## Sedat Akleylek

### Cryptography for Blockchain

(assigned to Serhan Sezgin) The task is read [1,2,3] and write a summary on the cryptographic primitives used in blockchain. [1] https://github.com/MayankRaikwar/SoK-of-Used-Cryptography-in-Blockchain [2] https://ntnuopen.ntnu.no/ntnu-xmlui/bitstream/handle/11250/3013816/Mayank%20Raikwar.pdf?sequence=1 [3] https://arxiv.org/pdf/2201.07188.pdf

### Discrete Gaussian Samplers in Lattice Based Cryptography

(assigned to Valeh Farzaliyev) Lattice-based cryptography is one of the most competitive algorithms in post-quantum algorithms. The discrete Gaussian sampler is a fundamental building block in lattice-based cryptography, but it is still challenging to construct a generic, efficient and secure discrete Gaussian sampler. In this work, we survey the existing discrete Gaussian samplers and summarize the characteristics and improvements of each sampler in detail. In addition, we discuss the evaluation criteria for samplers which we believe that a good scheme should use less precision to achieve the same level of security. The survey can help the reader to focus on the development of discrete Gaussian samplers and apply the discrete Gaussian sampler to lattice-based cryptography in a black-box manner. The aim is to understand the topic, and present a survey on the state-of-the-art. Please check the following paper https://link.springer.com/chapter/10.1007/978-3-031-23098-1_6

### Implementation of ring signature scheme based on multivariate quadratic polynomials

The task is to read about their approach from https://eprint.iacr.org/2020/286, to write a summary and to implement the scheme.

### Implementation of group signature scheme over lattices

In this project, the aim is to implement one of the group signature scheme and to write a summary of the following survey. https://www.mdpi.com/2410-387X/6/1/3#B25-cryptography-06-00003 Quantum one-time programs The task is to read about their approach from https://arxiv.org/pdf/1211.1080.pdf, to write a summary.

### Polynomial Multiplication methods for Lattice-based Cryptographic Schemes

In this project, the aim is to present a survey on the state-of-the-art for polynomial multiplication methods in lattice-based cryptography.

### Graph-based vulnerability and risk assessment models

IoT devices and systems are vulnerable to attacks due to their characteristics. There are various attack and vulnerability assessment studies in the literature to bring persistent and applicable solutions for security concerns in IoT. These studies provide different approaches in terms of network representation and solution techniques. The graph model is one of these representations and technical approaches. An attack graph model shows all possible attack path sequences from the source to the target. Therefore, graph-based models can offer systematic, formal, and strong directions to determine vulnerable points, and they can help to design defense mechanisms. In this seminar, the main goal is to give a literature review with comparison of available models.

### Android Malware Analysis

Various approaches have been proposed to detect Android malware. These are evaluated in three different ways: static analysis, dynamic analysis, and hybrid analysis. In static analysis, source code or application components are analyzed without running applications. In contrast, in dynamic analysis, applications are run by running on a virtual machine or real device. The advantage of static analysis over dynamic analysis is that the analysis is carried out quickly, as the application is not run. However, they are not as effective as dynamic analysis methods against zero-day attacks. Structures, where both dynamic analysis and static analysis are used together, are called hybrid analysis. Due to the analysis methods, many features can be extracted and inferences about the application can be made. In this seminar, the main goal is to give a literature review of dynamic analysis with comparison of available models.

### Cybersecurity in Aviation

Over the past few years, information on hundreds of millions of aviation customers has been stolen in cyber-attacks. In addition to data breaches, airports and aviation applications have also been targeted in ransomware attacks where information and services are made unavailable until a ransom is paid. Aviation experts have expressed concern over potential vulnerabilities in aviation technologies that communicate information between aircraft and with air traffic control and ground services without any authentication or encryption. This could allow the injection of false messages and ghost aircraft. In this seminar, the main goal is to give a literature review with comparison of available models. https://erau.edu/degrees/master/aviation-cybersecurity

## Denis Firsov, Ahto Truu

### Formally Verified Cryptography (End-to-End)

EasyCrypt is an interactive theorem prover which allows users to describe and prove mathematical properties of cryptographic protocols. Unfortunately, protocols implemented in EasyCrypt are not directly executable. The Jasmin compiler is a workbench aimed to overcome that hurdle.

The task of this seminar topic is to investigate the relationship between EasyCrypt and Jasmin environments. An additional challenge might be to pick and implement a simple protocol in these tools.

In case of mutual interest, it’s possible to follow up with an MSc thesis.

EasyCrypt: https://github.com/EasyCrypt/easycrypt

Jasmin: https://github.com/jasmin-lang/jasmin/wiki

Level: MSc students

## Arnis Paršovs

### Applied cyber security topics

Applied cyber security group offers research seminar supervision on various cyber security-related topics for students who are interested in more applied research that may involve hands-on activities as well. Various hardware can be provided to students for experiments. Students who are doing applied research must still describe the research they have performed in a seminar report and convince the supervisor that the work done is worth 3 ECTS (~78 hours of work). Students are welcome to contact Arnis Paršovs (arnis.parsovs@ UT) with their seminar topic ideas.

Recommended prerequisites: Applied Cryptography (MTAT.07.017) / Wireless Technologies and Security (LTAT.04.009)

Level:BSc, MSc or PhD

!!! Implementing GSM Network Attacks

Though 5G is the newest technology designed for cellular networks, GSM (2G) networks are still used today. Over the years, many vulnerabilities were identified in GSM leading to various exploits and attack tools. For example, Kraken - a tool designed to crack A5/1 keys. More recently, SDR has been used to receive data transmitted by GSM devices and to create base stations which can be used to execute MiTM attacks.

The aim of this project would be to research the various tools (hardware and software) that can be used to analyse GSM data and to implement a tool that is capable of identifying and decrypting the network traffic of a GSM device.

Assigned to: Danielle Morgan

## Reverse proxy based MFA bypass methods

(assigned to Geron Perens) Tools like Evilginx2 have led to the rise of cyber attacks where victims' sessions are proxyfied and therefore one-time-password based MFA is bypassed with relative ease. This has enabled some criminal groups to even offer Phishing-As-A-Service in the Dark Web, making the barrier to entry low for an attack vector that was until now considered quite technical.

Task is to research the current threat landscape around this attack vector to identify how easily it is available for bad actors, what is the root cause of the vulnerability and what possible mitigation steps companies and individuals can take to protect themselves against this type of an attack.

## Vitaly Skachek

### Surveillance and monitoring of the internet: how is it done?

It is a folklore that governments in various countries monitor internet activities of the general population. However, the efficient surveillance of the whole population is a difficult and resource-demanding process. In this project, a student will research into the existing methodology for surveillance of the general internet users, the technical challenges involved, and the extent to which different countries go in this context.

Some initial links for reading:

https://cabar.asia/en/the-hidden-side-of-the-internet-how-governments-track-populations

BSc or MSc level

### Security Comparisons and Performance Analyses of Post-Quantum Signature Algorithms

Quantum computing challenges the computational hardness assumptions anchoring the security of public-key ciphers, such as the prime factorization and the discrete logarithm problem. To prepare for the quantum era and withstand the attacks equipped with quantum computing, the security and cryptography communities are designing new quantum-resistant public-key ciphers. National Institute of Standards and Technology (NIST) is collecting and standardizing the postquantum ciphers, similarly to its past involvements in establishing DES and AES as symmetric cipher standards. The NIST finalist algorithms for public-key signatures are Dilithium, Falcon, and Rainbow. In this project, the student will discuss the strengths and the weaknesses of each of these algorithms.

Initial reading:

MSc or PhD level

## Dominique Unruh

### Security proofs in EasyCrypt

When checked by humans, the security of proofs for cryptographic protocols are inherently error-prone. One way out is to use formal (i.e., computer-aided) verification. Probably the most popular tool today for this purpose is EasyCrypt, which allows us to interactively design a proof that the computer will be able to understand and check.

The goal of this seminar topic can either be to read and understand a research paper about EasyCrypt (e.g., the verification of a concrete protocol), or a paper about work on EasyCrypt itself (e.g., recent work on supporting quantum proofs), or to do security proofs in EasyCrypt (simple ones).

Requirements: (negotiable) Crypto I, if possible Crypto II. Or something related to theorem proving.

### Comparison of theorem provers for cryptographic protocols

When checked by humans, the security of proofs for cryptographic protocols are inherently error-prone. One way out is to use formal (i.e., computer-aided) verification. Several frameworks for such verification exist these days, such as EasyCrypt, CertiCrypt, CryptoVerif, Foundational Cryptography Framework, CryptHOL, qrhl-tool, etc. The task of this thesis is to survey and compare the existing approaches, and to identify and study their respective strengths and weaknesses.

Supervisor: Dominique Unruh

Requirements: (negotiable) Crypto I, if possible Crypto II. Or something related to theorem proving.

### Anything related to MSc thesis with Dominique

If you have a certain thesis topic in mind related to my research field, you can do a research seminar topic in that direction. Please discuss your ideas with me directly. (Quantum crypto, verification, theorem proving, quantum stuff, crypto, ...)

Supervisor: Dominique Unruh

### NIST postquantum crypto protocols

Over the last years, NIST (the US National Institute for standards and technology) has driven the process of selecting candidates for standardization of post-quantum secure cryptographic protocols. Several protocols have been selected (CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, SPHINCS+). The task of the seminar is to present one of those in detail. Depending on the interests of the student, this can focus more on implementation issues or theoretical issues, but an in-depth understanding of the protocol should in each case be attained. Requirements: Crypto I, depending on the focus also Quantum Crypto

### A quantum protocol

Quantum protocols use quantum mechanics to do something that cannot be done classically. The task here is to present one interesting protocol. I haven't picked a concrete one, this could be done together with the student. Requirements: Quantum Crypto (probably OK if in progress)

## Jan Willemson

### Personal key management token for post-quantum cryptography

(assigned to Sander Mikelsaar) Even though the first quantum-safe algorithms have been standardised in 2022, the road towards their practical deployment is still long and windy. It will take several years before the vendors design, produce and certify hardware tokens for private key management. In the meantime, the best we can do is to build makeshift devices that can generate, store and use post-quantum keys. Thus, the task for this project is to take a microcontroller platform (I propose ESP32, but we can negotiate that), port a PQC algorithm of your choice to it and integrate the result into an authentication or key exchange protocol.

## Toomas Krips

### Gentle noise flooding

(Given to Mathias Plans) Secure computation allows us to evaluate some function on private inputs such that only the output and what can be deduced from that can be learned. One potential avenue for secure computation is fully homomorphic computation. In FHE, we have addition and multiplication defined over both the set of plaintexts and ciphertexts with the property that Enc(a)+Enc(b)=Enc(a+b) and Enc(a)*Enc(b)=Enc(a*b), loosely speaking. However, the typical security properties that an encryption scheme has is not sufficient for FHE to be used for secure computation. Namely, there is no guarantee that the output does not leak anything about the inputs, given that the party obtaining the output also has the secret key. For example, given an Enc(6) that was obtained by multiplying Enc(a) and Enc(b), we would ideally want that the person decrypting would not be able to tell if this Enc(6) was obtained by multiplying Enc(2) by Enc(3) or by multiplying Enc(1) by Enc(6). The property that one is not able to tell anything about how a homomorphic ciphertext was formed is called circuit privacy. It turns out that most partially homomorphic schemes naturally have circuit privacy, but fully homomorphic ones tend to not have, because there one can get information about the intermediate results from the shape of the noise. The typical solution to mitigate this issue has been a technique called noise flooding, where one adds the encryption of 0 with a noise that is many orders of magnitude larger than the previous noise, thus hiding the information inside the noise. This is not very efficient, however, because it makes the ciphertexts much bigger. Recently, a much efficient solution to this was proposed in the paper "Asymptotically Quasi-Optimal Cryptography" (https://link.springer.com/chapter/10.1007/978-3-031-06944-4_11) by Castro, Hazay, Ishai, Vaikuntanathan and Venkitasubramaniam. The solution is called gentle noise flooding, which apparently manages to do noise flooding with noise that is in the same order of magnitude as the original noise. The task of the student is to read the paper and write a report about this 'gentle noise flooding' technique. The paper seems to also talk about other things but the focus of the report should be about this technique.

Level: Master/PhD

## Jaan Priisalu

### OPTIMAL ORDER OF ZERO TRUST IMPLEMENTATION IN AN E-ITS COMPLIANT ESTONIAN GOVERNMENT AGENCY

Assigned to Peeter Vahe