## List of supervisors, schedule and projects

### Contact details of the supervisors and schedule

### Projects

### Supervised by Ehsan Ebrahimi

(This project was added after the kick-off meeting. It is availale for taking.)

The project is based on the paper by Christian Badertscher, Ueli Maurer, Daniel Tschudi, and Vassilis Zikas "Bitcoin as a Transaction Ledger: A Composable Treatment?" https://eprint.iacr.org/2017/149.pdf

The student's task is to read, understand, write a summary and present the paper.

PhD or MSc level

*Assigned to Mart Simisker*

### Supervised by Benson Muite

**Open source voting applications**

There are a number of open source voting applications including:

https://github.com/nextcloud/polls

https://github.com/kellerben/dudle

https://github.com/ryanlerch/elections

Examine some of these applications. Do they allow for anonymous voting, if so how good are the implementations? How might they be improved?

BSc or MSc level

**Secure communication**

Design and build a secure and simple encrypted chat, voice or messaging system. Be sure to explain choice of protocols used, their software and hardware implementations. You may build on existing projects, but the final result should be as simple as possible.

BSc or MSc level

**Sparse fast Fourier transform**

Perform a survey of algorithms for the sparse fast Fourier transform. Explain the main concepts. Possibly implement the sparse fast Fourier transform or use an implementation of the sparse fast Fourier transform in the creation of jpeg like files.

MSc or PhD level

**Meltdown and Spectre**

Review the papers on Meltdown and Spectre. Try to reproduce the vulnerability on a modern CPU. Determine whether this impacts the Estonian ID card system.

References: https://meltdownattack.com/

Level: BSc, MSc, PhD

### Supervised by Arnis Parsovs

**Reproducing iOS Vote Verification Application Builds for Estonian I-Voting System**

The Estonian I-voting System provides vote verification feature which can be used by the voter to check if the vote has reached the election servers as intended. The vote can be verified using vote verification application which is provided for Android and iOS mobile operating systems. The Estonian National Electoral Committee has published the source code of the vote verification application in a GitHub repository. The purpose of this project is to verify whether the vote verification application binary distributed in the iOS app store in the election period was compiled from the source code published in GitHub. The task involves reproducing build environment until the build process produces binary package that matches the package distributed in the app store. The report should describe the reproduction process and provide the recommendations for making the build process more reporoducible-friendly.

GitHub repository: https://github.com/vvk-ehk/

PhD, MSc or BSc level

### Supervised by Vitaly Skachek

**Security for 4G and 5G Cellular Networks**

This project is based on the following paper and the references therein:

[1] Mohamed Amine Ferrag, Leandros Maglaras, Antonios Argyriou, Dimitrios Kosmanos, and Helge Janicke, "Security for 4G and 5G Cellular Networks: A Survey of Existing Authentication and Privacy-preserving Schemes", https://arxiv.org/pdf/1708.04027.pdf

The student will perform a comprehensive survey of existing authentication and privacy-preserving schemes for 4G and 5G cellular networks, and their countermeasures. A classification of threat models in 4G and 5G cellular networks consists of four categories, including, attacks against privacy, attacks against integrity, attacks against availability, and attacks against authentication. Possible countermeasures can be divided into three types of categories, including, cryptography methods, humans factors, and intrusion detection methods. The countermeasures and informal and formal security analysis techniques used by the authentication and privacy preserving schemes will be summarized and presented.

BSc or MSc level

*Assigned to Shahla Atapoor*

**Using Blockchain Technology in Distributed Storage Systems**

It is proposed to use blockchain technology in order to manage future distrbuted storage systems. In systems like the one developed by Storj, millions of users offer their disk space for storing someone's else data in exchange for small royalties. The data is divided into pieces and encrypted, and each piece is stored in a different user's computer. The management of the data is done via blockchain.

In this project, the student will survey existing approaches to blockchain-based distributed storage systems, and discuss their pros and cons.

References:

http://dataconomy.com/2018/01/blockchain-data-storage-decentralized-future

https://cointelegraph.com/news/is-blockchain-technology-really-the-answer-to-decentralized-storage

https://storj.io/metadisk.pdf

https://ipfs.io/ipfs/QmR7GSQM93Cx5eAg6a6yRzNde1FQv7uL6X1o4k7zrJa3LX/ipfs.draft3.pdf

BSc, MSc or PhD level

*Assigned to Bruno Didier Produit*

**Private information retrieval with side information**

The problem of Private Information Retrieval (PIR) in the presence of prior side information is studied. The problem setup includes a database of K independent messages possibly replicated on several servers, and a user that needs to retrieve one of these messages. In addition, the user has some prior side information in the form of a subset of M messages, not containing the desired message and unknown to the servers. The objective of the user is to retrieve the required message without revealing its identity while minimizing the amount of data downloaded from the servers.

The goal of the project is to read and understand the paper, to summarize it and to present in the class.

https://arxiv.org/abs/1709.00112

MSc or PhD level

*Assigned to Sander Mikelsaar*

### Supervised by Ahto Truu (*Guardtime*)

**Comparison of gossip mechanisms for blockchains/authenticated data structures**

Blockchains and authenticated data structure based servers can be augmented with gossip protocols when the parties don't trust each other and/or publication of checkpoints is deemed too cumbersome. The goal of this research effort is to compare various existing gossip protocols with respect to performance, suitable use cases, security, maturity of existing libraries, etc.

References to authenticated data structures:

- https://www.continusec.com/product/verifiable-data-structures
- https://github.com/google/trillian/blob/master/docs/VerifiableDataStructures.pdf

References to gossip protocols:

- IPFS publish/subscribe mechanism - https://ipfs.io/blog/25-pubsub/
- Kademlia based DHT - http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.76.8338&rep=rep1&type=pdf
- Other DHT based mechanisms like Pastry, Chord, etc - https://pdos.csail.mit.edu/~strib/presentations/pvc-infocom05.pdf
- libp2p gossip - https://github.com/dfinity/js-libp2p-gossip-discovery
- Tendermint's gossip based on PEX, libp2p - https://github.com/tendermint/tendermint/issues/988

Approximately MSc level

**Comparison of Swirlds' hashgraph and IoTA's tangle to existing blockchains**

Swirlds' hashgraph and IoTA's tangle are being touted as the replacements for existing blockchains. Goal of this research is to compare them to existing blockchain/consensus mechanisms with respect to performance, security, shortcomings, etc.

References:

- Swirlds - https://www.swirlds.com/whitepapers/
- IoTA - https://iota.org/IOTA_Whitepaper.pdf

Approximately MSc level

*Assigned to Janno Siim*

### Supervised by Dominique Unruh

**Verification of crypto with EasyCrypt**

Cryptographic proofs are typically very error prone. Humans make mistakes that are hard to notice. To avoid this, machine-verified proofs can be used. EasyCrypt is a popular tool for formulating such proofs. The task of the seminar is to give an introduction to EasyCrypt (with own examples) to the class, and to create a report explaining EasyCrypt.

Required background: Crypto I or comparable

**Formal proofs in Isabelle/HOL**

If we want to make sure that mathematical proofs are correct, you can use a proof assistant such as Isabelle/HOL. This software allows us to write a mathematical proof such that the computer understands it, and to check their correctness. The task is to understand the basic principles of Isabelle/HOL, and to explain them to the class, based on your own example proof. (And a report, of course.)

You should not take this topic if you took a lecture on Isabelle/HOL! (E.g., Vesal Vojdaniâ€™s)

*Assigned to Sara Chiers*

**Verification of crypto with Isabelle/HOL**

Cryptographic proofs are typically very error prone. Humans make mistakes that are hard to notice. To avoid this, machine-verified proofs can be used. A general purpose proof assistant like Isabelle/HOL can be used for this (this gives more trustworthy proofs than, e.g., EasyCrypt). This is facilitated by a framework such as CryptHOL. The task is to explain an example proof in CryptHOL (not necessarily your own because CryptHOL is a bit more tricky).

Required background: Some course on Isabelle/HOL (or experience with). Crypto I or comparable.

**Survey of quantum algorithms**

Give a survey of the state of the art in quantum algorithms. For which problems are there algorithms that beat what classical computers can do? (This is to a large part literature search.)

Required background: Something with quantum computing / quantum crypto

**NIST quantum competition - the candidates**

Give an overview over the submissions to the NIST competition for post-quantum secure cryptosystems. This competition is going to select future standards for cryptosystems that are supposed to withstand quantum attacks. (This is to a large part consolidation of different articles etc.)

Required background: Crypto I

### Supervised by Michal Zajac

**Fruitchain or how to reduce variations of prizes in Bitcoin**

One way to get bitcoins is mining them, by confirming blocks to blockchain. Since mining bitcoins is a huge business now, expected time needed to mine a single bitcoin is very long. This comes since the expected time is inversely proportional to the partyâ€™s share of the total computational power in the whole blockchain. On the other hand, the prize is also considerable. The mining has big variation then â€“ a long time with no reward at all, and a big reward in the end. This makes people join mines, where the computational power is put together and all prizes shared. The problem with such mines is that there are very few of them and their agenda is unknown â€“ if some mines decide to collude and break the security of Bitcoin, it is possible. To discourage people from joining such facilities, Pass and Shi proposed an alternative to the standard Bitcoin blockchain, called fruitchain, which allows people to mine many block at the same time. The prize for confirming a block is smaller, yet the probability of getting it is bigger, exactly as in a mine.

The task for the student is to read, understand and present an article "FruitChains: a Fair Blockchain," Rafael Pass, Elaine Shi, https://eprint.iacr.org/2016/916.pdf

*Assigned to Kyrylo Voronchenko*

**Lightning or how to pay quickly with Bitcoin**

Except from being a speculation bubble, the main problem with Bitcoin is its inefficiency and (lack of) scalability. A very limited number of transactions that can be confirmed in each Bitcoin blockchain block and a small rate of block production (one block in every 10 minutes) constrain Bitcoin usability for small and quick transactions, like everyday shopping.

For the rescue comes Lightning. Lightning network allows to make Bitcoin transactions cheaper and quicker. It relies on virtual channels, an off-blockchain connection between two parties which uses blockchain only in case of a disagreement between them. What makes lightning special is fact that the channels can be combined. That is, given channels between parties A and B and between B and C, we can easily build a channel connecting A and C.

The task for the student is to read, understand and present an article "The Bitcoin Lightning Network: Scalable Off-Chain Instant Payments," Joseph Poon, Thomas Dryja, https://lightning.network/lightning-network-paper.pdf

See: https://arstechnica.com/tech-policy/2018/02/bitcoins-lightning-network-adeep-dive/ for more informal explanation.

*Assigned to Karim Baghery*

**Secure multi-party computation with PoW**

Many multi-party protocolsâ€™ security is often proven assumed: (1) broadcast channel that is a possibility for a party to send a message to all other parties such that all parties agree on the messageâ€™s content; (2) honest majority most of the parties behaves correctly and accordingly to the executed protocol. It turns out, both of these assumptions can be fulfilled using primitive known as Proof-of-Work (PoW). To explain PoW in practice, look at the Bitcoin, which security relies on it. To add a block to the blockchain one has to show that some work has been done related to the block. For example, one has to show it solved some cryptographic puzzles. Cryptographic puzzles require a lot of work (computational power use) to solve, thus presenting a solution for them gives the desired proof. A PoW-based blockchain is secure under assumption that most of the computational power of the parties participating in it is honest. The assumption assures that, statistically, majority of block will be added to the blockchain by honest parties.

The task for the student is to read, understand and present an article "Distributed Cryptography Based on the Proofs of Work," Marcin Andrychowicz, Stefan Dziembowski, https://eprint.iacr.org/2014/796.pdf

*Projects of Michal Zajac in one file: michal_projects_s18.pdf*

### Supervised by Michal Zajac and Vitaly Skachek

**Redactable Blockchain**

In the case when blockchain contains incorrect or outdated entries, it might be desirable that a trusted entity could modify the entries in the blockchain. Recently, a novel framework was proposed that allows for changing or compressing the data in the blockchain. The proposed approach uses so-called Chameleon Hash functions (Krawczyk and Rabin, â€™00), which allow determining hash collisions efficiently, given a secret trapdoor information. A chameleon hash function can be integrated into a blockchain-based technology, for both cases where the power of redacting the blockchain content is in the hands of a single trusted entity and where such a capability is distributed among several distrustful parties.

References:

[1] Giuseppe Ateniese, Bernardo Magri, Daniele Venturi, and Ewerton Andrade, "Redactable Blockchain or Rewriting History in Bitcoin and Friends," https://eprint.iacr.org/2016/757.pdf

[2] Hugo Krawczyk and Tal Rabin, "Chameleon signatures," NDSS, 2000

MSc or PhD level

*Assigned to Artem Fliunt*