Applied Cryptography Group

Search

EN

Master's Theses

Available Projects

Students interested in a thesis with the group are kindly requested to send their transcript of records, along with a CV highlighting any relevant experience in cryptography, and either a preferred topic from the proposals below or a description of their interests within cryptography, to the contact noted under Student Projects.

Last updated: 12.03.2026

Data compression is widely used to reduce the size of data in order to save storage and communication costs by identifying and removing redundancy. This process is inherently data-dependent, meaning that the output, both in content and length, varies greatly depending on the data which is being compressed. Consequently, compression can cause information leakage even if the resulting compressed data is encrypted. For example, the length of the output may reveal information about the redundancy of the data, a leakage vector that is known as the compression side channel [Kel02] and has been featured in multiple exploits, including the CRIME [RD12] and BREACH [GHP13] attacks against HTTPS.

Existing compression side-channel attacks mainly focussed on the DEFLATE algorithm [Deu96], which was proposed in 1990. While DEFLATE is still widely in use, two modern compression algorithms, brotli [AFF+19] and Zstandard [Zst], have generally better performance than DEFLATE and are gaining wider adoption in recent years. Some other compression algorithms are also preferred to DEFLATE in certain applications, either because they have better speed (e.g. LZ4 and Snappy) or because they achieve better compression ratios (e.g. LZMA and bzip2). A natural research problem is to investigate to which extent these compression algorithms are susceptible to compression side-channel attacks.

In this project, we will develop techniques for exploiting compression side channels in brotli, Zstandard, and, if time allows, some other compression algorithms that we find interesting. A primary focus is on amplification, which requires crafting adversarial input to the compressor such that the length of the compressed data changes drastically with regard to small changes in the input. Our starting point is adapting the existing techniques for exploiting DEFLATE [Son24], but it is also important to leverage features that are unique to the compression algorithms we study. In addition, we will try to exploit the
numerous heuristics-based engineering optimizations in the reference compressor implementations.

Since many compression algorithms lack formal descriptions, the student needs to be comfortable with reading source code in C. No prior experience in cryptography is required.

References:

[AFF+19] Jyrki Alakuijala, Andrea Farruggia, Paolo Ferragina, Eugene Kliuchnikov, Robert Obryk, Zoltan Szabadka, and Lode Vandevenne. Brotli: A general-purpose data compressor. ACM Trans. Inf. Syst., 37(1):4:1–4:30, 2019.

[Deu96] L. Peter Deutsch. DEFLATE compressed data format specification version 1.3. RFC 1951, 1996.

[GHP13] Yoel Gluck, Neal Harris, and Angelo Prado. BREACH: Reviving the CRIME attack. Black Hat, 2013. external page https://www.breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf.

[Kel02] John Kelsey. Compression and information leakage of plaintext. In FSE, volume 2365 of Lecture Notes in Computer Science, pages 263–276. Springer, 2002. external page https://link.springer.com/chapter/10.1007/3-540-45661-9_21.

[RD12] Juliano Rizzo and Thai Duong. The CRIME attack. Ekoparty, 2012. external page https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU.

[Son24] Yuanming Song. Refined techniques for compression side-channel attacks. Master’s thesis, ETH Zurich, April 2024. https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/masters-thesis_yuanming-song.pdf.

[Zst] Zstandard. external page https://facebook.github.io/zstd/.

Ongoing Projects

(We recommend students currently doing a project in our group to use this Download LaTeX template for writing their thesis.)

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Rune Fiedler)

This project examines the security of the SimpleX messaging system, which markets itself as “the world’s most secure messaging” and claims stronger privacy guarantees than well-known messengers like Signal, especially regarding metadata, profiles, and contacts. Despite a recent external review by Trail of Bits that reported no major issues, SimpleX’s ambitious claims and distinctive design (including stronger metadata-hiding goals) warrant a deeper, independent analysis.
The main task is to reverse-engineer and understand the internal protocols and system architecture of SimpleX, then abstract these into clear models suitable for security analysis. Using these abstractions, one can search for weaknesses (for example in how metadata is hidden or how components interact) and/or attempt to construct formal security proofs. Any vulnerabilities found will be documented and disclosed responsibly to the developers. The thesis will focus on explaining how SimpleX’s systems work, presenting the identified security properties and potential issues (or formal guarantees, if proven), and discussing the scope and limits of the security analysis rather than narrating the full step-by-step investigative process.

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Lenka Mareková)

This project contributes to the group's ongoing work on developing a secure smartphone-based communication tool for humanitarian workers that works even in areas with no internet, cellular, or satellite connectivity. Building on an existing prototype that already supports routing, delay-tolerant networking, and basic performance measurement, the next phase focuses on integrating cryptographic security from the link layer up to the application layer. At the same time, the networking stack must be improved to run reliably in the background and to meet new requirements imposed by the cryptographic protocols, while performance overheads and bottlenecks are systematically evaluated.

The system must function in diverse and sometimes restrictive field environments, leading to unusual security requirements. The project’s goals are to improve usability (e.g., background operation), contribute to the design and implementation of the application-layer protocols, and extend experimental evaluation of performance and security, with insights from implementation feeding back into the overall protocol design.

 

Completed Projects

2026

Andris Suter-Dörig. Breaking SEPPmail: A Case Study of Email Encryption in the Wild. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.

2025

Andrea Raguso. Analyzing Private Set Union and Data Join Functionalities. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Francesca Falzon.

Marc Himmelberger. Implementing and Evaluating Quantum-Safe Fully Encrypted Protocols [Download pdf (PDF, 1.7 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Shannon Veitch, Dr. Felix Günther (IBM Research, Zurich).

Emanuel Opel. Shamir Secret (Over)sharing, in the Wild. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.

Giovanni Torrisi. Common Pitfalls in End-to-End Encrypted Password Managers. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.

Damiano Mombelli. General-Purpose Zero-Knowledge Proofs for Verifiable Credentials [Download pdf (PDF, 898 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Martin Burkhart (Armasuisse).

Moritz Teichner. Bandwidth-Efficient Multi-Server Oblivious Message Retrieval. Supervisor: Prof. Kenny Paterson, Co-supervisor: Laura Hetz.

2024

Nicola Dardanis. Bridging the Gap: Design and Implementation of Secure Shared Folders [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.

Antonino Orofino. An Investigation of VPN Fingerprinting. Supervisor: Prof. Kenny Paterson, Co-supervisors: Shannon Veitch, Dr. Lenka Mareková.

Valentina Iliescu. Multi-Device Password Hardening [Download pdf (PDF, 488 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Matilda Backendal.

Cedric Gebistorf. Breaking Cryptography in the Wild: PrivateStorage [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.

Yuanming Song. Refined Techniques for Compression Side-Channel Attacks [Download pdf (PDF, 910 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Lenka Mareková.

Jonas Hofmann. Breaking Cryptography in the Wild: Cloud Storage. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.

Noah Schmid. Breaking Cryptography in the Wild: Rocket.Chat [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Jan Gilcher.

Aurel Feer. Privacy Preserving String Search using Homomorphic Encryption [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Zichen Gui.

Léa Micheloud. Securing Cloud Storage with OpenPGP: An Analysis of Proton Drive [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Daniel Huigens (Proton AG, Zurich).

2023

Daniel Pöllmann. Differential Obliviousness and its Limitations. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Tianxin Tang.

Andreas Tsouloupas. Breaking Cryptography in the Wild: Double-Ratchet Mutations [Download pdf (PDF, 966 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Kien Tuong Truong.

Thore Göbel. Security Analysis of Proton Key Transparency [Download pdf (PDF, 1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Daniel Huigens (Proton AG, Zurich), Felix Linker.

Sina Schaeffler. Algorithms for Quaternion Algebras in SQIsign [Download pdf (PDF, 664 KB)]Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Luca De Feo (IBM Research, Zurich).

Lucas Dodgson. Post-Quantum building blocks for secure computation - the Legendre OPRF [Download pdf (PDF, 862 KB)]Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).

Mirco Stäuble. Mitigating Impersonation Attacks on Single Sign-On with Secure Hardware [Download pdf (PDF, 2.1 MB)]Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).

Younis Khalil. Implementing a Forward-Secure Cloud Storage System [Download pdf (PDF, 5.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Matilda Backendal.

Andrei Herasimau. Formal Verification of the "Crypto Refresh" Update to the OpenPGP Standard [Download pdf (PDF, 695 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Daniel Huigens (Proton Mail).

Benjamin Fischer. Privacy-Preserving Federated Learning for Cyber Threat Intelligence Sharing [Download pdf (PDF, 3.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Juan R. Troncoso-​Pastoriza (Tune Insight SA).

Pascal Schärli. Security Assessment of the Sharekey Collaboration App [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Bernhard Tellenbach (Armasuisse).

Lena Csomor. Bridging the Gap between Privacy Incidents and PETs [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand, Shannon Veitch.

2022

Ran Liao. Linear-​Time Zero-​Knowledge Arguments in Practice. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Jonathan Bootle (IBM Research, Zurich).

Christian Knabenhans. Practical Integrity Protection for Private Computations [Download pdf (PDF, 873 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand.

Ella Kummer. Counting filters in adversarial settings [Download pdf (PDF, 943 KB)]. Supervisor. Prof. Kenny Paterson, Co-supervisors: Dr. Anupama Unnikrishnan, Mia Filić.

Massimiliano Taverna. Breaking Cryptography in the Wild: Web3 [Download pdf (PDF, 1.4 MB)]Supervisor: Prof. Kenny Paterson.

Giacomo Fenzi. Klondike: Finding Gold in SIKE [Download pdf (PDF, 7.6 MB)]Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Fernando Virdia.

Kien Tuong Truong. Breaking Cryptography in the Wild: Threema [Download pdf (PDF, 824 KB)]Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.

Jonas Meier. Diophantine Satisfiability Arguments for Private Blockchains [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Patrick Towa.

Marc Ilunga. Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol [Download pdf (PDF, 1.2 MB)]Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Robertas Maleckas. Cryptography in the Wild: Analyzing Jitsi Meet [Download pdf (PDF, 996 KB)]Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.

Miro Haller. Cloud Storage Systems: From Bad Practice to Practical Attacks [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matilda Backendal.

Lorenzo Laneve. Quantum Random Walks [pdf]. Joint supervisor: Prof. Kenny Paterson.

Florian Moser. Swiss Internet Voting [pdf]. Supervisor: Prof. Kenny Paterson.

2021

Moritz Winger. Automated Hybrid Parameter Selection & Circuit Analysis for FHE [pdf]. Joint supervisor: Prof. Kenny Paterson, Co-supervisor: Alexander Viand.

Tijana Klimovic. Modular Design of the Messaging Layer Security (MLS) Protocol [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Igors Stepanovs.

Radwa Abdelbar. Post-Quantum KEM-based TLS with Pre-Shared Keys [Download pdf (PDF, 972 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Dr. Patrick Towa.

Raphael Eikenberg. Breaking Bridgefy, Again [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.

Andreas Pfefferle. Security Analysis of the Swiss Post’s E-Voting Implementation. Supervisor: Prof. Kenny Paterson.

Mihael Liskij. Survey of TLS 1.3 0-RTT Usage [Download pdf (PDF, 803 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Nicolas Klose. Characterizing Notions for Secure Cryptographic Channels [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Alexandre Poirrier. Continuous Authentication in Secure Messaging [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Benjamin Dowling, Dr. Felix Günther.

Luca Di Bartolomeo. ArmWrestling: efficient binary rewriting for ARM [Download pdf (PDF, 661 KB)]. Joint Supervisor: Prof. Kenny Paterson.

2020

Matteo Scarlata. Post-Compromise Security and TLS 1.3 Session Resumption [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Benjamin Dowling.

Anselme Goetschmann. Design and Analysis of Graph Encryption Schemes [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Sikhar Patranabis.

Lara Bruseghini. Analysis of the OpenPGP Specifications and Usage. Joint Supervisor: Prof. Kenny Paterson.

Semira Einsele. Average Case Error Estimates of the Strong Lucas Probable Prime Test [Download pdf (PDF, 893 KB)]. Joint Supervisor: Prof. Kenny Paterson.

Jan Gilcher. Constant-Time Implementation of NTS-KEM [Download pdf (PDF, 3.2 MB)]. Supervisor: Prof. Kenny Paterson. 

JavaScript has been disabled in your browser