## List of assigned research topics and dates

**List of assigned topics:** list-assigned-projects-04

## List of proposed research topics

**List of proposed topics in PDF format:** list-of-projects

### Supervised by Peeter Laud (in collaboration with Cybernetica)

**New approaches to formalizing composability**

Universal composability (UC), formalized at the turn of the century, is a methodology for constructing provably secure systems from provably secure components. In recent years this methodology has been generalized by Ueli Maurer (ETH Zürich) and his co-workers, allowing one to consider more aspects of the building blocks and carry them over to the composition.

The goal of this seminar topic is to study the recent papers of Maurer et al., to understand their definitions and how the generalize universal composability, and to produce a write-up accessible to students having passed the cryptography courses of UT. During the study, it is important to come up with examples clearly identifying what can be stated in the framework of UC, and what needs the generalizations of Maurer et al.

PhD level

*Assigned to Pille Pullonen.*

### Supervised by Helger Lipmaa

**Secure two-party computation**

While it has known for 30 years that one can implement any two-party computation securely by using Yao's garbled circuits, only recently have the corresponding protocols become practical. In particular, to achieve security against a malicious adversary, one often uses cut-and-choose together with other techniques. This is a rapidly changing area, that is also important for applications.

The goal of the student is to write an overview of some recent papers in this area, taking "Zero-Knowledge Using Garbled Circuits: How To Prove Non-Algebraic Statements Efficiently" (http://eprint.iacr.org/2013/073, accepted to ACM CCS 2013) as a starting point. This can grow to independent research if desired.

MSc or PhD level

*Assigned to Toomas Krips.*

**Verifiable Computation**

Modern consumer devices like tablets or even laptops are connected to the internet but do not have much computational power. Therefore, it is becoming a common practice to delegate the computation to third parties (like a cloud provide), who perform the computation --- for a small fee --- and then return the answer. The goal of verifiable computation is to enable the client to check quickly (much quicker than the computation, since otherwise delegation has no point) the correctness of the answer. Some recent papers have shown that this can be done efficiently for many practical problems, and not in theory, describing relevant implementations.

The goal of the student is to write an overview of some recent papers in this area, taking "Pinocchio: Nearly Practical Verifiable Computation" (S&P 2013, best paper award, http://eprint.iacr.org/2013/279) and "SNARKs for C" (Crypto 2013, http://eprint.iacr.org/2013/507) as a starting point. This can grow to independent research if desired, and since it is related to my own recent research (http://eprint.iacr.org/2013/121), I am highly motivated in that.

MSc or PhD level

*Assigned to Alisa Pankova.*

**Neuroscience meets cryptography**

The problem of inventing passwords that you can remember but others cannot guess is an important open problem in practice. One solution was proposed the last year, where the person trains to play a small computer game online, and to log in, it has to play it again. The server recognizes the person based on his or own playing style. It was shown, based on real experiments with volunteers, that one can easily train the server to uniquely recognize your own playing style. However, one cannot teach anybody else to play like himself or herself, and thus this scheme is even secure against the rubberhose attack (i.e., forceful reveal of passwords).

The goal of the student is to write an overview of the paper "Neuroscience meets cryptography: designing crypto primitives secure against rubber hose attacks" (USENIX 2012, https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final25.pdf), and collaboration with people from our new computational neuroscience group (lead by Raul Vicente) is encouraged, and we hope that such collaboration will continue.

BSc, MSc or PhD level. Preknowledge of cryptography is not needed

*Assigned to Saad Khan.*

**Attribute-based cryptography**

Common public-key encryption makes it possibly to transfer secret data to one specified entity. However, in many situations people need to transfer data to entities, specified by some attributes (for example, all MSc students of computer science who have passed a certain seminar), and in an efficient manner: that is, only encrypting the data once, and having a ciphertext that has length that depends on the complexity of the formula that describes the attributes (A AND B) but not on the number of the entities. Only recently has this goal been achieved.

The goal of the student is to write an overview of the paper "Attribute-Based Encryption for Circuits" (STOC 2013, http://eprint.iacr.org/2013/337) as a starting point. This can grow to independent research if desired.

MSc or PhD level

### Supervised by Vitaly Skachek

**Trusted storage over untrusted networks**

The data is stored in a distributed manner over two networks. The proposed scheme ensures that eavesdroppers with access to only one of the networks are unable to decode any stored symbol. This is achieved by coding techniques using Vandermonde matrices.

In this project, the student will study the proposed scheme and present it.

**Reference:** P.F. Oliveira, L. Lima, T.T.V. Vinhoza, J. Barros, M. Medard, "Trusted storage over Untrusted Networks", Globecom 2010, pp.1-5.

MSc or PhD level

**Locally decodable codes**

Locally decodable codes (LDC) are a special type of error-correcting codes that simultaneously provide efficient random access to the decoded data and high noise resilience. These properties are achieved by allowing reliable reconstruction of an arbitrary data bit from reading only a small number of randomly chosen codeword bits. Locally decodable codes can be used in private information retrieval.

In this project, various constructions of LDCs will be studied and compared.

**Reference:** S. Yekhanin, "Locally decodable codes: a brief survey", Coding and Cryptology, pp. 273-282, 2011.

MSc or PhD level

*Assigned to Ehsan Ebrahimi Targhi.*

**Slides:** Slides-VitalySkachek

### Supervised by Riivo Talviste and Sven Laur (in collaboration with Cybernetica)

**Mobile app for secure multiparty computation**

The task is to develop a simple mobile app that exemplify secure multiparty computation (SMC). Together with the supervisor(s) the student comes up with a use case to use SMC for a practical application in smart phones. The app should also be educational in the sense that a user is able to see incoming and outgoing messages (shares). The SMC part of this topic is rather simple. However, is it suitable for a student who is already familiar with developing apps for smart phones (iOS or Android) as there is probably no time to learn it from scratch during the course.

BSc or MSc level

**Slides:** Slides-RiivoTalviste

### Supervised by Dominique Unruh

All tasks below are paper reading/understanding/summarizing projects, except when mentioned differently.

**Everlasting Multi-party Computation**

Everlasting security: protecting data even against future attacks (when today's ciphers are broken). Without quantum crypto: Impossible. With quantum crypto and signature cards (e.g., Estonian ID-cards): Possible to keep data secret forever.

Based on the paper by Dominique Unruh

MSc or PhD level

**SNARKs for C: Verifying Program Execution Succinctly and in Zero Knowledge**

SNARKs are crypto protocols for proving that a certain long-running computation gets a certain result. Proofs can be verified by small devices (e.g., phones). The paper describes a highly optimized approach, including support for the GCC compiler and proofs in QR codes.

Based on the paper by Ben-Sasson et al.

MSc or PhD level

**On the Security of the TLS Protocol: A Systematic Analysis**

Analysis of the TLS protocol with cryptographic proofs of its security. Prior work analysed the handshake alone, but made no guarantees of security for the subsequent communication. This work closes that gap.

Based on the paper by Krawczyk, Paterson, Wee.

MSc or PhD level

*Assigned to Prastudy Fauzi.*

**Fuming Acid and Cryptanalysis: Handy Tools for Overcoming a Digital Locking and Access Control System**

Attack of actual, widely distributed electronic door locks, by a combination of physical attacks (lock picking etc.) and cryptanalysis.

Based on the paper by Strobel et al.

MSc level

*Assigned to Ivo Kubjas.*

**Bitcoin**

Bitcoin is a distributed eCash system (>1 billion euro total value) based on no central authority. Security is based on a number of clever techniques.

Task: describe and explain the protocol (at a level detailed enough to understand its security properties). This involves browsing literature/websites etc., since there seems to be no clear, self-contained description in a single place available.

MSc or PhD level

*Assigned to Arnis Parsovs.*

**Stealthy Dopant-Level Hardware Trojans**

Based on the paper from CHES '2013.

MSc or PhD level

*Assigned to Tiit Pikma.*

**Security of cars**

Modern cars become more and more computerized, thus opening up more and more opportunities for safety and even life-threatening attacks. In this seminar project, a survey of existing threats and countermeasures is made.

MSc level

*Assigned to Tiina Turban.*

**Quantitative Analysis of the Full Bitcoin Transaction Graph**

Bitcoin is a distributed eCash system (>1 billion euro total value) based on no central authority. Many people believe that it also provides anonymity because transactions do not carry the sender's id.

This paper analyses what we can learn from just analysing the (public) log of transactions and the money flows therein.

Based on the paper by Ron and Shamir

BSc level

**The Crossfire Attack**

The Crossfire Attack is an attack that brings down whole network segments in the Internet using only a small number of bots.

Based on the paper by Kang, Lee, Gligor

BSc level

**Hiding Information in Flash Memory**

The paper describes how to hide data in the timing characteristics of flash memory. We can hide the data without influencing normal operation of the flash, in a virtually undetectable way. The flash hardware does not even need to be modified.

BSc level

**Slides:** Slides-DominiqueUnruh

### Supervised by Jan Willemson (in collaboration with Cybernetica and STACC)

**Small-scale electronic elections**

The task of the project is to make an overview of the literature about electronic elections having smaller scale than the national ones we know in Estonia. For example, in several countries (e.g. Austria, Switzerland, Israel) voting by electronic means is used to elect student representatives in the universities. The final report should include an overview of the threats that arise in case of small-scale elections, and summarize different approaches that have been tried to assess these threats.

BSc or MSc level

**Slides:** Slides-JanWillemson

*Assigned to Valdur Kadakas.*