Master's Theses
Available Projects
Students interested in a thesis with the group are kindly requested to send their transcript of records, along with a CV highlighting any relevant experience in cryptography, and either a preferred topic from the proposals below or a description of their interests within cryptography, to the contact noted under Student Projects.
Last updated: 10.04.2025
A password manager allows users to use strong passwords for different services while only remembering a single master password. A popular password manager is 1Password [1]. 1Password documented the inner workings of their system in a Whitepaper [2]. To authenticate users, 1Password uses cryptographic building block called Password-Authenticated Key Exchange (PAKE); concretely, it deploys the Secure Remote Password (SRP) protocol [3]. While PAKEs are well-studied in the cryptographic literature, 1Password does not merely use SRP for password authentication. They combine it with other user secrets to allegedly prevent offline password guessing attacks. They call their mechanism PAKE with two-secret key derivation (PAKE+2SKD).The goal of this thesis is to formally study PAKE+2SKD ands its usage in 1Password. In the course of the thesis, the student will derive an adequate security model to capture the expected behavior of 1Password. In a second step, the student will extract a description of the cryptographic core of 1Password's system from the Whitepaper, i.e., a description of the protocol suitable for cryptographic analysis. Lastly, the student will write a formal security argument for the concrete protocol that 1Password is using, and describe any attacks that are discovered while attempting the security proof.
The thesis is to be conducted during a 6 month internship at the IBM Research lab in Rüschlikon, in the Foundational Cryptography research group.
References
[1] external page 1password.com
[2] external page https://1passwordstatic.com/files/security/1password-white-paper.pdf
[3] external page https://ia.cr/2023/1457
Ongoing Projects
(We recommend students currently doing a project in our group to use this Download LaTeX template for writing their thesis.)
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Francesca Falzon)
Private set intersection (PSI) is a secure computation method allowing multiple parties to find the intersection of their item sets without revealing non-intersecting items, and it has been extended to support additional computations like intersection cardinality and payload sums. PSI applications include contact tracing and ad conversion tracking, with companies like Google deploying PSI-like solutions for private ad click counting. However, despite robust security, PSI protocols can inadvertently leak information through their output. Recent studies have shown that input privacy can be compromised in PSI-Cardinality protocols with minimal protocol invocations. This project aims to analyze complex protocols like Meta’s Multi-Key Private Match to develop attacks that maximize information extraction with minimal invocations, and subsequently devise mitigation strategies based on these findings.
(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Shannon Veitch, Dr. Felix Günther)
The project seeks to address the rising threat posed by quantum computing to traditional encryption schemes by developing and testing a quantum-safe adaptation of the obfs4 protocol, referred to as pq-obfs. Fully Encrypted Protocols (FEPs) like obfs4, Shadowsocks, and VMess are designed to enhance privacy and circumvent internet censorship by obfuscating data streams to appear as uniformly random sequences, making them difficult to detect and filter by network middleboxes. The project focuses on integrating pq-obfs into the current obfs4 framework, utilizing post-quantum cryptographic techniques, such as NIST-standardized ML-KEM for key exchange, to ensure that even in the advent of quantum computers, the security and confidentiality of communications remain intact. This involves implementing a novel encoding algorithm for mapping public keys and ciphertexts to random byte strings, assessing trade-offs between encoding strategies, and evaluating the performance, efficiency, and censorship resilience of the pq-obfs protocol within aggressive network filtering environments.
Key objectives of this thesis include examining how seamlessly pq-obfs can be incorporated into existing obfs4 implementations and identifying the main challenges associated with this adaptation. The project will explore the trade-offs in encoding strategies for KEM public keys and ciphertexts, analyzing their impact on the protocol’s efficiency and security. Additionally, the study aims to assess the protocol's resilience against censorship in regions with stringent network filtering, contributing to the broader goal of maintaining secure and private communications in a future where quantum computing could potentially compromise current cryptographic standards.
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Kien Tuong Truong)
The project focuses on the security implications of implementing Shamir's secret sharing scheme, originally introduced in 1979. This cryptographic method allows data to be split into multiple pieces, requiring only a subset for reconstruction, and has become fundamental in various applications like secret management systems and cryptocurrency wallets. Despite its simplicity, the protocol's mathematical intricacies can lead to implementation errors in real-world software, as indicated by past findings. With the increasing adoption of secret sharing, the project aims to scrutinize these implementations to assess their security and identify vulnerabilities that could have significant impacts.
The research will begin by analyzing a wide range of open-source repositories using manual and automated techniques, such as black-box testing and CodeQL analysis. Subsequently, the project will focus on applications where such vulnerabilities could have critical consequences, including those related to cryptocurrency, secure file storage, and password management. Any detected weaknesses will be documented, responsibly disclosed to relevant parties, and, if feasible, accompanied by proof-of-concept code to demonstrate potential exploits. The final report will detail the analysis methodology and any identified vulnerabilities, providing insights into their exploitation and potential impacts.
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Matilda Backendal)
This project aims to rigorously analyze the security of Bitwarden, a popular open-source password manager that claims to implement end-to-end encryption (E2EE) to protect user data. Initially, the project will survey the security guarantees of E2EE password managers, comparing Bitwarden's claims with those of its competitors and translating these claims into specific cryptographic goals. Subsequently, the project will delve into Bitwarden's cryptographic protocol by examining its security whitepapers, past audits, and open-source code to create a pseudocode model capturing relevant cryptographic operations. This model will then be analyzed informally to verify whether Bitwarden meets its claimed security properties.
Depending on the findings from the pseudocode analysis, the project will either focus on identifying potential security vulnerabilities or formalizing Bitwarden's security. If vulnerabilities are found, cryptanalysis will be conducted. If Bitwarden appears secure, efforts will shift to fitting its protocol into an existing model for E2EE cloud storage schemes, potentially adapting the model to accommodate Bitwarden's unique features and security goals. The ultimate objective is to provide a formal security proof or adapt the model to better fit the specific needs of password managers.
Completed Projects
2025
Moritz Teichner. Bandwidth-Efficient Multi-Server Oblivious Message Retrieval. Supervisor: Prof. Kenny Paterson, Co-supervisor: Laura Hetz.
2024
Nicola Dardanis. Bridging the Gap: Design and Implementation of Secure Shared Folders [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.
Antonino Orofino. An Investigation of VPN Fingerprinting. Supervisor: Prof. Kenny Paterson, Co-supervisors: Shannon Veitch, Dr. Lenka Mareková.
Valentina Iliescu. Multi-Device Password Hardening [Download pdf (PDF, 488 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Matilda Backendal.
Cedric Gebistorf. Breaking Cryptography in the Wild: PrivateStorage [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Yuanming Song. Refined Techniques for Compression Side-Channel Attacks [Download pdf (PDF, 910 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Lenka Mareková.
Jonas Hofmann. Breaking Cryptography in the Wild: Cloud Storage. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Noah Schmid. Breaking Cryptography in the Wild: Rocket.Chat. Supervisor: Prof. Kenny Paterson, Co-supervisor: Jan Gilcher.
Aurel Feer. Privacy Preserving String Search using Homomorphic Encryption [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Zichen Gui.
Léa Micheloud. Securing Cloud Storage with OpenPGP: An Analysis of Proton Drive [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Daniel Huigens (Proton AG, Zurich).
2023
Daniel Pöllmann. Differential Obliviousness and its Limitations. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Tianxin Tang.
Andreas Tsouloupas. Breaking Cryptography in the Wild: Double-Ratchet Mutations [Download pdf (PDF, 966 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Kien Tuong Truong.
Thore Göbel. Security Analysis of Proton Key Transparency [Download pdf (PDF, 1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Daniel Huigens (Proton AG, Zurich), Felix Linker.
Sina Schaeffler. Algorithms for Quaternion Algebras in SQIsign [Download pdf (PDF, 664 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Luca De Feo (IBM Research, Zurich).
Lucas Dodgson. Post-Quantum building blocks for secure computation - the Legendre OPRF [Download pdf (PDF, 862 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).
Mirco Stäuble. Mitigating Impersonation Attacks on Single Sign-On with Secure Hardware [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).
Younis Khalil. Implementing a Forward-Secure Cloud Storage System [Download pdf (PDF, 5.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Matilda Backendal.
Andrei Herasimau. Formal Verification of the "Crypto Refresh" Update to the OpenPGP Standard [Download pdf (PDF, 695 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Daniel Huigens (Proton Mail).
Benjamin Fischer. Privacy-Preserving Federated Learning for Cyber Threat Intelligence Sharing [Download pdf (PDF, 3.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Juan R. Troncoso-Pastoriza (Tune Insight SA).
Pascal Schärli. Security Assessment of the Sharekey Collaboration App [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Bernhard Tellenbach (Armasuisse).
Lena Csomor. Bridging the Gap between Privacy Incidents and PETs [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand, Shannon Veitch.
2022
Ran Liao. Linear-Time Zero-Knowledge Arguments in Practice. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Jonathan Bootle (IBM Research, Zurich).
Christian Knabenhans. Practical Integrity Protection for Private Computations [Download pdf (PDF, 873 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand.
Ella Kummer. Counting filters in adversarial settings [Download pdf (PDF, 943 KB)]. Supervisor. Prof. Kenny Paterson, Co-supervisors: Dr. Anupama Unnikrishnan, Mia Filić.
Massimiliano Taverna. Breaking Cryptography in the Wild: Web3 [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson.
Giacomo Fenzi. Klondike: Finding Gold in SIKE [Download pdf (PDF, 7.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Fernando Virdia.
Kien Tuong Truong. Breaking Cryptography in the Wild: Threema [Download pdf (PDF, 824 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.
Jonas Meier. Diophantine Satisfiability Arguments for Private Blockchains [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Patrick Towa.
Marc Ilunga. Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol [Download pdf (PDF, 1.2 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Robertas Maleckas. Cryptography in the Wild: Analyzing Jitsi Meet [Download pdf (PDF, 996 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.
Miro Haller. Cloud Storage Systems: From Bad Practice to Practical Attacks [Download pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matilda Backendal.
Lorenzo Laneve. Quantum Random Walks [Download pdf]. Joint supervisor: Prof. Kenny Paterson.
Florian Moser. Swiss Internet Voting [Download pdf]. Supervisor: Prof. Kenny Paterson.
2021
Moritz Winger. Automated Hybrid Parameter Selection & Circuit Analysis for FHE [Download pdf]. Joint supervisor: Prof. Kenny Paterson, Co-supervisor: Alexander Viand.
Tijana Klimovic. Modular Design of the Messaging Layer Security (MLS) Protocol [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Igors Stepanovs.
Radwa Abdelbar. Post-Quantum KEM-based TLS with Pre-Shared Keys [Download pdf (PDF, 972 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Dr. Patrick Towa.
Raphael Eikenberg. Breaking Bridgefy, Again [Download pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.
Andreas Pfefferle. Security Analysis of the Swiss Post’s E-Voting Implementation. Supervisor: Prof. Kenny Paterson.
Mihael Liskij. Survey of TLS 1.3 0-RTT Usage [Download pdf (PDF, 803 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Nicolas Klose. Characterizing Notions for Secure Cryptographic Channels [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Alexandre Poirrier. Continuous Authentication in Secure Messaging [Download pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Benjamin Dowling, Dr. Felix Günther.
Luca Di Bartolomeo. ArmWrestling: efficient binary rewriting for ARM [Download pdf (PDF, 661 KB)]. Joint Supervisor: Prof. Kenny Paterson.
2020
Matteo Scarlata. Post-Compromise Security and TLS 1.3 Session Resumption [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Benjamin Dowling.
Anselme Goetschmann. Design and Analysis of Graph Encryption Schemes [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Sikhar Patranabis.
Lara Bruseghini. Analysis of the OpenPGP Specifications and Usage. Joint Supervisor: Prof. Kenny Paterson.
Semira Einsele. Average Case Error Estimates of the Strong Lucas Probable Prime Test [Download pdf (PDF, 893 KB)]. Joint Supervisor: Prof. Kenny Paterson.
Jan Gilcher. Constant-Time Implementation of NTS-KEM [Download pdf (PDF, 3.2 MB)]. Supervisor: Prof. Kenny Paterson.