Open Theses
If you are interested in writing a thesis with us, please contact Prof. Blömer. Even if none of the listed topics below interests you, still feel free to contact us and we'll try to find a good topic together.
Master's theses
 Improving features of anonymous communication

Many cryptographic systems, such as group signatures, have builtin privacy. For group signatures, this means that no polynomialtime adversary can, given a signature, find out who signed it (he only learns that some member of the group signed the message). In practice, the great measure of anonymity is diminished when used over the internet: if A sends an anonymous signature to B, then the signature itself does not reveal A's identity, but the IP address within the TCP packet does.
Using an anonymous communication system, a set of parties can communicate anonymously, i.e. the receiver of a message does not learn who sent it and the sender of a message only knows the receiver under some pseudonym. Today this is usually done using TOR. Recent research culminated in a new system that is based on trusted execution environments (such as Intel's SGX) and offers a much higher degree of security than TOR and other such schemes.
We suggest several possible extensions to this system:
 Revocation of pseudonyms (using, for example, Bloom filters)
 Efficiency improvements using network coding
 Allow nodes to dynamically join or leave the system
 ...
The thesis should deal with (some of) these extensions. Optionally, these ideas can be implemented into our existing prototype implementation (using the SGX SDK, language is C++).
There are initial ideas how to realize them, but there is lots of space for new ideas. The original construction uses ideas from both cryptography and overlay networks and is a nice application of both.  Fuzzy Clustering using musimilar Bregman Divergences

Fuzzy kMeans is a popular generalization of the classical kMeans problem to soft clusterings. From an algorithmic perspective however, it is much more difficult to compute provably good solutions. Typically, these problems use the squared Euclidean distance to measure how far data points are apart. The squared Euclidean distance is part of the musimilar Bregman divergences, a large class of dissimilarity measures sharing desirable characteristics.
Using sampling techniques to find good approximations of optimal centroids has proven to work for both, the kMeans problem using musimilar Bregman divergences and also for the Fuzzy kMeans problem using the squared Euclidean distance. The goal of this thesis is to explore whether this can actually be combined to obtain a good approximation algorithm for the Fuzzy kMeans problem using musimilar Bregman divergences.
 (Fully) Homomorphic Encryption in practice

The goal of this thesis is to research what the real world performance for (fully) homomorphic encryption FHE is nowadays.
Depending on the supported functions what are the real world running times achieved by different libraries.
For this topic one has to be proficient using and understanding programming APIs (not limited to one programming language).
Additionally the theory behind FHE has to be studied (not in detail, but on a basic level).
During the proposal time and the first month of the BA thesis there will be enough time to study and discuss FHE in general and to look into the available libraries.Contact: Fabian Eidens feidens at mail.unipaderborn.de
References:
github.com/jonaschn/awesomehe good starting point. For papers see resource section.
github.com/morfixio/nodeseal
morfix.io/sandbox
github.com/golemfactory/gMorph
github.com/ldsec/lattigo
github.com/vernamlab/cuFHE
github.com/tfhe/tfhe
github.com/jamespayor/vectorhomomorphicencryption
 Signatures with flexible Public Keys vs KeyHomomorphic Signatures vs Mercurial Signatures

Clarify the relation between the three signature types and what each of them offers.
Are there any equivalences between the definitions, e.g. SFPK does not imply keyhomomorphic signatures?
For this topic one has to first study the three signature types and then try to prove a relation based on the definitions.
Each of the types define a homomorphism on some of the elements of the signature, e.g. public and secret key homomorphism.
Contact: Fabian Eidens, feidens at mail.unipaderborn.deReferences:
SFPK
eprint.iacr.org/2018/191
KeyHomomorphic Signatures
eprint.iacr.org/2016/792
Mercurial Signatures
eprint.iacr.org/2018/923  Symmetric Searchable Encryption with Access Control

The thesis's goal is to analyze the searchable encryption scheme by Alderman et al. [1], which achieves multiple levels of access control despite relying solely on symmetric primitives. Additional goals are to make the scheme verifiable, so users can be sure search results are correct [2] and to make the scheme dynamic, so new searchable documents can be added and optionally removed [3].
Contact: Nils Löken, nilo at mail.unipaderborn.de
[1]* Alderman et al.: MultiLevel Access in Searchable Symmetric Encryption. FC 2017 Workshops.
[2] Bost et al.: Verifiable Dynamic Symmetric Searchable Encryption Optimality and Forward Security. IACR eprint archive, rep. 2016/062.
[3] Kamara et al.: Dynamic Searchable Symmetric Encryption. CCS 12.
Bachelor's theses
 Analyzing realworld applications of secure MPC protocols

A recent case study ( https://eprint.iacr.org/2018/450.pdf ) considers the usage of multiparty computation (MPC) protocols in realworld applications. In short, MPC protocols aim at enabling several parties to jointly evaluate a given function based on their private input data. In cryptography, protocols are usually considered secure when nothing beyond the function's results is leaked during an execution. Security models vary in the capacities of adversaries, e.g. ranging from eavesdropping to completely corrupting and controlling a certain number or fraction of the executing parties. There exist several fundamental protocols which are applicable to any given (computable) function achieving different levels of security. However, their efficiency is too low for realworld applications.
To match the realworld constraints, special MPC protocols and compositions thereof have been designed for certain use cases. The authors, which also participated in the construction of the 4 considered products, only sketch their used techniques, matched (or at least desired) security properties and performance. Interesting questions to be answered within a thesis, for example, are:
 Which security models underly the products?
 How do two similar products compare to each other (in terms of performance, functionality, "security", ...)?
 Have security properties been weakened for the sake of efficiency? If yes, where and why?
 How applicable are these products in reality, e.g. considering performance and usability? Are there other interesting products based on MPC protocols used in the wild?
 ...
 Distributed Key Generation for AttributeBased Signatures (BA/MA)

The thesis's goal is to develop and analyze a distributed version of the setup algorithm for the RouselakisWaters CPABE scheme [1]. The literature [2] suggests that distributed setup can be achieved by using a key generation protocol due to Gennaro et al. [3]. Specifically, we are interested in an analysis of the protocols from the literature [2, 3]. Secondary questions of interest are the existence or proposal of alternatives to the distributed key generation mechanism from [3] and alternatives to the secret sharing mechanisms internally used by [3], such as the mechanisms discussed by Beimel [4].
[1] Rouselakis, Waters: Practical Constructions and New Proof Methods for Large Universe AttributeBased Encryption. CCS 13.
[2] Blömer et al.: AttributeBased Encryption as a Service for Access Control in LargeScale Organizations. FPS 2017.
[3] Gennaro et al.: Secure Distributed Key Generation for DiscreteLog Based Cryptosystems. J. Cryptology (2007) 20.
[4] Beimel: Secret Sharing Schemes: a Survey. Coding and Cryptology (IWCC 2011).