Arnis Paršovs
Applied cyber security topics
Applied cyber security group offers research seminar supervision on various cyber security-related topics for students who are interested in more applied research that may involve hands-on activities as well. Various hardware can be provided to students for experiments. Students who are doing applied research must still describe the research they have performed in a seminar report and convince the supervisor that the work done is worth 3 ECTS (~78 hours of work). Students are welcome to contact Arnis Paršovs (arnis.parsovs@ UT) with their seminar topic ideas.
Recommended prerequisites: Applied Cryptography (MTAT.07.017) / Wireless Technologies and Security (LTAT.04.009)
Level:BSc, MSc or PhD
Implementing an iOS Kernel Exploit
In 2019 the Google Threat Analysis Group (TAG) discovered a collection of hacked websites that were used in a watering hole attack against their visitors using iOS 0-day vulnerabilities. TAG together with the Google Zero Project analysed these attacks and discovered a total of 14 vulnerabilities used across five different exploit chains. The Google Zero Project published a series of blog posts describing these five iOS exploit chains in detail. In 2020 Secfault Security published a writeup based on one of these exploit chains describing how an iOS kernel exploit could be written from scratch.
The aim of this project is to follow the writeup and the description of the five exploit chains to write a working iOS exploit for an iOS version covered by at least one of these exploit chains.
Assigned to: Kristiina Rahkema
Security analysis of Alexela Haagis bluetooth unlock mechanism
Alexela Haagis is a mobile app with the assistance of which it is possible to rent for oneself a suitable trailer. In the trailer booking process, the app unlocks the trailer by using a bluetooth connection between the user's mobile device and the bluetooth lock. The aim of this project is to determine the protocol used to unlock the bluetooth lock and assess its security against common types of attacks.
Assigned to: Petr Hanak
Denis Firsov, Ahto Truu
Formally Verified Cryptography (End-to-End)
EasyCrypt is an interactive theorem prover which allows users to describe and prove mathematical properties of cryptographic protocols. Unfortunately, protocols implemented in EasyCrypt are not directly executable. The Jasmin compiler is a workbench aimed to overcome that hurdle.
The task of this seminar topic is to investigate the relationship between EasyCrypt and Jasmin environments. An additional challenge might be to pick and implement a simple protocol in these tools.
In case of mutual interest, it’s possible to follow up with an MSc thesis.
EasyCrypt: https://github.com/EasyCrypt/easycrypt
Jasmin: https://github.com/jasmin-lang/jasmin/wiki Level: MSc students
Toomas Krips
Gentle noise flooding
(Given to Mathias Plans) Secure computation allows us to evaluate some function on private inputs such that only the output and what can be deduced from that can be learned. One potential avenue for secure computation is fully homomorphic computation. In FHE, we have addition and multiplication defined over both the set of plaintexts and ciphertexts with the property that Enc(a)+Enc(b)=Enc(a+b) and Enc(a)*Enc(b)=Enc(a*b), loosely speaking. However, the typical security properties that an encryption scheme has is not sufficient for FHE to be used for secure computation. Namely, there is no guarantee that the output does not leak anything about the inputs, given that the party obtaining the output also has the secret key. For example, given an Enc(6) that was obtained by multiplying Enc(a) and Enc(b), we would ideally want that the person decrypting would not be able to tell if this Enc(6) was obtained by multiplying Enc(2) by Enc(3) or by multiplying Enc(1) by Enc(6). The property that one is not able to tell anything about how a homomorphic ciphertext was formed is called circuit privacy. It turns out that most partially homomorphic schemes naturally have circuit privacy, but fully homomorphic ones tend to not have, because there one can get information about the intermediate results from the shape of the noise. The typical solution to mitigate this issue has been a technique called noise flooding, where one adds the encryption of 0 with a noise that is many orders of magnitude larger than the previous noise, thus hiding the information inside the noise. This is not very efficient, however, because it makes the ciphertexts much bigger. Recently, a much efficient solution to this was proposed in the paper "Asymptotically Quasi-Optimal Cryptography" (https://link.springer.com/chapter/10.1007/978-3-031-06944-4_11) by Castro, Hazay, Ishai, Vaikuntanathan and Venkitasubramaniam. The solution is called gentle noise flooding, which apparently manages to do noise flooding with noise that is in the same order of magnitude as the original noise. The task of the student is to read the paper and write a report about this 'gentle noise flooding' technique. The paper seems to also talk about other things but the focus of the report should be about this technique.
Level: Master/PhD
Silent preprocessing for correlated randomness in MPC
(assigned to Sander Mikelsaar)
Secure multiparty computation (MPC) often relies on sources of correlated randomness (for example, Beaver triples) for better efficiency and simplicity. This is particularly useful for MPC with no honest majority, where input-independent correlated randomness enables a lightweight “non-cryptographic” online phase once the inputs are known. However, since the amount of correlated randomness typically scales with the circuit size of the function being computed, securely generating correlated randomness forms an efficiency bottleneck, involving a large amount of communication and storage. The creation of this correlated randomness requires a large amount of work and communication.
Some time ago, Boyle et al proposed a primitive called a "pseudorandom correlation generator" (PCG). This is a primitive that, once created, allows to generate the correlated randomness from short seeds without communication - the so-called 'silent preprocessing'. The creation of a PCG itself should not be too costly in terms of communication either. The task of the student is to read the paper that introduces the concept and write a more easy-to-read and informal overview of the topic - instead of complete proofs there could be intuition on why these things hold.
https://www.bgu.ac.il/~gilboan/publications/PCG-OT-full-version-2019-448.pdf
Level: Master/PhD
Appenzeller to Brie: Efficient Zero-Knowledge Proofs for Mixed-Mode Arithmetic (and Z_2^k)
(assigned to Serhan Sezgin)
Description: Zero-knowledge proofs are highly flexible cryptographic protocols that are an important building block for many secure systems. Typically, these are defined with respect to statements that are formulated as arithmetic operations over a fixed finite field (usually either Z_p(where p is a large prime) or Z_2). This inflexibility is a disadvantage when it comes to complex programs, as some fields are more amenable to express certain operations than others. For example, if elements are expressed bitwise, i.e in Z_2, then comparisons and other bit operations are relatively fast, but integer arithmetic is slow, but if elements are expressed in some Z_p , then it is the opposite. The paper Appenzeller to Brie (full version at https://eprint.iacr.org/2021/750.pdf) tries to bridge this gap. (It also builds ZK for Z_2^k, but that is outside the scope of this task, unless the student is particularly interested in this problem.) The task of the student is to read the paper and the necessary background papers and do a writeup about this conversion.
Level: Master/PhD
Dominique Unruh
Security proofs in EasyCrypt
When checked by humans, the security of proofs for cryptographic protocols are inherently error-prone. One way out is to use formal (i.e., computer-aided) verification. Probably the most popular tool today for this purpose is EasyCrypt, which allows us to interactively design a proof that the computer will be able to understand and check.
The goal of this seminar topic can either be to read and understand a research paper about EasyCrypt (e.g., the verification of a concrete protocol), or a paper about work on EasyCrypt itself (e.g., recent work on supporting quantum proofs), or to do security proofs in EasyCrypt (simple ones).
Requirements: (negotiable) Crypto I, if possible Crypto II. Or something related to theorem proving.
Comparison of theorem provers for cryptographic protocols
When checked by humans, the security of proofs for cryptographic protocols are inherently error-prone. One way out is to use formal (i.e., computer-aided) verification. Several frameworks for such verification exist these days, such as EasyCrypt, CertiCrypt, CryptoVerif, Foundational Cryptography Framework, CryptHOL, qrhl-tool, etc. The task of this thesis is to survey and compare the existing approaches, and to identify and study their respective strengths and weaknesses.
Supervisor: Dominique Unruh
Requirements: (negotiable) Crypto I, if possible Crypto II. Or something related to theorem proving.
Anything related to MSc thesis with Dominique
If you have a certain thesis topic in mind related to my research field, you can do a research seminar topic in that direction. Please discuss your ideas with me directly. (Quantum crypto, verification, theorem proving, quantum stuff, crypto, ...)
Supervisor: Dominique Unruh
Jan Willemson
Besides the big five
Post-quantum cryptography has now been in development for a few years. Most of the research has gone into the "big five" (lattices, codes, multivariate polynimoals, hash-based and isogenies). However, only lattices have made it to the standard so far, and some of these big five are not doing so well (isogeny-based SIDH was recently broken, and multivariate polynomials are crubmling as well). Thus, there is a need to look for more algebraic base constructions. The aim of the project is to dig around in the literature and write a review of what are other alternative apporaches besides the big five. As a possible starting point you may look at https://eprint.iacr.org/2022/1161.pdf , but creative digging in Google Scholar is probably useful, too.
Vitaly Skachek
General survey on post-quantum cryptography
(given to Heikki Santeri Sipilä)
Many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems aim to remain secure even in this scenario. The paper [1] surveys various challenges and approaches in post-quantum cyrptosystem design.
In this project, a student will read [1], and possibly additional relevant papers, and will present a survey on the state-of-the-art in post-quantum crypto.
[1] Daniel J. Bernstein and Tanja Lange, "Post-quantum cryptography", Nature 549, 188–194 (2017). https://doi.org/10.1038/nature23461
BSc, MSc or PhD level
Recent Advances of Blockchain and its Applications
Blockchain is an emerging decentralized data collection, sharing and storage technology, which have provided abundant transparent, secure, tamper-proof, secure and robust ledger services for various real-world use cases. Recent years have witnessed notable developments of blockchain technology itself as well as blockchain-adopting applications. In this project, the student will study and discuss recent advances of both blockchain technology and its most active research topics in the real-world applications.
In this project, a student will read [1], and possibly additional relevant papers, and will present a survey on the state-of-the-art in blockchain technology.
[1] Xiao Li and Weili Wu, "Recent Advances of Blockchain and its Applications", available as Arxiv report at https://arxiv.org/abs/2208.07993
BSc or MSc level
Others
A design for an Intel SGX enclave based implementation of threshold cryptography based authentication
Assigned to Markus Punnar
Building an incident Response Capability in small organizations
Assigned to Zafer Balkan