture notes in computer science · 2025-12-01 · 1 citations

  book-chapterOpen access1st authorCorresponding
  PublisherOA PDFDOI

• Refereed Learning

  ArXiv.org · 2025-10-06

  preprintOpen access1st authorCorresponding

  We initiate an investigation of learning tasks in a setting where the learner is given access to two competing provers, only one of which is honest. Specifically, we consider the power of such learners in assessing purported properties of opaque models. Following prior work in complexity theory that considers the power of competing provers in various settings, we call this setting refereed learning. After formulating a general definition of refereed learning tasks, we show refereed learning protocols that obtain a level of accuracy that far exceeds what is obtainable at comparable cost without provers, or even with a single prover. We concentrate on the task of choosing the better one out of two black-box models, with respect to some ground truth. While we consider a range of parameters, perhaps our most notable result is in the high-precision range: For all $\varepsilon>0$ and ambient dimension $d$, our learner makes only one query to the ground truth function, communicates only $(1+\frac{1}{\varepsilon^2})\cdot\text{poly}(d)$ bits with the provers, and outputs a model whose loss is within a multiplicative factor of $(1+\varepsilon)$ of the best model's loss. Obtaining comparable loss with a single prover would require the learner to access the ground truth at almost all of the points in the domain. We also present lower bounds that demonstrate the optimality of our protocols in a number of respects, including prover complexity, number of samples, and need for query access.

  PublisherOA PDFDOI

• Circuit complexity and functionality: A statistical thermodynamics perspective

  Proceedings of the National Academy of Sciences · 2025-06-02

  articleOpen accessSenior author

  Circuit complexity, defined as the minimum circuit size required for implementing a particular Boolean computation, is a foundational concept in computer science. Determining circuit complexity is believed to be a hard computational problem. Recently, in the context of black holes, circuit complexity has been promoted to a physical property, wherein the growth of complexity is reflected in the time evolution of the Einstein-Rosen bridge ("wormhole") connecting the two sides of an anti-de Sitter "eternal" black hole. Here, we are motivated by an independent set of considerations and explore links between complexity and thermodynamics for functionally equivalent circuits, making the physics-inspired approach relevant to real computational problems, for which functionality is the key element of interest. In particular, our thermodynamic framework provides an alternative perspective on the obfuscation of programs of arbitrary length-an important problem in cryptography-as thermalization through recursive mixing of neighboring sections of a circuit, which can be viewed as the mixing of two containers with "gases of gates." This recursive process equilibrates the average complexity and leads to the saturation of the circuit entropy, while preserving functionality of the overall circuit. The thermodynamic arguments hinge on ergodicity in the space of circuits which we conjecture is limited to disconnected ergodic sectors due to fragmentation. The notion of fragmentation has important implications for the problem of circuit obfuscation as it implies that there are circuits of same size and functionality that cannot be connected via a polynomial number of local moves. Furthermore, we argue that fragmentation is unavoidable unless the complexity classes NP and coNP coincide, a statement that implies the collapse of the polynomial hierarchy of computational complexity theory to its first level.

  PublisherOA PDFDOI

• Decisional Diffie–Hellman Problem

  2025-01-01

  book-chapter1st authorCorresponding
  PublisherDOI

• Differentially Private Release of Israel's National Registry of Live Births

  arXiv (Cornell University) · 2024-05-01 · 2 citations

  preprintOpen accessSenior author

  In February 2024, Israel's Ministry of Health released microdata of live births in Israel in 2014. The dataset is based on Israel's National Registry of Live Births and offers substantial value in multiple areas, such as scientific research and policy-making, while providing pure differential privacy guarantee with $\varepsilon = 9.98$ for 2014's mothers and newborns. The release was co-designed by the authors along with stakeholders from both inside and outside the Ministry of Health. This paper presents the methodology used to obtain that release, which, to the best of our knowledge, is the first of its kind in the world. The design process has been challenging and required flexibility and open-mindedness on all sides involved, along with substantial technical innovation. In particular, we introduce new concepts regarding the desiderata from dataset releases in a microdata format, as well as a way to bundle together multiple quantitative desiderata for a differentially private release using the private selection algorithm of Liu and Talwar (STOC 2019). We hope that the experiences reported here will be useful to future differentially private releases.

  PublisherOA PDFDOI

• Towards General-Purpose Program Obfuscation via Local Mixing

  Lecture notes in computer science · 2024-12-02 · 17 citations

  book-chapter1st authorCorresponding
  PublisherDOI

• Taming Adaptivity in YOSO Protocols: The Modular Way

  Lecture notes in computer science · 2023-01-01 · 6 citations

  book-chapterOpen access1st authorCorresponding
  PublisherOA PDFDOI

Recent grants

• AF: Small: New Directions in Cryptography: Non-Black-Box Techniques against Non-Black-Box Attacks

  NSF · $480k · 2012–2016

• TWC: TTP Option: Frontier: Collaborative: MACS: A Modular Approach to Cloud Security

  NSF · $5.3M · 2014–2021

Frequent coauthors

• Nir Bitansky

  40 shared

• Shai Halevi

  33 shared

• Omer Paneth

  27 shared

• Shafi Goldwasser

  26 shared

• Yael Tauman Kalai

  Massachusetts Institute of Technology

  21 shared

• Mayank Varia

  20 shared

• Rafael Pass

  17 shared

• Justin Holmgren

  17 shared

Labs

• Algorithms & TheoryPI

Education

• Ph.D.

  Weizmann Institute

Awards & honors

• Fellow of the International Association for Cryptologic Rese…