Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Codes and Cryptography Bildinformationen anzeigen

Codes and Cryptography

Offene Themen für Arbeiten

Wenn Sie eines der hier gelisteten Themen anspricht, melden Sie sich bei Prof. Blömer. Auch wenn die hier gelisteten Themen Sie nicht ansprechen melden Sie sich gerne und wir finden gemeinsam ein passendes Thema. Wenn Sie allgemein auf der Suche nach Abschlussarbeitsthemen sind dann empfehlen wir zusätzlich diese Übersichtsseite.


Fuzzy Clustering using mu-similar Bregman Divergences

Fuzzy k-Means is a popular generalization of the classical k-Means problem to soft clusterings. From an algorithmic perspective however, it is much more difficult to compute provably good solutions. Typically, these problems use the squared Euclidean distance to measure how far data points are apart. The squared Euclidean distance is part of the mu-similar Bregman divergences, a large class of dissimilarity measures sharing desirable characteristics.

Using sampling techniques to find good approximations of optimal centroids has proven to work for both, the k-Means problem using mu-similar Bregman divergences and also for the Fuzzy k-Means problem using the squared Euclidean distance. The goal of this thesis is to explore whether this can actually be combined to obtain a good approximation algorithm for the Fuzzy k-Means problem using mu-similar Bregman divergences.

Contact: Johannes Blömer


Analyzing real-world applications of secure multiparty computation protocols

A recent case study ( ) considers the usage of secure multiparty computation (MPC) protocols in real-world applications. MPC protocols, in short, aim at enabling several parties to jointly evaluate a given function based on their private input data. In cryptography, such protocols are usually considered secure when nothing beyond the evaluated function's results is leaked during an execution. Security models vary in the abilities of adversaries, e.g. ranging from eavesdropping to adaptively corrupting and controlling a certain number or fraction of protocol participants. There exist several fundamental protocols which are applicable to any given (computable) function achieving different levels of security. However, their efficiency is often too low for practical applications.

To match real-world constraints, specialized MPC protocols and compositions thereof have been designed for certain use cases. The paper's authors, which also participated in the construction of the 4 considered products, only sketch their used techniques, matched (or at least desired) security properties and achieved performance. Interesting questions to be answered within a thesis, for example, are:

  • Which security models underly the products?
  • How do two similar products compare to each other (in terms of performance, functionality, security properties, ...)?
  • Have security properties been weakened for the sake of efficiency? If yes, where and why? 
  • How applicable are these products in reality, e.g. considering performance and usability? Are there other interesting products based on MPC protocols used in the wild?
  • ...? (Further suggestions)

Contact: Henrik Bröcher, henrik.broecher at

(Stable) Matching using Secure Multiparty Computation

The goal of secure multiparty computation protocols is, in general, to allow multiple parties to jointly perform a certain computation using their private inputs, without leaking these inputs to other participants. Existing protocols allow the joint evaluation of arbitrary functions. This generality, however, comes at the cost of efficiency. Therefore, for certain applications, specialized protocols were proposed.

One application is to securely realize matching algorithms. A matching algorithm is used to create a mapping between two disjoint sets of parties, where each party has a (potentially partial) preference order over the parties from the other set, such that the result provides some form of stability. An exemplary algorithm used to solve the so-called “Stable Marriage” problem is the Gale-Shapley algorithm. The goal of this thesis is to (find and) compare existing secure MPC implementations for matching scenarios.

While traditional implementations usually reveal the parties’ preferences either to some trusted third party, the matched partner, or even every participant, secure multiparty computation hides these. This thesis focusses on 1) finding such protocols (e.g.,, and 2) compare these, for example based upon their targeted model of security (active, passive, ...), efficiency, complexity,...

Supervisor: Henrik Bröcher (Maill)

Threshold Signature Schemes using Multiparty Computation

Threshold signature schemes enhance “normal” digital signature schemes in the sense that from n parties a fraction k<n is (at least) required to create a valid signature with respect to a jointly computed public key. This is a special use case for secure multiparty computation protocols where n parties jointly compute a given function (here, for example, the signing algorithm) without revealing their private data (here, their “shares” of a private key). Typically, this privacy of inputs is only guaranteed when a threshold k of all parties honestly runs a given code.

This topic aims to give an overview on existing threshold signature solutions, underlying assumptions, their security properties, and further features we/you identify as meaningful. A very recent publication concerning threshold signatures and MPC is, for example,


Supervisor: Henrik Bröcher (Maill)

Privacy-Preserving Collection and Evaluation of Log Files

In real world scenarios log files are maintained for telemetry and other reasons, e.g. to trace misbehavior or some regulations enforce some collection of data. One example is a company's network where one wants to trace users that use the network for things that are not permitted, e.g. visiting malware infected websites. These log files are in general an infringement of privacy. The data collection is not limited data that is necessary to detect or block such misbehaviors.

In this thesis the goal is to analyze (and/or develop) a concept of a data collection system that on the one side protects user's privacy and on the other side allows some form of data collection. More general speaking, a company that deploys such a system should still be able to evaluate some functions over the collected data, e.g. average bytes downloaded by a user, top ten domains visited. The thesis should also answer which functions are viable while ensuring privacy, where the kind of privacy is also an open question. While answering these questions one has to keep the tradeoff between evaluations of collected data and privacy in mind. Simply put, collecting the name of the employe in clear leaves no room for privacy regarding the name, where not collecting the name in any form (e.g. encrypted) erases the possibility to trace the user via its name.

We envision that the thesis first looks into a simple scenario (with equality as the evaluation function) and solutions based on hash function and deterministic encryption. Afterwards we want to take a look at more advanced scenarios and solutions such as Prio.

Supervisor: Fabian Eidens, feidens at

Privacy-preserving crypto: balancing utility and privacy in practical group signatures

Group signatures allow a user to sign anonymously with respect to the group. Therefore, a user signs in the name of the whole group. This gives an interesting semantic to a signature scheme, but also has its problems in reality. Is the group static one cannot ban users or add users. If it is not possible to get the real signer of a message in rare misbehavior scenarios the practical acceptance is low. Hence advanced group signature schemes support an opener that can reveal the identity of a signer. This is how far the formalities go, but in practice there has to be some rule that determines in which cases the opener is allowed or is able to reveal the identity of a signer. Even better would be that the utility of group signatures for practical applications gets extended and well balanced with the privacy concerns of the users up the point where opening is not the go to operation if one wants to find out more.

A recent line of works studies linkable group signatures, where a special party can convert a batch of group signatures to a representation such that signatures from the same user are linked. Thus, extending the utility by enabling applications such as analyzing if one or more users are responsible for the bulk of signed documents in a specific time frame the group. In general this linking does not violate the anonymity of the signers identify, but it allows correlated analysis where it is necessary to know that two or more data points (+ group signatures in them) are from the same user (or device).

Goal of the thesis is to survey the research in extending the utility of group signatures starting with the extension mentioned above (corresponding papers linked below). During the proposal phase the supervisor will also give a more related work and your first task is to search for further related work on your own. The survey should give a good overview of the extended utilities that are considered in research and also give a detailed explanation of the techniques that are used to achieve them. If a survey is not your cup of tea we can modify the topic to be a deep dive into a small subset of the papers, where you task is then to extend the security proofs, add missing explanations and preliminaries.

Supervisor: Fabian Eidens, feidens at

Parameters in Lattices: Bounds and Heuristics

In lattice cryptography there are many parameters. Many, if not all useful theorems require certain bounds on these parameters. Examples for these parameters are the length of some vectors under the L2 norm or the infinity norm, the spectral norm of matrices of certain distributions, or the so-called smoothing parameter.

When instantiating cryptographic schemes based on lattices, one has to decide on values for these parameters, such that security still holds. However, theoretical bounds can often be quite conservative, leading to not-so efficient schemes.

The question now is whether there are heuristics with which one could choose values for the parameters and how much these heuristics could improve the efficiency of the cryptographic schemes.

Your task is to identify interesting parameters, to create and implement heuristic tests for bounds and to compare the heuristics to the theoretical bounds. Afterwards you compare the efficiency of instantiations of some cryptographic schemes based on your heuristics and theoretical bounds.

A Decade of Lattice Cryptography: A good starting point to learn about lattices.

Supervisor: Laurens Porzenheim Mail

Die Universität der Informationsgesellschaft