Sie haben Javascript deaktiviert!
Sie haben versucht eine Funktion zu nutzen, die nur mit Javascript möglich ist. Um sämtliche Funktionalitäten unserer Internetseite zu nutzen, aktivieren Sie bitte Javascript in Ihrem Browser.

Info-Icon This content is partly available in English
[Translate to English:] AG Codes und Kryptographie Show image information

[Translate to English:] AG Codes und Kryptographie

Open Theses

If you are interested in writing a thesis with us, please contact Prof. Blömer. Even if none of the listed topics below interests you, still feel free to contact us and we'll try to find a good topic together. If you are looking for a general overview of open topics including other working groups, then please see this overview.

Master's theses

Fuzzy Clustering using mu-similar Bregman Divergences

Fuzzy k-Means is a popular generalization of the classical k-Means problem to soft clusterings. From an algorithmic perspective however, it is much more difficult to compute provably good solutions. Typically, these problems use the squared Euclidean distance to measure how far data points are apart. The squared Euclidean distance is part of the mu-similar Bregman divergences, a large class of dissimilarity measures sharing desirable characteristics.

Using sampling techniques to find good approximations of optimal centroids has proven to work for both, the k-Means problem using mu-similar Bregman divergences and also for the Fuzzy k-Means problem using the squared Euclidean distance. The goal of this thesis is to explore whether this can actually be combined to obtain a good approximation algorithm for the Fuzzy k-Means problem using mu-similar Bregman divergences.

Bachelor's theses

Analyzing real-world applications of secure MPC protocols

A recent case study ( ) considers the usage of multiparty computation (MPC) protocols in real-world applications. In short, MPC protocols aim at enabling several parties to jointly evaluate a given function based on their private input data. In cryptography, protocols are usually considered secure when nothing beyond the function's results is leaked during an execution. Security models vary in the capacities of adversaries, e.g. ranging from eavesdropping to completely corrupting and controlling a certain number or fraction of the executing parties. There exist several fundamental protocols which are applicable to any given (computable) function achieving different levels of security. However, their efficiency is too low for real-world applications.

To match the real-world constraints, special MPC protocols and compositions thereof have been designed for certain use cases. The authors, which also participated in the construction of the 4 considered products, only sketch their used techniques, matched (or at least desired) security properties and performance. Interesting questions to be answered within a thesis, for example, are:

  • Which security models underly the products?
  • How do two similar products compare to each other (in terms of performance, functionality, "security", ...)?
  • Have security properties been weakened for the sake of efficiency? If yes, where and why? 
  • How applicable are these products in reality, e.g. considering performance and usability? Are there other interesting products based on MPC protocols used in the wild?
  • ...
(Stable) Matching using Secure Multiparty Computation

The goal of secure multiparty computation protocols is, in general, to allow multiple parties to jointly perform a certain computation using their private inputs, without leaking these inputs to other participants. Existing protocols allow the joint evaluation of arbitrary functions. This generality, however, comes at the cost of efficiency. Therefore, for certain applications, specialized protocols were proposed.

One application is to securely realize matching algorithms. A matching algorithm is used to create a mapping between two disjoint sets of parties, where each party has a (potentially partial) preference order over the parties from the other set, such that the result provides some form of stability. An exemplary algorithm used to solve the so-called “Stable Marriage” problem is the Gale-Shapley algorithm. The goal of this thesis is to (find and) compare existing secure MPC implementations for matching scenarios.

While traditional implementations usually reveal the parties’ preferences either to some trusted third party, the matched partner, or even every participant, secure multiparty computation hides these. This thesis focusses on 1) finding such protocols (e.g.,, and 2) compare these, for example based upon their targeted model of security (active, passive, ...), efficiency, complexity,...

Supervisor: Henrik Bröcher (Maill)

Threshold Signature Schemes using Multiparty Computation

Threshold signature schemes enhance “normal” digital signature schemes in the sense that from n parties a fraction k<n is (at least) required to create a valid signature with respect to a jointly computed public key. This is a special use case for secure multiparty computation protocols where n parties jointly compute a given function (here, for example, the signing algorithm) without revealing their private data (here, their “shares” of a private key). Typically, this privacy of inputs is only guaranteed when a threshold k of all parties honestly runs a given code.

This topic aims to give an overview on existing threshold signature solutions, underlying assumptions, their security properties, and further features we/you identify as meaningful. A very recent publication concerning threshold signatures and MPC is, for example,


Supervisor: Henrik Bröcher (Maill)

Privacy-Preserving Collection and Evaluation of Log Files

In real world scenarios log files are maintained for telemetry and other reasons, e.g. to trace misbehavior or some regulations enforce some collection of data. One example is a company's network where one wants to trace users that use the network for things that are not permitted, e.g. visiting malware infected websites. These log files are in general an infringement of privacy. The data collection is not limited data that is necessary to detect or block such misbehaviors.

In this thesis the goal is to analyze (and/or develop) a concept of a data collection system that on the one side protects user's privacy and on the other side allows some form of data collection. More general speaking, a company that deploys such a system should still be able to evaluate some functions over the collected data, e.g. average bytes downloaded by a user, top ten domains visited. The thesis should also answer which functions are viable while ensuring privacy, where the kind of privacy is also an open question. While answering these questions one has to keep the tradeoff between evaluations of collected data and privacy in mind. Simply put, collecting the name of the employe in clear leaves no room for privacy regarding the name, where not collecting the name in any form (e.g. encrypted) erases the possibility to trace the user via its name.

We envision that the thesis first looks into a simple scenario (with equality as the evaluation function) and solutions based on hash function and deterministic encryption. Afterwards we want to take a look at more advanced scenarios and solutions such as Prio.

Supervisor: Fabian Eidens, feidens at

Privacy-preserving crypto: balancing utility and privacy in practical group signatures

Group signatures allow a user to sign anonymously with respect to the group. Therefore, a user signs in the name of the whole group. This gives an interesting semantic to a signature scheme, but also has its problems in reality. Is the group static one cannot ban users or add users. If it is not possible to get the real signer of a message in rare misbehavior scenarios the practical acceptance is low. Hence advanced group signature schemes support an opener that can reveal the identity of a signer. This is how far the formalities go, but in practice there has to be some rule that determines in which cases the opener is allowed or is able to reveal the identity of a signer. Even better would be that the utility of group signatures for practical applications gets extended and well balanced with the privacy concerns of the users up the point where opening is not the go to operation if one wants to find out more.

A recent line of works studies linkable group signatures, where a special party can convert a batch of group signatures to a representation such that signatures from the same user are linked. Thus, extending the utility by enabling applications such as analyzing if one or more users are responsible for the bulk of signed documents in a specific time frame the group. In general this linking does not violate the anonymity of the signers identify, but it allows correlated analysis where it is necessary to know that two or more data points (+ group signatures in them) are from the same user (or device).

Goal of the thesis is to survey the research in extending the utility of group signatures starting with the extension mentioned above (corresponding papers linked below). During the proposal phase the supervisor will also give a more related work and your first task is to search for further related work on your own. The survey should give a good overview of the extended utilities that are considered in research and also give a detailed explanation of the techniques that are used to achieve them. If a survey is not your cup of tea we can modify the topic to be a deep dive into a small subset of the papers, where you task is then to extend the security proofs, add missing explanations and preliminaries.

Supervisor: Fabian Eidens, feidens at

The University for the Information Society