Supervision
About
My research focusses on blind lattice-style computations for privacy-preserving
protoocls (mostly Oblivious Pseudorandom Functions). I'm interested more broadly
in
- Real-world cryptography and protocol deployment
- Reverse engineering of cryptographic implementations
- Technology law and policy affecting cryptography and privacy, especially
at EU level.
I'm open to supervising projects based on your own ideas in this area.
Available Projects
Leap
My dissertation focusses on rounded subset-products for post-quantum
cryptography, where
Leap is be the
central theme. Leap is a new Oblivious Pseudorandom Function (OPRF) that
offers better computational performance than traditional elliptic curve
cryptography while aiming for post-quantum security. We're not quite
there yet- there is still a lot of foundational work to be done,
particularly in strengthening its security guarantees, exploring its
theoretical limits, and expanding its capabilities, but also in the area
of efficient implementations. Aside from the thesis below, contact me if
you want to work on a specific part of Leap.
Master Thesis: Verifiable Leap with Zero-Knowledge Proofs
Leap is only proven secure in a semi-honest model, where both the server
and the client do not modify their inputs and only carry out passive
attacks. This significant limitation of the protocol is a result of our
nonstandard techniques.
A standard approach to ensure the server and client behave is adding
zero-knowledge proofs(ZKPs) to the protocol. Your task is to integrate a modern zero-knowledge proof system (such as STARKs, but you are free to explore others) with the Leap protocol.
You will design and implement a protocol extension that makes Leap's
operations verifiable without revealing any secret information.
Zero-Knowledge Group Membership: Hiding
communication patters in MLS
The thesis focusses on how to deploy metadata-hiding group messaging in
a client/server setting. The thesis will focus on the
MLS protocol,
which enables more efficient group messaging while avoiding secure 1:1
channels. More concretely, in the standard MLS protocol every message is
wrapped in a struct that includes a sender index and a signature. While
the sender index is encrypted, traffic analysis from a server may still
be feasible.
The thesis splits into the following parts:
- Analyzing the feasability of traffic analysis Formally
model the threat of traffic analysis by a server and look at the
security guarantees.
- Reading about existing proposals from the literature
You will start by reading about Clarion,
a system which uses shuffling protocols to enable metadata-hiding
comunication, and see how it could be applied to MLS.
- Design and implement a solution for MLS
Based on your literature research, you will design, analyze and
implement a prototype of your protocol.
I recommend joining this thesis with a master project for the practical
part.
How to Apply
Your application email should include:
- A brief introduction and motivation for why you want to work with me.
- An overview of your relevant background and skills (e.g., courses in cryptography, security, mathematics; programming experience).
- The specific project(s) you are interested in.
- A current copy of your transcript of records.
Note for Master's Thesis Applicants: I generally require students to take at least one class with me before starting a Master's thesis. If you haven't, please feel free to apply anyway, and we can discuss a potential pathway.
Supervision Style and Expectations
I travel a lot, usually around four to five months a year for conferences and
collaborations. This requires my students to be independent
and proactive. Our
collaboration may be primarily remote. I'll always do my best
to answer within 24 hours unless communicated otherwise.
Since I ask you to be flexible, I'm also happy to accomodate your
flexibility requirements.
However, if your
preferred working style involves regular, in-person
meetings, I recommend seeking a different supervisor.