## List of supervisors and schedule

Contact details of supervisors

## List of projects

### Supervised by Sven Laur

**Low-communication SMC protocols from Boolean circuits**

In secure multi-party computation (SMC), a number of mutually distrusting parties aim to compute a known function on their secret inputs without revealing one's input to the other involved parties. The practical solutions for SMC today use distributed protocols involving many parties to jointly compute the desired functionality. The bottleneck for these protocols is the network layer - communication and bandwidth. Yao's garbled circuits is a round-efficient SMC technique, that uses Boolean circuit representation of the function that is computed. On the other hand, BGW-style protocols arithmetic circuits over rings and have linear round-complexity in multiplicative depth of circuit, but overall communication size is smaller.

For more involved operations on the bit-level, arithmetic circuits that use primitive gates on longer bit-length arguments may not be optimal. On the other hand, Yao-style protocols use Boolean circuits, but the communication overhead is larger for computing an AND-gate, compared to overhead of BGW-style multiplication gate. The idea of this seminar topic is to use BGW-style computation on an optimized Boolean circuit.

The recent domain-specific language for protocol development on the Sharemind platform allows to generate optimized BGW-style protocol code from an arithmetic DAG [1]. For Yao-style protocols, optimized Boolean circuits can be generated for example using CBMC-GC compiler for C [2]. The task of the student is to experiment with these tools and try to build optimal protocols by implementing a translator from CBMC-GC Boolean circuit to the arithmetic DAG, that is then compiled to a BGW-style protocol. The hypothesis is that this method should give faster protocols for operations involved in the bit-level than both regular Yao or BGW approach. The student should check the validity of this hypothesis by implementing a representative set of protocols and comparing speed benchmarks and communication complexity with corresponding Yao-style and secret sharing based (BGW) protocols. For best comparison, existing protocols of Sharemind should be used for benchmarks.

[1] Peeter Laud, Jaak Randmets. A Domain-Specific Language for Low-Level Secure Multiparty Computation Protocols. In Proceedings of 22nd ACM Conference on Computer and Communications Security. 2015.

[2] CBMC-GC. http://forsyte.at/software/cbmc-gc/

M.Sc. or Ph.D. level, background in compilers or secure multiparty computation

*Assigned to Sander Siim*

### Supervised by Benson Muite

**Operating system security**

Examine the security of operating systems such as Pure OS[1] and QUBES OS[2]. Give your reasoned argument as to whether the average user would be able to obtain the security and privacy benefits such software platforms provide or whether they would be safer with a closed source operating system. Also determine whether the average user would need to couple such software with open hardware.

[1] https://puri.sm/pureos/

[2] https://www.qubes-os.org

B.Sc., M.Sc. or Ph.D. level

*Assigned to Rasmus Vahtra*

### Supervised by Vitaly Skachek

**Attacks and countermeasures for LDPC-based McEliece cryptosystem**

The McEliece cryptosystem is a public-key cryptosystem, which is based on a use of error-correcting codes. It has succesfully survived numerous breaking attempts. However, McEliece cryptosystem was not used in practical application due to a very large size of a public key and low transmission rates. In order to overcome these weaknesses, it was proposed to replace Goppa codes with low-density parity-check (LDPC) codes. That, however, could make the system based on LDPC codes vulnerable to some attacks.

In this project, the student will study the recent advances in the security of McEliece cryptosystem based on LDPC codes, its potential attacks and countermeasures.

References:

[1] Marco Baldi, Marco Bodrato, Franco Chiaraluce, "A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes", Volume 5229, Lecture Notes in Computer Science, pp. 246-262.

[2] Marco Baldi, "LDPC codes in the McEliece cryptosystem: attacks and countermeasures", http://arxiv.org/pdf/0710.0142.pdf

M.Sc. or Ph.D. level

**Synchronizing edits in distributed storage networks**

In the distributed storage networks it is needed to synchronize the insertion and deletion of files, while minimizing the storage overhead and communication complexity. In this project you will study efficient protocols that achieve that goal.

Reference:

[1] Salim El Rouayheb, Sreechakra Goparaju, Han Mao Kiah, Olgica Milenkovic, "Synchronizing Edits in Distributed Storage Networks", http://arxiv.org/pdf/1409.1551.pdf

M.Sc. or Ph.D. level

*Assigned to Oliver Lill*

### Supervised by Gelo Noel M. Tabia

**Quantum secret sharing**

Secret sharing refers to methods for distributing a secret to several parties such that a certain number of shares are required to reconstruct the secret. Several secure and efficient schemes are known for sharing a classical secret.

In this project, the goal is describe simple secret sharing schemes implemented using quantum states. Particularly, the task is to describe how a quantum secret can be shared securely using GHZ states and entangled qutrits.

[1] Hillery, Buzek, and Berthiaume, "Quantum secret sharing." http://arxiv.org/abs/quant-ph/9806063

[2] Cleve, Gottesman, Lo, "How to share a quantum secret." http://arxiv.org/abs/quant-ph/9901025

M.Sc. or Ph.D. level

*Assigned to Tore Vincent Carstens*

### Supervised by Dominique Unruh

**Formal Certification of Code-Based Cryptographic Proofs**

Cryptographic proofs are, by nature, very error-prone. Human-checked proofs will often contain errors and are thus not trustworthy. The present paper presents an approach for machine-verification of cryptographic schemes. The task is to summarize the content of the paper in an accessible form to a general CS audience. (Additional tasks for more credits are possible, too.)

http://dl.acm.org/citation.cfm?doid=1480881.1480894

M.Sc. or Ph.D. level

**Zero-knowledge against quantum attacks**

"Zero-knowledge proofs" are a highly important tool in modern cryptography. However, when faced with quantum adversaries, existing proof techniques break down. The paper describes methods how to salvage zero-knowledge proofs in a quantum setting. The task is to summarize the idea of zero-knowledge, the classical way of solving it, the problems arising in the quantum setting, and the solutions thereto, in a way accessible to a general CS audience. (Extra tasks for extra credits are possible.)

http://arxiv.org/abs/quant-ph/0511020

M.Sc. or Ph.D. level

**Quantum proofs of knowledge**

"Proofs of knowledge" are a highly important tool in modern cryptography. However, when faced with quantum adversaries, existing proof techniques break down. The paper describes methods how to salvage proofs of knowledge in a quantum setting. The task is to summarize the idea of proofs of knowledge, the classical way of solving it, the problems arising in the quantum setting, and the solutions thereto, in a way accessible to a general CS audience. (Extra tasks for extra credits are possible.)

http://eprint.iacr.org/2010/212.pdf

M.Sc. or Ph.D. level

*Assigned to Ivo Kubjas*