## List of proposed topics and supervisors

### List of supervisors

**List:** contacts

### List of projects

### Supervised by Kristjan Krips and Sven Laur

**Implementing transformations based on discrete logarithm for ProveIt**

ProveIt is a cryptographic prover assistant that helps to do the proofs that are based on game rewriting. We have implemented some static analysis and syntactic transformations and therefore ProveIt has the basic functionalities required for creating simple game based proofs. As a next step we would like to add three discrete logarithm based transformations.

The task of this project is to implement:

1) a transformation for general discrete logarithm problem

2) a transformation for computation Diffie-Hellman problem

3) a transformation for decisional Diffie-Hellman problem

ProveIt is written in C++ and we are using Qt for development. OSX or
a linux distribution is required for the development (possible to work using a virtual machine).

The student would have to get to know the basics of game based proofs and to get to know the previous three problems. The implementation of these these transformations is divided into two steps. The first step is to generate a simple rewriting template. The second step is to check if a game satisfies assumptions that are needed to apply the rewriting template.

*Assigned to Yauhen Yakimenka*

### Supervised by Helger Lipmaa

**Efficient (Quasi-Adaptive) Non-Interactive Zero Knowledge**

To achieve security against malicious adversaries, one has to accompany cryptographic protocols with efficient zero knowledge protocols. Preferably, the zero knowledge protocols should be non-interactive (NIZK), and not rely on very strong assumptions (like random oracle, or knowledge assumptions). The most famous NIZK protocols under such standard assumptions were proposed by Groth and Sahai. However, the Groth-Sahai proofs require communication that is linear in the number of both variables AND the number of involved elementary statements. Recent developments have changed it: Jutla and Roy (best paper award at ASIACRYPT 2013) and Libert, Peters, Joye and Yung (accepted to EUROCRYPT 2014) have shown how to achieve sublinear communication though under some restrictions.

The goal of the student is to survey the mentioned two papers. It can be continued to independent research, possibly being a part of the MSc or PhD program.

*Assigned to Kairi Kangro*

**Computationally Efficient Mixnets for Electronic Voting**

To achieve security against malicous servers in e-voting, one of the most famous approaches is to use mixservers. Each mixserver takes as input a tuple of encrypted ballots, and --- without knowing the corresponding secret key -- randomizes the ciphertexts and permutes them. The results, together with a zero knowledge proof that the mixing step was done efficiently, can be verified later by everybody in a non-interactive manner.

The goal of the student is to survey some of the most practical mixnets (Bayer, Groth, Eurocrypt 2012; Terelius, Wikström, 2010) and see if they are efficient enough to be implemented in a large scale elections.

*Assigned to Ivo Kubjas*

### Supervised by Vitaly Skachek

**Batch codes**

Batch codes are used for simultaneous retrieval of k information bits from n different servers (buckets), such that at most one bit is read from each server. This property is useful in a number of applications, such as private information retrieval and load balancing.

In this project, the student will perform a study of different batch codes based on the following paper:

Y. Ishai, E. Kushilevitz, R. Ostrovsky and A. Sahai, "Batch codes and their applications", STOC 2004, pp. 262-271.

MSc or PhD level

*Assigned to Mayuresh Anand*

**Wiretap channel II**

The paper deals with the scenario, when k data bits are encoded into n > k bits and transmitted over a noiseless channel. An adversary can observe a subset of bits of size μ < n. The encoder is designed to maximize the intruder’s uncertainty h about the data given his μ intercepted channel bits, subject to the condition that the intended receiver can recover the k data bits perfectly from the n channel bits. The paper presents the optimal trade-offs between the parameters k, n, μ and h.

In this project, the student will study the following paper:

L.H. Ozarow, A.D. Wyner, "Wiretap channel II", Bell Labs Technical Journal, 63 (December 1984), pp. 2135-2157.

MSc or PhD level

*Assigned to Pille Pullonen*

**Index coding**

Consider a scenario, when a broadcast transmitter (base station) wants to deliver different packets to different wireless users (mobile phones), when users already have some partial information. The problem of index coding deals with optimizing the number of transmissions such that all requests of the users are satisfied. Apparently, when algebraic coding is used, the optimum number of transmissions is equal to the min-rank number of the corresponding information graph. The min-rank number of the graph is also related the size of the independent set of the graph and to the clique cover number of the graph. In such a way, the problem of index coding is reduced to problems on graphs.

In this project, the student has to read the paper, to write a report and to make a seminar presentation.

Z. Bar-Yossef, Y. Birk, T.S. Jayram, and T. Kol, "Index Coding With Side Information", IEEE Transactions on Information Theory, vol. 57, no. 3, March 2011.

MSc or PhD level

*Assigned to Ehsan Ebrahimi*

**How to make Bitcoin a better currency**

Bitcoin is a distributed digital currency which has gained a substantial popularity. The paper performs an in-depth investigation to understand what made Bitcoin so successful, while decades of research on cryptographic e-cash has not lead to a large-scale deployment. It asks how Bitcoin could become a good candidate for a long-lived stable currency. In doing so, several issues and attacks on Bitcoin are identified, and suitable techniques to address them are proposed.

S. Barber, X. Boyen, E. Shi, E. Uzun, "Bitter to Better — How to Make Bitcoin a Better Currency", Financial Cryptography and Data Security, Lecture Notes in Computer Science, Volume 7397, 2012, pp 399-414.

BSc, MSc or Ph.D. level

*Assigned to Siddharth Rao*

**Comparison of security measures against identity theft in various countries**

In this project, the student will make a comparative study of security measures against identity theft in various countries.

BSc or MSc level

**Security measures against credit card frauds**

In this project, the student will make a study of existing security measures against credit card frauds. The study will be based on the Payment Card Industry Data Security Standard.

References: Payment Card Industry Data Security Standard https://www.pcisecuritystandards.org/security_standards/documents.php

Wikipedia article on the PCI Data Security Standard http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

BSc or MSc level

*Assigned to Reem Bayomi*

**Slides:** Slides-VitalySkachek-Spring2014

### Supervised by Riivo Talviste and Sven Laur

**Mobile app for secure multiparty computation**

The task is to develop a simple mobile app that exemplify secure multiparty computation (SMC). Together with the supervisor(s) the student comes up with a use case to use SMC for a practical application in smart phones. The app should also be educational in the sense that a user is able to see incoming and outgoing messages (shares). The SMC part of this topic is rather simple. However, is it suitable for a student who is already familiar with developing apps for smart phones (iOS or Android) as there is probably no time to learn it from scratch during the course.

BSc or MSc level

*Assigned to Sevil Guler*

### Supervised by Dominique Unruh

**Everlasting Multi-party Computation**

Everlasting security: protecting data even against future attacks (when today's ciphers are broken). Without quantum crypto: Impossible. With quantum crypto and signature cards (e.g., Estonian ID-cards): Possible to keep data secret forever.

You do not need to understand/reproduce aspects of the paper involving quantum mechanics.

Based on the paper by Dominique Unruh

MSc or PhD level

*Assigned to Sushanta Paudyal*

- Ristenpart, T., Shacham, H., Shrimpton, T.:
**Careful with composition: Limitations of the indifferentiability framework**, Eurocrypt 2011

In the analysis of cryptographic schemes, hash functions are often modeled in a simplified way as so-called "random oracles". (These are totally random function exhibiting no attackable structure.) In reality, however, the hash function is often built from smaller building blocks. To capture this gap, the concept of indifferentiability is often used: A hash function is good ("indifferentiable") if you cannot tell the difference from a random oracle. But the present paper shows that even with indifferentiable hash functions, unexpected attacks can occur, and develops even stronger requirements to close this gap.

MSc or PhD level

*Assigned to Riivo Talviste*

- Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith.
**Fuzzy extractors: How to generate strong keys from biometrics and other noisy data.**

When using, e.g., a fingerprint as an encryption key, we have the problem that if we read the fingerprint later again, we might get a slightly different key. Which then cannot decrypt! Fuzzy extractors are algorithms which allow us to extract keys from fingerprints and similar noisy data, in such a way that encryption and decryption will match. Even if the fingerprints that were read are slightly different.

MSc or PhD level

- J. Bengtson, K. Bhargavan, C. Fournet, A. D. Gordon, and S. Maffeis.
**Refinement Types for Secure Implementations**. In CSF’08

Analysing security of complex protocols is often complex and error prone. We would like the computer to do it. This paper presents an approach where all security properties are encoded in the types of variables/expressions in programs. (E.g., x is type "encryption of an integer >= 5") If the program typechecks, it is secure.

MSc or PhD level

*Assigned to Tiit Pikma*

### Supervised by Jan Willemson (in collaboration with Cybernetica and STACC)

**Small-scale electronic elections**

The task of the project is to make an overview of the literature about electronic elections having smaller scale than the national ones we know in Estonia. For example, in several countries (e.g. Austria, Switzerland, Israel) voting by electronic means is used to elect student representatives in the universities. The final report should include an overview of the threats that arise in case of small-scale elections, and summarize different approaches that have been tried to assess these threats.

BSc or MSc level

**Slides:** Slides-JanWillemson

*Assigned to Valdur Kadakas.*

**Identity Card Key Generation in the Malicious Card Issuer Model**

The task for the project is to study possible approaches for generating and loading private keys in a smart card in such a way that a card issuer is prevented from learning the private key values.

MSc or PhD level

*Assigned to Arnis Parsovs*