Thesis Topics

In the mid 1990's, Peter Shor found his famous algorithm to factorize large numbers. It soon turned out that this algorithm can be used to break essentially all public-key cryptosystems in practical use today. On the positive side, the type of quantum computer required to run Shor's algorithm isn't available yet -- but there is an urgent need for new "post-quantum" asymmetric cryptosystems, which will survive the advent of reliable large-scale quantum computers.

There is an ongoing effort to study and eventually standardise such cryptosystems, specifically for new "key encapsulation mechanisms" and new "digital signature schemes":

https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf

"Post-Quantum Security" refers to cryptographic security against an attacker that can utilize a powerful quantum computer. Currently, such a device does not exist. However, as technology advances, many currently used algorithms labeled as secure will be useless against an attacker that has access to a sufficiently large quantum computer.

Topics for Bachelor Students

• The McElice KEM
• The CRYSTALS-KYBER KEM and CRYSTALS-DILITIUM signatures
• The NTRU and NTRU-Prime KEMs
• SPHINCS+: A stateless hash-based signature scheme

Topics for Master Students

• Lattice-Based Cryptosystems
• Code-Based Cryptosystems
• Hash-based Digital Signatures

The specific scope for the topics below can be adjusted for either Bachelor or Master Students.

Knowledge of (basic) quantum-computing concepts is recommended or required (e.g. through the lecture: Quantum Algorithms and Cryptanalysis).

Not only for asymmetric cryptographic algorithms, "Post-Quantum Security" is an important topic to look at. While only some years ago, most researchers agreed that symmetric cryptography algorithms and schemes are quite safe against quantum computers, recent research has shown that many of the currently used constructions are unsafe against a quantum attacker.

• Post-Quantum Security of Symmetric Encryption Algorithms
• Post-Quantum Unforgeability in Symmetric Authentication or Authenticated Encryption Schemes
• Exploration of newly designed or modified Encryption, Authentication and Authenticated Encryption Constructions that claim Post-Quantum Security

Topics for Bachelor Students

• Privacy-Preserving Record Linkage

Record linkage is a crucial step in many database applications. At the same time, record linkage can be a privacy issue. To what degree is it possible to support record linkage while maintaining a well-specified and quantifiable amount of privacy for the user?

Topics for Master Students

• Proofs of Storage

In recent years, the idea of hash-based cryptocurrencies, such as Bitcoin, has taken off. A disadvantage of Bitcoin is the dependency on cryptographic "proofs of work", which are, de facto, a "proof of power consumption" and CO2-emission. Thus, we study environmentally more friendly alternatives, such as "proofs of storage".

The specific scope for the topics below can be adjusted for either Bachelor or Master Students.

• Implementing and Proving Algorithms in SPARK

SPARK is an Ada-based programming language, which is used for the developement of dedicated secure software. SPARK supports the specification and the verification of the information flow of an implementation, as well as pre- and postconditions.  The goal is to implement easy algorithms in SPARK (sorting and searching, the arithmetic of big numbers, etc.), and to prove the implementations using the SPARK toolset.

• A Simulator/Demonstrator for Grover and Other Quantum Algorithms

Quantum algorithms have the reputation of being difficult to grasp. To some degree, this reputation may be well-deserved -- but not all quantum algorithms are so difficult. The main goal for the thesis is a simplified quantum simulator with a visual interface to implement some simple quantum algorithms, such as Grover's quantum search algorithm. The simulator shall be used to give junior students a first impression of quantum algorithms, e.g., in the context of "Byte the Bytes".

• Evaluation of RUST as a language for secure and reliable software.

RUST is a language which has been introduced with the development of reliable
software in mind. To evaluate RUST, some cryptographic library shall be
used and some security protocols shall be implemented, and compared to
implementations in other languages, such as the Ada language or C and C++.

The specific scope for the topics below can be adjusted for either Bachelor or Master Students.

• Single-Page Cryptography

You have been captured and wrongly imprisoned and need to communicate an encrypted message to your outside contact with an emergency key phrase that you both memorized in case of danger. Luckily, in your thesis you designed a cryptographic system that fits only on one regular page which is easy enough to memorize. Since you can only send one message, you want to make sure that you have memorized the "implementation" correctly. That's why you also memorized an easy self testing procedure, with which you can test if your implementation is correct. Now that everything is correct, you can use your Mini-Encryption System to encrypt the message so that it is only readable by your contact in the outside world which knows the key phrase.

An example for such a system could be the RC4 stream cipher. Unfortunately, RC4's security has been semi-successfully attacked before and it provides neither a way to encrypt multiple messages under the same key nor does it provide authentication.

• Easy Attacks - Attacking the AEZ Cryptosystem

AEZ (pronounced "easy") is a cryptosystem, which uses four rounds of the AES as the internal building block. The goal is to describe attacks, when this building block is reduced to less than four rounds.

• Leakage-Resilient Symmetric Cryptosystems

In cryptography, "leakage resilience" is the ability of a cryptosystem to provide security even when the adversary has access to a side-channel, such as, e.g., a power consumption trail from operations using the secret key. The goal is to study symmetric cryptosystems, which have been claimed to be "leakage-resilient" by their designers.

• Analysis of the Duplex and sponge modes

The „Duplex Mode“ is an increasingly popular construction used in modern symmetric cryptography algorithms. One example is the authenticated encryption mode of the recent ASCON standard for Lightweight Cryptography. You will analyse new variants of the Duplex mode, which, if secure, could provide some practical benefits. You will challenge the security of those variants, both by potentially discovering attacks, and by searching for ideas for security proofs.

When binary data are sent from one party to another one, the encoding of the data can be described as a “data serialisation” language. Many of these languages employ the “length-prefix” pattern for strings, containers and other data items of variable length. This consists of an encoding of the item’s length, followed by an encoding of the item itself without closing brackets or “end” symbols.

Length-prefix languages are not context-free. Thus, the plethora of tools and methods to specify, analyse, and parse context-free languages appears to be useless for length-prefix languages. This seems to explain why improper specifications of length-prefix languages and buggy hand-written parsers are so often a root cause for security issues and exploits, as, e.g., in the case of the famous Heartbleed bug.

Your task could be one (or more) of the following:

1. building upon EBNF for context-free languages, develop a grammar for our formal language class "calc-context-free" [2],
2. develop an automatic parser generator or a wrapper for existing parser generators like YACC based on an already established algorithm in [2] (including a reference implementation),
3. examine formal properties of the "calc-regular" [1] and "calc-context-free" languages [2] and examine if certain theorems are decidable efficiently (i.e. in polynomial time).

The work would be based on the previous work from your fellow students, which you can find in the following sources:

[1] Grosch, König, Lucks: "Taming the Length Field in Binary Data" - https://ieeexplore.ieee.org/document/8227292

[2] Jakoby, Leuther, Lucks: "Formal Language Theory for Practical Security" -  https://ieeexplore.ieee.org/document/9474290

(If you'd like free access to the papers, please contact jannis.leuther@uni-weimar.de)