Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

AG Codes and Kryptographie Bildinformationen anzeigen

AG Codes and Kryptographie

Offene Themen für Arbeiten

Wenn Sie eines der hier gelisteten Themen anspricht, melden Sie sich bei Prof. Blömer. Auch wenn Ihnen die hier gelisteten Themen nicht ansprechen melden Sie sich gerne und wir finden gemeinsam ein passendes Thema.


Improving features of anonymous communication

Many cryptographic systems, such as group signatures, have built-in privacy. For group signatures, this means that no polynomial-time adversary can, given a signature, find out who signed it (he only learns that some member of the group signed the message). In practice, the great measure of anonymity is diminished when used over the internet: if A sends an anonymous signature to B, then the signature itself does not reveal A's identity, but the IP address within the TCP packet does.

Using an anonymous communication system, a set of parties can communicate anonymously, i.e. the receiver of a message does not learn who sent it and the sender of a message only knows the receiver under some pseudonym. Today this is usually done using TOR. Recent research culminated in a new system that is based on trusted execution environments (such as Intel's SGX) and offers a much higher degree of security than TOR and other such schemes.

We suggest several possible extensions to this system:

  • Revocation of pseudonyms (using, for example, Bloom filters)
  • Efficiency improvements using network coding
  • Allow nodes to dynamically join or leave the system
  • ...

The thesis should deal with (some of) these extensions. Optionally, these ideas can be implemented into our existing prototype implementation (using the SGX SDK, language is C++).
There are initial ideas how to realize them, but there is lots of space for new ideas. The original construction uses ideas from both cryptography and overlay networks and is a nice application of both.

Fuzzy Clustering using mu-similar Bregman Divergences

Fuzzy k-Means is a popular generalization of the classical k-Means problem to soft clusterings. From an algorithmic perspective however, it is much more difficult to compute provably good solutions. Typically, these problems use the squared Euclidean distance to measure how far data points are apart. The squared Euclidean distance is part of the mu-similar Bregman divergences, a large class of dissimilarity measures sharing desirable characteristics.

Using sampling techniques to find good approximations of optimal centroids has proven to work for both, the k-Means problem using mu-similar Bregman divergences and also for the Fuzzy k-Means problem using the squared Euclidean distance. The goal of this thesis is to explore whether this can actually be combined to obtain a good approximation algorithm for the Fuzzy k-Means problem using mu-similar Bregman divergences.

(Fully) Homomorphic Encryption in practice

The goal of this thesis is to research what the real world performance for (fully) homomorphic encryption FHE is nowadays.
Depending on the supported functions what are the real world running times achieved by different libraries.
For this topic one has to be proficient using and understanding programming APIs (not limited to one programming language).
Additionally the theory behind FHE has to be studied (not in detail, but on a basic level).
During the proposal time and the first month of the BA thesis there will be enough time to study and discuss FHE in general and to look into the available libraries.

Contact: Fabian Eidens, feidens at

References: good starting point. For papers see resource section.

Signatures with flexible Public Keys vs Key-Homomorphic Signatures vs Mercurial Signatures

Clarify the relation between the three signature types and what each of them offers.
Are there any equivalences between the definitions, e.g. SFPK does not imply key-homomorphic signatures?
For this topic one has to first study the three signature types and then try to prove a relation based on the definitions.
Each of the types define a homomorphism on some of the elements of the signature, e.g. public and secret key homomorphism.
Contact: Fabian Eidens, feidens at

Key-Homomorphic Signatures
Mercurial Signatures

Symmetric Searchable Encryption with Access Control

The thesis's goal is to analyze the searchable encryption scheme by Alderman et al. [1], which achieves multiple levels of access control despite relying solely on symmetric primitives. Additional goals are to make the scheme verifiable, so users can be sure search results are correct [2] and to make the scheme dynamic, so new searchable documents can be added and optionally removed [3].

Contact: Nils Löken, nilo at

[1]* Alderman et al.: Multi-Level Access in Searchable Symmetric Encryption. FC 2017 Workshops.
[2] Bost et al.: Verifiable Dynamic Symmetric Searchable Encryption Optimality and Forward Security. IACR e-print archive, rep. 2016/062.
[3] Kamara et al.: Dynamic Searchable Symmetric Encryption. CCS 12.


Analyzing real-world applications of secure multiparty computation protocols

A recent case study ( ) considers the usage of secure multiparty computation (MPC) protocols in real-world applications. MPC protocols, in short, aim at enabling several parties to jointly evaluate a given function based on their private input data. In cryptography, such protocols are usually considered secure when nothing beyond the evaluated function's results is leaked during an execution. Security models vary in the abilities of adversaries, e.g. ranging from eavesdropping to adaptively corrupting and controlling a certain number or fraction of protocol participants. There exist several fundamental protocols which are applicable to any given (computable) function achieving different levels of security. However, their efficiency is often too low for practical applications.

To match real-world constraints, specialized MPC protocols and compositions thereof have been designed for certain use cases. The paper's authors, which also participated in the construction of the 4 considered products, only sketch their used techniques, matched (or at least desired) security properties and achieved performance. Interesting questions to be answered within a thesis, for example, are:

  • Which security models underly the products?
  • How do two similar products compare to each other (in terms of performance, functionality, security properties, ...)?
  • Have security properties been weakened for the sake of efficiency? If yes, where and why? 
  • How applicable are these products in reality, e.g. considering performance and usability? Are there other interesting products based on MPC protocols used in the wild?
  • ...? (Further suggestions)
Distributed Key Generation for Attribute-Based Signatures (BA/MA)

The thesis's goal is to develop and analyze a distributed version of the setup algorithm for the Rouselakis-Waters CP-ABE scheme [1]. The literature [2] suggests that distributed setup can be achieved by using a key generation protocol due to Gennaro et al. [3]. Specifically, we are interested in an analysis of the protocols from the literature [2, 3]. Secondary questions of interest are the existence or proposal of alternatives to the distributed key generation mechanism from [3] and alternatives to the secret sharing mechanisms internally used by [3], such as the mechanisms discussed by Beimel [4].

Contact: Nils Löken, nilo at

[1] Rouselakis, Waters: Practical Constructions and New Proof Methods for Large Universe Attribute-Based Encryption. CCS 13.
[2] Blömer et al.: Attribute-Based Encryption as a Service for Access Control in Large-Scale Organizations. FPS 2017.
[3] Gennaro et al.: Secure Distributed Key Generation for Discrete-Log Based Cryptosystems. J. Cryptology (2007) 20.
[4] Beimel: Secret Sharing Schemes: a Survey. Coding and Cryptology (IWCC 2011).

Die Universität der Informationsgesellschaft