Master's Theses
Available Projects
Students interested in a thesis with the group are kindly requested to send their transcript of records, along with a CV highlighting any relevant experience in cryptography, and either a preferred topic from the proposals below or a description of their interests within cryptography, to the contact noted under Student Projects.
Last updated: 03.07.2025
This student project's aim is to contribute to an ongoing, larger project focused on developing a secure mesh messaging application for the International Committee of the Red Cross [1]. We want to build an application that enables field workers to communicate via smartphones in areas lacking internet or phone connectivity, without requiring additional hardware. Previous student projects have already developed a prototype mobile application that implements the networking layer, including routing and delay-tolerant networking, using peer-to-peer WiFi connections on both major mobile platforms.
The next phase of the project involves building upon this by integrating security mechanisms (which we are currently developing), as well as conducting an experimental evaluation of the application. These security mechanisms encompass all parts of the technology stack, ranging from basic authentication and key exchange protocols to group messaging protocols, so it's a great opportunity to see how cryptography gets implemented in practice.
The student project thus includes prototyping on mobile platforms, implementing cryptographic protocols, and conducting performance tests to assess the application's real-world effectiveness. Familiarity with Android and/or iOS app development in general, as well as React Native in particular, would be advantageous. However, it is not a strict requirement for highly motivated students eager to learn.
References
A password manager allows users to use strong passwords for different services while only remembering a single master password. A popular password manager is 1Password [1]. 1Password documented the inner workings of their system in a Whitepaper [2]. To authenticate users, 1Password uses cryptographic building block called Password-Authenticated Key Exchange (PAKE); concretely, it deploys the Secure Remote Password (SRP) protocol [3]. While PAKEs are well-studied in the cryptographic literature, 1Password does not merely use SRP for password authentication. They combine it with other user secrets to allegedly prevent offline password guessing attacks. They call their mechanism PAKE with two-secret key derivation (PAKE+2SKD).The goal of this thesis is to formally study PAKE+2SKD ands its usage in 1Password. In the course of the thesis, the student will derive an adequate security model to capture the expected behavior of 1Password. In a second step, the student will extract a description of the cryptographic core of 1Password's system from the Whitepaper, i.e., a description of the protocol suitable for cryptographic analysis. Lastly, the student will write a formal security argument for the concrete protocol that 1Password is using, and describe any attacks that are discovered while attempting the security proof.
The thesis is to be conducted during a 6 month internship at the IBM Research lab in Rüschlikon, in the Foundational Cryptography research group.
References
[1] external page 1password.com
[2] external page https://1passwordstatic.com/files/security/1password-white-paper.pdf
[3] external page https://ia.cr/2023/1457
Ongoing Projects
(We recommend students currently doing a project in our group to use this Download LaTeX template for writing their thesis.)
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Matteo Scarlata)
This project focuses on evaluating the security of communication services used in sensitive sectors like government and healthcare, which are prime targets for cyber attacks. It examines tools such as Olvid, Wire, and Wickr, which provide secure messaging solutions for governments, as well as encrypted email systems like Germany’s KIM and Switzerland’s SEPPmail, widely used in healthcare. The project aims to define the security properties these systems should meet and assess their compliance through a review of source code and technical documentation, leveraging the partial open-source nature of many tools. Special attention is given to protocols like Messaging Layer Security (MLS) and encryption standards such as OpenPGP and S/MIME. The ultimate goal is to identify potential vulnerabilities and ensure these communication systems are robust against threats in their respective environments.
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Francesca Falzon)
Private set intersection (PSI) is a secure computation method allowing multiple parties to find the intersection of their item sets without revealing non-intersecting items, and it has been extended to support additional computations like intersection cardinality and payload sums. PSI applications include contact tracing and ad conversion tracking, with companies like Google deploying PSI-like solutions for private ad click counting. However, despite robust security, PSI protocols can inadvertently leak information through their output. Recent studies have shown that input privacy can be compromised in PSI-Cardinality protocols with minimal protocol invocations. This project aims to analyze complex protocols like Meta’s Multi-Key Private Match to develop attacks that maximize information extraction with minimal invocations, and subsequently devise mitigation strategies based on these findings.
(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Shannon Veitch, Dr. Felix Günther)
The project seeks to address the rising threat posed by quantum computing to traditional encryption schemes by developing and testing a quantum-safe adaptation of the obfs4 protocol, referred to as pq-obfs. Fully Encrypted Protocols (FEPs) like obfs4, Shadowsocks, and VMess are designed to enhance privacy and circumvent internet censorship by obfuscating data streams to appear as uniformly random sequences, making them difficult to detect and filter by network middleboxes. The project focuses on integrating pq-obfs into the current obfs4 framework, utilizing post-quantum cryptographic techniques, such as NIST-standardized ML-KEM for key exchange, to ensure that even in the advent of quantum computers, the security and confidentiality of communications remain intact. This involves implementing a novel encoding algorithm for mapping public keys and ciphertexts to random byte strings, assessing trade-offs between encoding strategies, and evaluating the performance, efficiency, and censorship resilience of the pq-obfs protocol within aggressive network filtering environments.
Key objectives of this thesis include examining how seamlessly pq-obfs can be incorporated into existing obfs4 implementations and identifying the main challenges associated with this adaptation. The project will explore the trade-offs in encoding strategies for KEM public keys and ciphertexts, analyzing their impact on the protocol’s efficiency and security. Additionally, the study aims to assess the protocol's resilience against censorship in regions with stringent network filtering, contributing to the broader goal of maintaining secure and private communications in a future where quantum computing could potentially compromise current cryptographic standards.
Completed Projects
2025
Emanuel Opel. Shamir Secret (Over)sharing, in the Wild. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Giovanni Torrisi. Common Pitfalls in End-to-End Encrypted Password Managers. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.
Damiano Mombelli. General-Purpose Zero-Knowledge Proofs for Verifiable Credentials [Download pdf (PDF, 898 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Martin Burkhart (Armasuisse).
Moritz Teichner. Bandwidth-Efficient Multi-Server Oblivious Message Retrieval. Supervisor: Prof. Kenny Paterson, Co-supervisor: Laura Hetz.
2024
Nicola Dardanis. Bridging the Gap: Design and Implementation of Secure Shared Folders [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.
Antonino Orofino. An Investigation of VPN Fingerprinting. Supervisor: Prof. Kenny Paterson, Co-supervisors: Shannon Veitch, Dr. Lenka Mareková.
Valentina Iliescu. Multi-Device Password Hardening [Download pdf (PDF, 488 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Matilda Backendal.
Cedric Gebistorf. Breaking Cryptography in the Wild: PrivateStorage [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Yuanming Song. Refined Techniques for Compression Side-Channel Attacks [Download pdf (PDF, 910 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Lenka Mareková.
Jonas Hofmann. Breaking Cryptography in the Wild: Cloud Storage. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Noah Schmid. Breaking Cryptography in the Wild: Rocket.Chat [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Jan Gilcher.
Aurel Feer. Privacy Preserving String Search using Homomorphic Encryption [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Zichen Gui.
Léa Micheloud. Securing Cloud Storage with OpenPGP: An Analysis of Proton Drive [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Daniel Huigens (Proton AG, Zurich).
2023
Daniel Pöllmann. Differential Obliviousness and its Limitations. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Tianxin Tang.
Andreas Tsouloupas. Breaking Cryptography in the Wild: Double-Ratchet Mutations [Download pdf (PDF, 966 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Kien Tuong Truong.
Thore Göbel. Security Analysis of Proton Key Transparency [Download pdf (PDF, 1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Daniel Huigens (Proton AG, Zurich), Felix Linker.
Sina Schaeffler. Algorithms for Quaternion Algebras in SQIsign [Download pdf (PDF, 664 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Luca De Feo (IBM Research, Zurich).
Lucas Dodgson. Post-Quantum building blocks for secure computation - the Legendre OPRF [Download pdf (PDF, 862 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).
Mirco Stäuble. Mitigating Impersonation Attacks on Single Sign-On with Secure Hardware [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).
Younis Khalil. Implementing a Forward-Secure Cloud Storage System [Download pdf (PDF, 5.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Matilda Backendal.
Andrei Herasimau. Formal Verification of the "Crypto Refresh" Update to the OpenPGP Standard [Download pdf (PDF, 695 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Daniel Huigens (Proton Mail).
Benjamin Fischer. Privacy-Preserving Federated Learning for Cyber Threat Intelligence Sharing [Download pdf (PDF, 3.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Juan R. Troncoso-Pastoriza (Tune Insight SA).
Pascal Schärli. Security Assessment of the Sharekey Collaboration App [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Bernhard Tellenbach (Armasuisse).
Lena Csomor. Bridging the Gap between Privacy Incidents and PETs [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand, Shannon Veitch.
2022
Ran Liao. Linear-Time Zero-Knowledge Arguments in Practice. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Jonathan Bootle (IBM Research, Zurich).
Christian Knabenhans. Practical Integrity Protection for Private Computations [Download pdf (PDF, 873 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand.
Ella Kummer. Counting filters in adversarial settings [Download pdf (PDF, 943 KB)]. Supervisor. Prof. Kenny Paterson, Co-supervisors: Dr. Anupama Unnikrishnan, Mia Filić.
Massimiliano Taverna. Breaking Cryptography in the Wild: Web3 [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson.
Giacomo Fenzi. Klondike: Finding Gold in SIKE [Download pdf (PDF, 7.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Fernando Virdia.
Kien Tuong Truong. Breaking Cryptography in the Wild: Threema [Download pdf (PDF, 824 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.
Jonas Meier. Diophantine Satisfiability Arguments for Private Blockchains [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Patrick Towa.
Marc Ilunga. Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol [Download pdf (PDF, 1.2 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Robertas Maleckas. Cryptography in the Wild: Analyzing Jitsi Meet [Download pdf (PDF, 996 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.
Miro Haller. Cloud Storage Systems: From Bad Practice to Practical Attacks [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matilda Backendal.
Lorenzo Laneve. Quantum Random Walks [pdf]. Joint supervisor: Prof. Kenny Paterson.
Florian Moser. Swiss Internet Voting [pdf]. Supervisor: Prof. Kenny Paterson.
2021
Moritz Winger. Automated Hybrid Parameter Selection & Circuit Analysis for FHE [pdf]. Joint supervisor: Prof. Kenny Paterson, Co-supervisor: Alexander Viand.
Tijana Klimovic. Modular Design of the Messaging Layer Security (MLS) Protocol [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Igors Stepanovs.
Radwa Abdelbar. Post-Quantum KEM-based TLS with Pre-Shared Keys [Download pdf (PDF, 972 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Dr. Patrick Towa.
Raphael Eikenberg. Breaking Bridgefy, Again [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.
Andreas Pfefferle. Security Analysis of the Swiss Post’s E-Voting Implementation. Supervisor: Prof. Kenny Paterson.
Mihael Liskij. Survey of TLS 1.3 0-RTT Usage [Download pdf (PDF, 803 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Nicolas Klose. Characterizing Notions for Secure Cryptographic Channels [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Alexandre Poirrier. Continuous Authentication in Secure Messaging [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Benjamin Dowling, Dr. Felix Günther.
Luca Di Bartolomeo. ArmWrestling: efficient binary rewriting for ARM [Download pdf (PDF, 661 KB)]. Joint Supervisor: Prof. Kenny Paterson.
2020
Matteo Scarlata. Post-Compromise Security and TLS 1.3 Session Resumption [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Benjamin Dowling.
Anselme Goetschmann. Design and Analysis of Graph Encryption Schemes [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Sikhar Patranabis.
Lara Bruseghini. Analysis of the OpenPGP Specifications and Usage. Joint Supervisor: Prof. Kenny Paterson.
Semira Einsele. Average Case Error Estimates of the Strong Lucas Probable Prime Test [Download pdf (PDF, 893 KB)]. Joint Supervisor: Prof. Kenny Paterson.
Jan Gilcher. Constant-Time Implementation of NTS-KEM [Download pdf (PDF, 3.2 MB)]. Supervisor: Prof. Kenny Paterson.