thesis report on cryptography

• Help & Terms of Use

Cryptography and Information Security

• Website http://www.bris.ac.uk/engineering/research/cryptography/

United Kingdom

Student theses

• Title (descending)

Search results

A multi-domain approach for security compliance, insider threat modelling and risk management.

Supervisor: Tryfonas, T. (Supervisor)

Student thesis : Doctoral Thesis › Doctor of Philosophy (PhD)

Analysis of Implementations and Side-Channel Security of Frodo on Embedded Devices

Supervisor: Oswald, M. E. (Supervisor) & Stam, M. (Supervisor)

A Study of Inference-Based Attacks with Neural Network Classifiers

Supervisor: Page, D. (Supervisor) & Oswald, E. (Supervisor)

A systems approach to asset management for the Clifton Suspension Bridge Trust

Supervisor: Tryfonas, T. (Supervisor) & Taylor, C. (Supervisor)

Student thesis : Doctoral Thesis › Engineering Doctorate (EngD)

Breaking boundaries for adoption of accessible high fidelity haptic feedback technologies

Supervisor: Roudaut, A. (Supervisor) & Warinschi, B. (Supervisor)

Cryptographic Access Control: Security Models, Relations and Construction

Supervisor: Warinschi, B. (Supervisor)

Engineering a platform for local peer-to-peer electricity trading

Supervisor: Chitchyan, R. (Supervisor), Delalonde, C. (External person) (Supervisor), Byrne, A. (External person) (Supervisor), Ferguson, D. (External person) (Supervisor) & Warinschi, B. (Supervisor)

Enhancing Current Software Safety Assurance Practice to Increase System Mission Effectiveness

Supervisor: May, J. (Supervisor), Tryfonas, T. (Supervisor) & Hadley, M. J. (External person) (Supervisor)

Game theory applied to cybersecurity threat mitigation - Analysis of Threshold FlipThem

Supervisor: Leslie, D. (Supervisor) & Smart, N. (Supervisor)

Handling organisational complexity with a framework of accessible founding principles

Supervisor: Oikonomou, G. (Supervisor) & Tryfonas, T. (Supervisor)

Hydrological Applications of Multi-source Soil Moisture Products

Supervisor: Han, D. (Supervisor) & Tryfonas, T. (Supervisor)

Modelling and Simulation Applications on Cyber-Physical Systems’ Security and Resilience

Supervisor: Tryfonas, T. (Supervisor) & Oikonomou, G. (Supervisor)

On the Theory and Design of Post-Quantum Authenticated Key-Exchange, Encryption and Signatures

Supervisor: Smart, N. P. (Supervisor) & Warinschi, B. (Supervisor)

Security and Resilience of Multi-Bitrate, Low-Power Lossy IoT Networks

Supervisor: Oikonomou, G. (Supervisor), Piechocki, R. J. (Supervisor) & Fafoutis, X. (Supervisor)

Side Channel Attacks on IoT Applications

Supervisor: Oswald, M. E. (Supervisor) & Tryfonas, T. (Supervisor)

Software Defined Networking for the Industrial Internet of Things

Supervisor: Nejabati, R. (Supervisor) & Oikonomou, G. (Supervisor)

Technology innovation for improving bridge management

Supervisor: Vardanega, P. J. (Supervisor) & Tryfonas, T. (Supervisor)

Towards Dynamic, SDN-assisted Interface Bonding for Heterogeneous 802.11 Devices

Supervisor: Doufexi, A. (Supervisor) & Oikonomou, G. (Supervisor)

Usable Abstractions for Secure Programming: A Mental Model Approach

Supervisor: Rashid, A. (Supervisor) & Warinschi, B. (Supervisor)

IEEE Account

• Change Username/Password
• Update Address

Purchase Details

• Payment Options
• Order History
• View Purchased Documents

Profile Information

• Communications Preferences
• Profession and Education
• Technical Interests
• US & Canada: +1 800 678 4333
• Worldwide: +1 732 981 0060
• Contact & Support
• About IEEE Xplore
• Accessibility
• Terms of Use
• Nondiscrimination Policy
• Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

• Press Enter to activate screen reader mode.

Applied Cryptography Group

Master's theses, available projects.

Students interested in a thesis with the group are kindly requested to send their transcript of records, along with a CV highlighting any relevant experience in cryptography, and either a preferred topic from the proposals below or a description of their interests within cryptography, to the contact noted under Student Projects .

Note:  Students looking to start their thesis in a given semester are encouraged to reach out to us before the end of the previous semester (especially if starting in spring).

Last updated: 22.07.2024

Censorship circumvention tools enable clients to access endpoints in a network despite the presence of a censor. Censors use a variety of techniques to identify content they wish to block, including filtering traffic patterns that are characteristic of proxy or circumvention protocols and actively probing potential proxy servers. In response, circumvention practitioners have developed fully encrypted protocols (FEPs), intended to have traffic that appears indistinguishable from random [FJ23]. Beyond censorship circumvention, FEPs are also broadly useful for protecting a greater amount of information leakage about which protocols a user might be employing [SP22]. A FEP is typically composed of a key exchange protocol to establish shared secret keys, and then a secure channel protocol to encrypt application data; both must avoid revealing to observers that an obfuscated protocol is in use. We call the key exchange protocol used in such a FEP an obfuscated key exchange [GSV24]. Current key exchange protocols in FEPs are all based on classical cryptography, and consequently are not quantum-safe. Motivated by the transition to quantum-safe cryptography, there has been a recent push towards developing hybrid key exchange protocols [SFG23,BB18,XW24]. In such protocols, a combination of classical and quantum-safe constructions are used such that security is guaranteed even if all but one of the components is broken. In this project, we will construct a hybrid obfuscated key exchange protocol and prove its security. In particular, we would like to develop a key exchange protocol in the style of that of obfs4 [OB4] that uses a combination of traditional (Diffie-Hellman-based) and post-quantum key exchange algorithms. The project involves constructing such a protocol and proving its security (in addition to some properties that are relevant to the censorship circumvention setting).

References:

[FJ23] Ellis Fenske and Aaron Johnson. "Security Notions for Fully Encrypted Protocols." Free and Open Communications on the Internet (2023). Issue 1, pages 24-29. [SP22] B. Schwartz and C. Patton. "The Pseudorandom Extension for cTLS." IETF Internet Draft external page https://www.ietf.org/archive/id/draft-cpbs-pseudorandom-ctls-01.html call_made . (2022). [GSV24] Felix Günther, Douglas Stebila, and Shannon Veitch. "Obfuscated Key Exchange." [SFG23] Douglas Stebila, Scott Fluhrer, and Shay Gueron. "Hybrid key exchange in TLS 1.3." IETF draft (2022). external page https://www.ietf.org/archive/id/draft-ietf-tls-hybrid-design-05.html call_made [BB19] Nina Bindel, Jacqueline Brendel, Marc Fischlin, Brian Goncalves, Douglas Stebila, "Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange", In 10th International Workshop on Post-Quantum Cryptography (PQCrypto 2019), pp. 206-226 (2019). [XW24] Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner, and Bas Westerbaan. X-Wing: The Hybrid KEM You’ve Been Looking For. IACR Communications in Cryptology, Vol. 1, No. 1, 22 pages. [OB4] The Tor Project. obfs4 (The Obsfourscator) spec. external page https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/blob/HEAD/doc/obfs4-spec.txt call_made

Bitwarden [Bit] is an open source password manager and authenticator application. They claim to use strong end-to-end encryption (E2EE) as well as "zero knowledge encryption" to protect users passwords, while supporting features like secure password sharing between users. Recently, Bitwarden also launched a new product called "secrets manager" [BitSM] which is aimed at organizations and developers that need to handle cryptographic secrets. Just like the password manager, secrets manager is open source, E2EE and uses "zero knowledge encryption". Additionally, the selling point of secrets manager is access management, which allows for integration in businesses and organizations. Last but not least, Bitwarden also offers enterprise support for passkeys, through a product they call "passwordless.dev" [BitPWL]. Passkeys [Pass] are the credentials (also called FIDO credentials) of WebAuthn, a web standard for authentication published by the W3C as part of the FIDO2 Project. The idea of passkeys is to use public-key cryptography to enable passwordless authentication, upgrading the security from password-based multi-factor authentication (specified in the predecessor project FIDO U2F) to completely address the many issues that stem from the use of passwords as the root of security for cryptography. Bitwarden also support passkeys as a means of authentication to the password manager, and in their security whitepaper [BitWhite] they write: "In addition to the master password, users can choose to unlock their vaults with a passkey. This process leverages a leading-edge standard and extension for WebAuthn called the pseudo-random function or PRF, which sources key material from an authenticator. With PRF, derived keys are used in the encryption and decryption of data stored in Bitwarden Password Manager vault and Bitwarden Secrets Manager, maintaining end-to-end, zero knowledge encryption." In this project, we will do a deep-dive into the cryptography of Bitwarden. In particular, we will try to find out what "zero knowledge encryption" really means, and unravel the mystery of the public-key PRF used for their passkeys implementation. The project can then take a multitude of different directions. Perhaps it turns out that the cryptography of Bitwarden does not live up to their strong claims. If so, we will try to cryptanalyze their system and find attacks in the vein of [Mega]. But hopefully, the question marks from the documentation are simple misunderstandings, and their crypto is actually good. If so, this project will take a more theoretical turn. We will try to view the password manager through the lens of E2EE cloud storage, and see if we can capture Bitwarden in the framework of [C:BDGHP24]. This will entail reading the codebase and creating a pseudocode model of the system, which we can cast in the syntax of [C:BDGHP24]. If this works out, this model can form the basis for a proof of security of the Bitwarden password manager. However, it might also turn out that the functionality offered by Bitwarden differs enough from that of cloud storage that the framework is not a good fit. If so, we will look at these distinguishing features and how they can be formalized and potentially incorporated into the cloud storage framework.

[Bit] external page https://bitwarden.com/ call_made [BitSM] external page https://bitwarden.com/products/secrets-manager/ call_made [BitPWL] external page https://bitwarden.com/products/passwordless/ call_made [Pass] external page https://fidoalliance.org/passkeys/ call_made [BitWhite] external page https://bitwarden.com/help/bitwarden-security-white-paper/ call_made [Mega] external page https://mega-awry.io/ call_made "MEGA: Malleable Encryption Goes Awry". Matilda Backendal, Miro Haller, Kenneth G. Paterson. S&P 2023. [C:BDGHP24] "A Formal Treatment of End-to-End Encrypted Cloud Storage". Matilda Backendal, Hannah Davis, Felix Günther, Miro Haller and Kenneth G. Paterson. To appear in CRYPTO 2024.

In 1979, Shamir [Sha79] introduced the concept of “secret sharing”, a method allowing a user to divide data into n pieces and reconstruct it if a threshold of k < n pieces is available. This concept has proved to be greatly useful, finding applications in secret management systems (e.g. HashiCorp’s vault), cryptocurrency wallets (e.g. in the form of threshold cryptosystems) and more. The protocol only involves sampling a random polynomial and evaluating n points on that polynomial, making it a deceptively simple primitive. However, many potential implementation mistakes appear in real-world software products [Tra21] due to mathematical subtleties in the protocol. As more applications incorporate secret sharing, it becomes crucial to examine whether these implementations are secure and understand the impact of any discovered vulnerabilities. The objective of this thesis is to investigate the extent to which these vulnerabilities exist in the wild. This investigation will initially involve a large number of open-source repositories, which will be analysed with a combination of manual analysis, black-box testing, or analysis engines such as CodeQL [Git21]. The investigation can then focus on a few selected products for which these vulnerabilities would have a high impact.

[Git21] Inc. Github. Codeql, 2021 ( external page https://codeql.github.com/ call_made ) [Sha79] Adi Shamir. How to Share a Secret. Commun. ACM, 22(11):612–613, 1979. ( external page https://dl.acm.org/doi/10.1145/359168.359176 call_made ) [Tra21] Trail of Bits. Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocs, 2021. ( external page https://blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/ call_made )

Single Sign On (SSO) allows users to log in into multiple services or software systems using a single authentication provider. A widely known and deployed SSO standard is the relatively modern OpenID [1], but the SSO space contains a wide range of competing implementations, different products, and legacy systems, resulting in high complexity. In this project, we take a look at OpenID itself, but also Kerberos [2] and Kerberos-based systems such as Active Directory [3], OAuth and OpenID Connect [4], and potentially other targets. We formalize the security goals that these schemes try to achieve, and check that they can withstand cryptanalytic scrutiny.

[1] external page https://openid.net/developers/specs/ call_made [2] external page https://web.mit.edu/kerberos/ call_made [3] external page https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview call_made [4] external page https://oauth.net/articles/authentication/ call_made

Ongoing Projects

(We recommend students currently doing a project in our group to use this Download LaTeX template vertical_align_bottom for writing their thesis.)

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Laura Hetz)

Oblivious Message Retrieval (OMR) aims to solve the problem of anonymous message delivery. In this problem, senders write messages to receivers and post them to a public database, called bulletin board. Receivers want to retrieve their pertinent messages privately and efficiently. Metadata and access patterns of these messages thus need to be protected, as these might leak information about client relations. Naively, a receiver could download the entire board to check locally which messages are intended for them. This approach would reveal no information about their pertinent message to the server holding the bulletin board. This level of privacy comes at a significant overhead in communication and computational cost, which is linear in the size of the bulletin board. Protocols based on differential privacy or Private Information Retrieval (PIR) can reduce these costs, but require additional coordination between clients, causing additional overhead [CGBM15, BLMG21]. Protocols for OMR aim to solve this problem by outsourcing the detection of pertinent messages to one or multiple servers. These detection servers should reduce the receivers’ overhead in detecting pertinent messages while staying oblivious to these messages. First works [BLMG21, MSS+22, JLM23] considered only the detection step of this problem and required an additional (private) retrieval step in addition to their proposed solution. Recent work [LT22, WLYL23, JMK24, LSTW24, LTW24b, LTW24a] aims to provide efficient solutions for oblivious detection and retrieval combined, and with different properties such as DoS-resistance and group communication. While recent work has made significant progress, the practicality of OMR schemes is still limited, and privacy guarantees might not be sufficient in practice [SPB22]. This project aims to provide an extensive overview and comparison of the existing literature on OMR in the context of real-world use cases and related notions in cryptography, potentially improving upon the proposed schemes. First, we survey the related work and identify requirements, limitations and properties of existing schemes. These are then evaluated based on the requirements of use cases for OMR, including anonymous messaging [SG24, Tea], analytics, and payment systems [Pen]. The identified open problems and gaps are then addressed to provide a better understanding of the requirements in practice and potentially improve the current state-of-the-art. References: [BLMG21] Gabrielle Beck, Julia Len, Ian Miers, and Matthew Green. Fuzzy message detection. In CCS, pages 1507–1528. ACM, 2021. [CGBM15] Henry Corrigan-Gibbs, Dan Boneh, and David Mazières. Riposte: An Anonymous Messaging System Handling Millions of Users. In 2015 IEEE Symposium on Security and Privacy, pages 321–338. [JLM23] Sashidhar Jakkamsetti, Zeyu Liu, and Varun Madathil. Scalable private signaling. IACR Cryptol. ePrint Arch., page 572, 2023. [JMK24] Yanxue Jia, Varun Madathil, and Aniket Kate. Homerun: High-efficiency oblivious message retrieval, unrestricted. IACR Cryptol. ePrint Arch., page 188, 2024. [LSTW24] Zeyu Liu, Katerina Sotiraki, Eran Tromer, and Yunhao Wang. Dos-resistant oblivious mes- sage retrieval from snake-eye resistant PKE. IACR Cryptol. ePrint Arch., page 510, 2024. [LT22] Zeyu Liu and Eran Tromer. Oblivious message retrieval. In CRYPTO (1), volume 13507 of Lecture Notes in Computer Science, pages 753–783. Springer, 2022. [LTW24a] Zeyu Liu, Eran Tromer, and Yunhao Wang. Group oblivious message retrieval. IEEE S&P, page 534, 2024. [LTW24b] Zeyu Liu, Eran Tromer, and Yunhao Wang. Perfomr: Oblivious message retrieval with reduced communication and computation. In USENIX Security Symposium. USENIX As- sociation, 2024. [MSS+22] Varun Madathil, Alessandra Scafuro, István András Seres, Omer Shlomovits, and Denis Varlakov. Private signaling. In USENIX Security Symposium, pages 3309–3326. USENIX Association, 2022. [Pen] Penumbra. Fuzzy Message Detection - The Penumbra Protocol. external page https://protocol.penumbra.zone/main/crypto/fmd.html call_made . [SG24] Sajin Sasy and Ian Goldberg. Sok: Metadata-protecting communication systems. Proc. Priv. Enhancing Technol., 2024(1):509–524, 2024. [SPB22] István András Seres, Balázs Pejó, and Péter Burcsi. The effect of false positives: Why fuzzy message detection leads to fuzzy privacy guarantees? In Financial Cryptography, volume 13411 of Lecture Notes in Computer Science, pages 123–148. Springer, 2022. [Tea] Open Privacy Cwtch Team. Cwtch: Decentralized, Surveillance Resistant Infrastructure. external page https://cwtch.im/ call_made . [WLYL23] Zhiwei Wang, Feng Liu, Siu-Ming Yiu, and Longwen Lan. Online/offline and history indexing identity-based fuzzy message detection. IEEE Trans. Inf. Forensics Secur., 18:5553– 5566, 2023.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Matilda Backendal, Matteo Scarlata)

End-to-end encryption (E2EE) is now the norm for Internet browsing (via TLS) and increasingly also for messaging (with apps such as WhatsApp and Signal being end-to-end encrypted by default). Somewhat surprisingly, services that offer outsourced data storage, such as cloud storage and collaborative file editing platforms, still lag behind. One of the explanations might be the complexity that arises due to the persistence of data, which makes it difficult to use ephemeral key material to achieve strong security guarantees such as forward secrecy (FS) and post-compromise security (PCS). Another is the lack of a formal security models for even basic E2E security of outsourced data storage supporting functionality such as file sharing between users. In particular, the number of potential end-points arising from file sharing increases the complexity of E2EE cloud storage compared to single client settings. This complexity also exists in messaging, as showcased by the fact that protocols for secure two-party messaging (such as e.g. the Signal protocol) have been around for quite some time, but a protocol for E2EE group chats was only very recently standardized [rfc9420]. The newly standardized group messaging protocol is called "messaging layer security" (MLS). One of the main motivations for MLS was to make E2E security for messaging in groups of size n more efficient than through the naïve construction of n^2 two-party channels, while still retaining the same high-security guarantees—including forward secrecy and post-compromise security—that we expect from modern secure messaging protocols. In this project, we will explore the possibilities for more advanced security guarantees for file sharing systems in the E2EE setting. In particular, we will aim to tackle the conflict between the required functionality (including persistent data access, and flexible group and access management) and strong security guarantees such as FS and PCS. Our initial attempt at a solution, which we call the "secure shared folder" (SSF) scheme, combines the recent advancements of group messaging from the MLS standard with a form of key ratcheting known as key regression [NDSS:FuKamKoh06]. The aim of this project is to test the practicality of the SSF scheme by implementing a proof of concept file sharing system based on this cryptographic design.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Matteo Scarlata, Matilda Backendal)

With more and more data stored online or distributed across multiple devices, an increasing number of security-sensitive applications face the challenge of combining availability with user-friendly key management. The traditional solution is passwords, for both authentication and key derivation. Passwords often have low entropy, come from a small and predictable "dictionary'' and may be highly correlated. Consequently, the usage of password-only authentication to web services is being phased out. Instead, users are offered a two step verification process, where they need to provide a second "factor'' in addition to their password, providing a second layer of protection against attacks in the case of weak passwords. This is known as Two-Factor Authentication (2FA), or more generally, Multi-Factor Authentication (MFA). In contrast, passwords are still commonly used as the sole authentication method to derive keys for encryption using Password-Based Key Derivation Functions (PBKDFs). Examples of this include full disk encryption, client-side encryption of backups and cloud storage, password managers and cryptocurrency wallets. In this project, we harden password-based key derivation exploiting the user's possession of multiple devices, in a similar fashion to MFA. We take inspiration from the tradition of "PRF services", such as Pythia (Everspaugh, Chatterjee, Scott, Juels, Ristenpart 2015), but port them to the setting where the PRF service is operated by the users themselves, and can be lost or fall into adversarial hands. We design a cryptographic notion to capture the security of key derivation in this setting. We then aim to show that our system achieves the proposed security notion, while other state-of-the-art systems are actually too weak and fail to deliver on their security claims.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Shannon Veitch, Dr. Lenka Mareková)

VPNs provide increased privacy to users, and are therefore commonly used to circumvent censorship. In response, certain censoring bodies have begun using more advanced traffic analysis to block VPN access. There are two main strategies for VPN blocking: blocking by address (IP addresses of a VPN service), and blocking by behaviour (identifiable characteristics of the VPN traffic). VPN fingerprinting is the process of identifying a particular VPN protocol based on its protocol features. As is common in the cat-and-mouse game of defences and attacks, circumvention developers have created new protocols intended to protect against such fingerprinting. Several VPN protocols have implemented advanced protocols for the sake of circumventing this style of fingerprinting. This project aims to determine the efficacy of these circumvention techniques, by evaluating two advanced deployments of VPN protocols for censorship circumvention: Outline VPN [Out20,RM23] and LEAP VPN [Lea22]. Both Outline and LEAP offer client and server-side tools to enable individuals as well as organisations to act as service providers. These tools utilise and build on a number of existing technologies, from OpenVPN and Shadowsocks to Tor and Snowflake, which have previously been studied only in isolation [FWW20]. The project involves providing accurate and holistic abstractions of the systems and protocols and then applying a combination of fingerprinting [XKHE23, XRJ22], cryptanalysis, and machine learning techniques to determine if the protocols have identifiable features. We focus on exploring the capabilities of VPN fingerprinting for the sake of developing stronger censorship-resistant protocols in the future. References: [XKHE23] external page https://www.usenix.org/conference/usenixsecurity24/presentation/xue call_made [XRJ22] external page https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen call_made [Lea22] external page https://leap.se/ call_made [Out20] external page https://getoutline.org/ call_made [RM23] external page https://www.technologyreview.com/2023/09/13/1079381/google-jigsaw-outline-vpn-internet-censorship/ call_made [FWW20] external page https://www.ndss-symposium.org/ndss-paper/detecting-probe-resistant-proxies/ call_made

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Kien Tuong Truong) Cloud storage providers such as Dropbox, Google Drive and Microsoft OneDrive allow users to offload their digital storage requirements to a remote server, managed by the provider. This is convenient and can create cost savings for both individuals and organizations. All of these providers consider security against attacks from outsider threats. However, few providers address security when the server itself is compromised, and some of those that do have been shown to have devastating cryptographic vulnerabilities, as evidenced by the attacks on Mega [BHP23] and Nextcloud [CPAB23]. Even if there were existing solutions that provably provided confidentiality and integrity of files, metadata is still often leaked. As an example, some providers leak file names. As another example, the server is always aware of the access patterns of the users. All these leakages can combine to create attacks which can compromise the privacy of users. A significant problem is that, even though a multitude of end-to-end encrypted (E2EE) cloud storage solutions exist on the market, there is a lack of foundational work on the cryptographic design for such systems. In order to guide such work, we look at the current ecosystem of E2EE cloud storage solutions, analyzing their protocols, and discussing their requirements. A new cloud storage solution that promises to protect the security and privacy of users is PrivateStorage [Aut] by Least Authority [lea]. Much like MEGA and Nextcloud, they claim to provide end-to-end encryption. However, they also implement unique features like accountless authorization, which they implement with a bespoke variation of Privacy Pass [Dav18]. This mechanism allows users to access the service without the need for a traditional account, decoupling service usage from identifiable information (e.g. payment information), and thus enhancing user privacy. This should ensure protection against surveillance, invasive data analysis and profiling, even if the adversary is a nation-state actor. PrivateStorage’s model offers a promising solution that could set new standards for the industry. However, new designs and the new cryptographic and privacy related protocols always raise concerns about potential vulnerabilities. This thesis seeks to analyze the protocol in order to find possible issues or, if none are found, to prove (a selection of) the claims given by PrivateStorage. References: [Aut] Least Authority. Privatestorage. external page https://private.storage/ call_made . Accessed on 2024-02-11. [Aut21] Least Authority. Zkaps whitepaper. 2021. [BHP23] Matilda Backendal, Miro Haller, and Kenneth G. Paterson. Mega: Malleable encryption goes awry. In 2023 IEEE Symposium on Security and Privacy (SP), pages 146–163, 2023. [CPAB23] Daniele Coppola, Kenneth G. Paterson, Martin Albrecht, and Matilda Backendal. Breaking cryptography in the wild: Nextcloud. 2023. [Dav18] Alexander Davidson. Privacy pass: Bypassing internet challenges anonymously. Proceedings on Privacy Enhancing Technologies, 2018(3):164–180, 2018. [lea] Least authority, privacy matters. external page https://leastauthority.com/ call_made . Accessed on 2024-02-11

Completed Projects

Yuanming Song. Refined Techniques for Compression Side-Channel Attacks [ Download pdf (PDF, 910 KB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Lenka Mareková.

Jonas Hofmann. Breaking Cryptography in the Wild: Cloud Storage . Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.

Noah Schmid. Breaking Cryptography in the Wild: Rocket.Chat.  Supervisor: Prof. Kenny Paterson, Co-supervisor: Jan Gilcher.

Aurel Feer. Privacy Preserving String Search using Homomorphic Encryption [ Download pdf (PDF, 1.1 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Zichen Gui.

Léa Micheloud. Securing Cloud Storage with OpenPGP: An Analysis of Proton Drive [ Download pdf (PDF, 2.1 MB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Daniel Huigens (Proton AG, Zurich).

Daniel Pöllmann.   Differential Obliviousness and its Limitations . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Tianxin Tang.

Andreas Tsouloupas.   Breaking Cryptography in the Wild: Double-Ratchet Mutations [ Download pdf (PDF, 966 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Kien Tuong Truong.

Thore Göbel.   Security Analysis of Proton Key Transparency  [ Download pdf (PDF, 1 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Daniel Huigens (Proton AG, Zurich), Felix Linker.

Sina Schaeffler.  Algorithms for Quaternion Algebras in SQIsign [ Download pdf (PDF, 664 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Luca De Feo (IBM Research, Zurich).

Lucas Dodgson.  Post-Quantum building blocks for secure computation - the Legendre OPRF [ Download pdf (PDF, 862 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).

Mirco Stäuble.  Mitigating Impersonation Attacks on Single Sign-On with Secure Hardware [ Download pdf (PDF, 2.1 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).

Younis Khalil. Implementing a Forward-Secure Cloud Storage System [ Download pdf (PDF, 5.6 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Matilda Backendal.

Andrei Herasimau. Formal Verification of the "Crypto Refresh" Update to the OpenPGP Standard [ Download pdf (PDF, 695 KB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisor: Daniel Huigens (Proton Mail).

Benjamin Fischer. Privacy-Preserving Federated Learning for Cyber Threat Intelligence Sharing [ Download pdf (PDF, 3.3 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Juan R. Troncoso-​Pastoriza (Tune Insight SA).

Pascal Schärli.  Security Assessment of the Sharekey Collaboration App [ Download pdf (PDF, 2.9 MB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Bernhard Tellenbach (Armasuisse).

Lena Csomor. Bridging the Gap between Privacy Incidents and PETs [ Download pdf (PDF, 1.3 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand, Shannon Veitch.

Ran Liao. Linear-​Time Zero-​Knowledge Arguments in Practice . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Jonathan Bootle (IBM Research, Zurich). Christian Knabenhans.   Practical Integrity Protection for Private Computations [ Download pdf (PDF, 873 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand.

Ella Kummer.  Counting filters in adversarial settings [ Download pdf (PDF, 943 KB) vertical_align_bottom ] . Supervisor. Prof. Kenny Paterson, Co-supervisors: Dr. Anupama Unnikrishnan, Mia Filić.

Massimiliano Taverna.  Breaking Cryptography in the Wild: Web3 [ Download pdf (PDF, 1.4 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson.

Giacomo Fenzi.  Klondike: Finding Gold in SIKE [ Download pdf (PDF, 7.6 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Fernando Virdia.

Kien Tuong Truong.  Breaking Cryptography in the Wild: Threema  [ Download pdf (PDF, 824 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.

Jonas Meier.  Diophantine Satisfiability Arguments for Private Blockchains [ Download pdf (PDF, 2.1 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Patrick Towa.

Marc Ilunga.  Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol [ Download pdf (PDF, 1.2 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Robertas Maleckas.  Cryptography in the Wild: Analyzing Jitsi Meet [ Download pdf (PDF, 996 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.

Miro Haller. Cloud Storage Systems: From Bad Practice to Practical Attacks  [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matilda Backendal.

Lorenzo Laneve . Quantum Random Walks [ Download pdf vertical_align_bottom ]. Joint supervisor: Prof. Kenny Paterson.

Florian Moser . Swiss Internet Voting [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson.

Moritz Winger . Automated Hybrid Parameter Selection & Circuit Analysis for FHE [ Download pdf vertical_align_bottom ]. Joint supervisor: Prof. Kenny Paterson, Co-supervisor: Alexander Viand.

Tijana Klimovic . Modular Design of the Messaging Layer Security (MLS) Protocol [ Download pdf (PDF, 1.3 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Igors Stepanovs.

Radwa Abdelbar . Post-Quantum KEM-based TLS with Pre-Shared Keys [ Download pdf (PDF, 972 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Dr. Patrick Towa.

Raphael Eikenberg . Breaking Bridgefy, Again [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.

Andreas Pfefferle . Security Analysis of the Swiss Post’s E-Voting Implementation . Supervisor: Prof. Kenny Paterson.

Mihael Liskij . Survey of TLS 1.3 0-RTT Usage [ Download pdf (PDF, 803 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Nicolas Klose . Characterizing Notions for Secure Cryptographic Channels [ Download pdf (PDF, 1.4 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Alexandre Poirrier . Continuous Authentication in Secure Messaging [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Benjamin Dowling, Dr. Felix Günther.

Luca Di Bartolomeo . ArmWrestling: efficient binary rewriting for ARM [ Download pdf (PDF, 661 KB) vertical_align_bottom ]. Joint Supervisor: Prof. Kenny Paterson.

Matteo Scarlata . Post-Compromise Security and TLS 1.3 Session Resumption [ Download pdf (PDF, 1.5 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Benjamin Dowling.

Anselme Goetschmann . Design and Analysis of Graph Encryption Schemes [ Download pdf (PDF, 2.9 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Sikhar Patranabis.

Lara Bruseghini . Analysis of the OpenPGP Specifications and Usage . Joint Supervisor: Prof. Kenny Paterson.

Semira Einsele . Average Case Error Estimates of the Strong Lucas Probable Prime Test [ Download pdf (PDF, 893 KB) vertical_align_bottom ]. Joint Supervisor: Prof. Kenny Paterson.

Jan Gilcher . Constant-Time Implementation of NTS-KEM [ Download pdf (PDF, 3.2 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson. 

Thesis projects and finished theses with the cryptology and data security research research group at the University of Bern and in the Swiss Joint Master in Computer Science .

Thesis topics are related to our research and offered courses .

Many projects address theory and practice of cryptology and data security; some are purely theoretic but very few are only of practical nature.

Available projects for BSc and MSc theses

The indication of a BSc or MSc project type may be discussed and a smaller version of a project labeled MSc may often be carried out as a BSc thesis.

Many more projects in the research domain of the group are possible. If you would like to suggest a topic for a thesis project, please contact a team member to discuss your idea.

These projects are intended for computer-science students at the University of Bern and those enrolled in the Swiss Joint Master of Science in Computer Science . We do not offer any internships.

Current thesis projects

Completed thesis projects

Instructions and templates for theses

Once you have agreed with your supervisor on a topic and on a start- and end-date, fill in the corresponding form and complete the respective procedure:

For a BSc thesis, the form is available from the Studienfachberatung .

For a MSc thesis, follow the JMCS process .

Presentation

Every thesis must be presented near the completion or at the end of the project. Usually this occurs during the semester, within the regular seminar organized by the Cryptology and Data Security group. BSc students must also attend the seminar as a regular participant and get credit for it. The seminar’s title may vary; see the course page for details. You should agree with your supervisor in the initial stage of the thesis on where and when to present your work.

For archiving software and thesis report, log in once to the INF gitlab server with your Campus Account (small login box at the bottom). This creates your user representation inside the server. Then ask your supervisor to create a repository for the project under the group crypto-students according to the pattern:

For a seminar report you may use the sample article template used by the CRYPTO group .

For a BSc thesis a sample template is available on the Cryptography and Data Security group website .

For a Msc thesis, the sample template is available on JMCS website .

The final version of a thesis consists of a single PDF file. Printed copies are not needed. This file must also contain the signed declaration (“Erklärung”) , in which the candidate confirms that she/he personally authored the work. (Print, sign, scan, and include the declaration at the end of the thesis.)

Research advice

Computer-science research can, roughly, be divided into “systems” and “theory” projects.

In systems research, one builds, experiments, and measures. Research results are typically demonstrated through an evaluation. However, measuring the behavior of a complex system is tricky. If you measure anything in your project, then you should read and follow this useful resource:

• Always Measure One Level Deeper ( PDF Format ), authored by John Ousterhout, a distinguished systems researcher at Stanford University.

Theoretical research demonstrates its insight in abstract form, through algorithms, protocols, and (crypto)schemes described abstractly in the computer-science dialect of the language of mathematics. Here, results are typically demonstrated through proofs. If you author a theoretical thesis, then you should read and follow some advice on mathematical writing, such as:

Mathematical Writing by Knuth, Larrabee, and Roberts ( PDF Format ). Read points 1-27 on pages 1-6.

Many guides to mathematical writing can be found online. Pick one that you like.

Writing advice

Theses are written in English. Refer to a manual of style for guidance on writing scientific texts. You should read and follow at least the first two.

Advice on writing in computer science , published by Renée Miller of the University of Toronto, is a concise summary with pointers to more material.

The BSc thesis template explains how to assemble and format the bibliography using BibTeX.

Advice on Writing, Presentation & Plagiarism from the JMCS programme.

The Elements of Style by Strunk and White is a classic style guide (it even has its own Wikipedia page!) and one can find versions online .

After finishing the thesis, some forms have to be processed:

For BSc, the advisor completes the form and hands it to the Studiensekretariat.

For MSc, you fill in parts “Finishing…” and “Pledge…” on the back of the JMCS form for MSc theses and hand this to the Studiensekretariat at Uni BE. The advisor the completes the JMCS form, fills the form of Uni BE, and hands both to the respective recipients.

Finally, follow the steps to graduate .

• < Previous

Home > SCRIPPS > SCRIPPS_STUDENT > SCRIPPS_THESES > 1816

Scripps Senior Theses

Cryptography and digital signatures.

Maya Nichols , Scripps College Follow

Graduation Year

Document type.

Campus Only Senior Thesis

Degree Name

Bachelor of Arts

Mathematics

Christopher Towse

Douglas Goodwin

Terms of Use & License Information

Terms of Use for work posted in Scholarship@Claremont .

Rights Information

© 2022 Maya Nichols

What is security and what makes a cryptosystem secure? This thesis explores these questions by looking at the components of a couple public- key cryptosystems and digital signature schemes, attacks against them, and ways of improving security.

Recommended Citation

Nichols, Maya, "Cryptography and Digital Signatures" (2022). Scripps Senior Theses . 1816. https://scholarship.claremont.edu/scripps_theses/1816

This thesis is restricted to the Claremont Colleges current faculty, students, and staff.

Since May 26, 2022

Advanced Search

• Notify me via email or RSS
• Colleges, Universities, and Library
• Schools, Programs, and Departments
• Disciplines

Author Corner

• Faculty Submission
• Student Submission
• Policies and Guidelines

Useful Links

• Claremont Colleges Library
• Claremont Colleges Digital Library

Home | About | FAQ | My Account | Accessibility Statement

Privacy Copyright

Grab your spot at the free arXiv Accessibility Forum

Help | Advanced Search

Computer Science > Cryptography and Security

Title: distributed and secure linear algebra -- master thesis.

Abstract: Cryptography is the discipline that allows securing of the exchange of information. In this internship, we will focus on a certain branch of this discipline, secure computation in a network. The main goal of this internship, illustrated in this report, is to adapt a roster of protocols intended to do linear algebra. We want to adapt them to do algebra for matrices with polynomial coefficients. We then wish to make a complete analysis of the different complexities of these protocols.

Submission history

Access paper:.

• Other Formats

References & Citations

• Google Scholar
• Semantic Scholar

BibTeX formatted citation

Bibliographic and Citation Tools

Code, data and media associated with this article, recommenders and search tools.

• Institution

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs .

• Bibliography
• More Referencing guides Blog Automated transliteration Relevant bibliographies by topics
• Automated transliteration
• Relevant bibliographies by topics
• Referencing guides