Master's Theses
Available Projects
Students interested in a thesis with the group are kindly requested to send their transcript of records, along with a CV highlighting any relevant experience in cryptography, and either a preferred topic from the proposals below or a description of their interests within cryptography, to the contact noted under Student Projects.
Last updated: 01.06.2026
Ongoing Projects
(We recommend students currently doing a project in our group to use this Download LaTeX template for writing their thesis.)
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Yuanming Song)
This project investigates how modern compression algorithms can leak sensitive information through compression side channels, where changes in compressed output size reveal properties of the underlying data even when it is encrypted. While previous attacks have mainly targeted the older DEFLATE algorithm, this work focuses on newer and increasingly popular schemes such as brotli and Zstandard, and potentially others like LZ4, Snappy, LZMA, and bzip2. A key goal is to understand how vulnerable these algorithms are to side-channel attacks and how an attacker might amplify small differences in input into large, observable changes in compressed length.
The project will adapt known exploitation techniques from DEFLATE, such as telescoping and chaining, to brotli and Zstandard, studying how well they transfer and why they may behave differently. It will also develop new, algorithm-specific techniques that exploit unique design features, complex encoding schemes (such as FSE in Zstandard), static dictionaries, and heuristic optimizations in reference implementations. Because many compression algorithms lack formal specifications, the work will rely heavily on analyzing their source code, implementing attack strategies, and empirically evaluating their effectiveness in realistic scenarios.
(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Gabriel Dettling, Dr. Martin Hirt, Dr. Chen-Da Liu-Zhang)
This project studies how to design highly scalable “MPC as a service” protocols that can run continuously with a changing set of participants, as in modern systems like blockchain platforms or TOR. In these dynamic settings, parties should be able to join, contribute to the computation briefly, and leave, without a fixed group of long-term participants. Existing dynamic multi-party computation (MPC) protocols in the “only-speak-once” model, where each committee participates in just one step, incur communication costs proportional to both the number of parties and the circuit size (Ω(nC)), while traditional static MPC can achieve communication proportional only to the circuit size (O(C)). The central goal of this thesis is to investigate whether similar low, constant communication per gate is achievable in the dynamic MPC model.
The work will begin by surveying the state of the art in both standard MPC protocols with constant per-gate communication and dynamic MPC protocols, focusing on their communication complexity. Building on this understanding, the project will explore how to adapt techniques such as packed secret sharing to the dynamic setting. The plan is to first design feasibility protocols with weaker guarantees (passive security, SIMD circuits, and sub-optimal resilience, using lightweight cryptographic tools and no trusted setup), and then progressively strengthen them to handle general circuits, optimal resilience, and fully malicious adversaries.
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Rune Fiedler)
This project examines the security of the SimpleX messaging system, which markets itself as “the world’s most secure messaging” and claims stronger privacy guarantees than well-known messengers like Signal, especially regarding metadata, profiles, and contacts. Despite a recent external review by Trail of Bits that reported no major issues, SimpleX’s ambitious claims and distinctive design (including stronger metadata-hiding goals) warrant a deeper, independent analysis.
The main task is to reverse-engineer and understand the internal protocols and system architecture of SimpleX, then abstract these into clear models suitable for security analysis. Using these abstractions, one can search for weaknesses (for example in how metadata is hidden or how components interact) and/or attempt to construct formal security proofs. Any vulnerabilities found will be documented and disclosed responsibly to the developers. The thesis will focus on explaining how SimpleX’s systems work, presenting the identified security properties and potential issues (or formal guarantees, if proven), and discussing the scope and limits of the security analysis rather than narrating the full step-by-step investigative process.
(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Lenka Mareková)
This project contributes to the group's ongoing work on developing a secure smartphone-based communication tool for humanitarian workers that works even in areas with no internet, cellular, or satellite connectivity. Building on an existing prototype that already supports routing, delay-tolerant networking, and basic performance measurement, the next phase focuses on integrating cryptographic security from the link layer up to the application layer. At the same time, the networking stack must be improved to run reliably in the background and to meet new requirements imposed by the cryptographic protocols, while performance overheads and bottlenecks are systematically evaluated.
The system must function in diverse and sometimes restrictive field environments, leading to unusual security requirements. The project’s goals are to improve usability (e.g., background operation), contribute to the design and implementation of the application-layer protocols, and extend experimental evaluation of performance and security, with insights from implementation feeding back into the overall protocol design.
Completed Projects
2026
Andris Suter-Dörig. Breaking SEPPmail: A Case Study of Email Encryption in the Wild. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.
2025
Andrea Raguso. Analyzing Private Set Union and Data Join Functionalities. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Francesca Falzon.
Marc Himmelberger. Implementing and Evaluating Quantum-Safe Fully Encrypted Protocols [Download pdf (PDF, 1.7 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Shannon Veitch, Dr. Felix Günther (IBM Research, Zurich).
Emanuel Opel. Shamir Secret (Over)sharing, in the Wild. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Giovanni Torrisi. Common Pitfalls in End-to-End Encrypted Password Managers. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.
Damiano Mombelli. General-Purpose Zero-Knowledge Proofs for Verifiable Credentials [Download pdf (PDF, 898 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Martin Burkhart (Armasuisse).
Moritz Teichner. Bandwidth-Efficient Multi-Server Oblivious Message Retrieval. Supervisor: Prof. Kenny Paterson, Co-supervisor: Laura Hetz.
2024
Nicola Dardanis. Bridging the Gap: Design and Implementation of Secure Shared Folders [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Matteo Scarlata.
Antonino Orofino. An Investigation of VPN Fingerprinting. Supervisor: Prof. Kenny Paterson, Co-supervisors: Shannon Veitch, Dr. Lenka Mareková.
Valentina Iliescu. Multi-Device Password Hardening [Download pdf (PDF, 488 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Matilda Backendal.
Cedric Gebistorf. Breaking Cryptography in the Wild: PrivateStorage [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Yuanming Song. Refined Techniques for Compression Side-Channel Attacks [Download pdf (PDF, 910 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Lenka Mareková.
Jonas Hofmann. Breaking Cryptography in the Wild: Cloud Storage. Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.
Noah Schmid. Breaking Cryptography in the Wild: Rocket.Chat [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Jan Gilcher.
Aurel Feer. Privacy Preserving String Search using Homomorphic Encryption [Download pdf (PDF, 1.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Zichen Gui.
Léa Micheloud. Securing Cloud Storage with OpenPGP: An Analysis of Proton Drive [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Daniel Huigens (Proton AG, Zurich).
2023
Daniel Pöllmann. Differential Obliviousness and its Limitations. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Tianxin Tang.
Andreas Tsouloupas. Breaking Cryptography in the Wild: Double-Ratchet Mutations [Download pdf (PDF, 966 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Kien Tuong Truong.
Thore Göbel. Security Analysis of Proton Key Transparency [Download pdf (PDF, 1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Daniel Huigens (Proton AG, Zurich), Felix Linker.
Sina Schaeffler. Algorithms for Quaternion Algebras in SQIsign [Download pdf (PDF, 664 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Luca De Feo (IBM Research, Zurich).
Lucas Dodgson. Post-Quantum building blocks for secure computation - the Legendre OPRF [Download pdf (PDF, 862 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).
Mirco Stäuble. Mitigating Impersonation Attacks on Single Sign-On with Secure Hardware [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).
Younis Khalil. Implementing a Forward-Secure Cloud Storage System [Download pdf (PDF, 5.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Matilda Backendal.
Andrei Herasimau. Formal Verification of the "Crypto Refresh" Update to the OpenPGP Standard [Download pdf (PDF, 695 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Daniel Huigens (Proton Mail).
Benjamin Fischer. Privacy-Preserving Federated Learning for Cyber Threat Intelligence Sharing [Download pdf (PDF, 3.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Juan R. Troncoso-Pastoriza (Tune Insight SA).
Pascal Schärli. Security Assessment of the Sharekey Collaboration App [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Bernhard Tellenbach (Armasuisse).
Lena Csomor. Bridging the Gap between Privacy Incidents and PETs [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand, Shannon Veitch.
2022
Ran Liao. Linear-Time Zero-Knowledge Arguments in Practice. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Jonathan Bootle (IBM Research, Zurich).
Christian Knabenhans. Practical Integrity Protection for Private Computations [Download pdf (PDF, 873 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand.
Ella Kummer. Counting filters in adversarial settings [Download pdf (PDF, 943 KB)]. Supervisor. Prof. Kenny Paterson, Co-supervisors: Dr. Anupama Unnikrishnan, Mia Filić.
Massimiliano Taverna. Breaking Cryptography in the Wild: Web3 [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson.
Giacomo Fenzi. Klondike: Finding Gold in SIKE [Download pdf (PDF, 7.6 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Fernando Virdia.
Kien Tuong Truong. Breaking Cryptography in the Wild: Threema [Download pdf (PDF, 824 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.
Jonas Meier. Diophantine Satisfiability Arguments for Private Blockchains [Download pdf (PDF, 2.1 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Patrick Towa.
Marc Ilunga. Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol [Download pdf (PDF, 1.2 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Robertas Maleckas. Cryptography in the Wild: Analyzing Jitsi Meet [Download pdf (PDF, 996 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.
Miro Haller. Cloud Storage Systems: From Bad Practice to Practical Attacks [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matilda Backendal.
Lorenzo Laneve. Quantum Random Walks [pdf]. Joint supervisor: Prof. Kenny Paterson.
Florian Moser. Swiss Internet Voting [pdf]. Supervisor: Prof. Kenny Paterson.
2021
Moritz Winger. Automated Hybrid Parameter Selection & Circuit Analysis for FHE [pdf]. Joint supervisor: Prof. Kenny Paterson, Co-supervisor: Alexander Viand.
Tijana Klimovic. Modular Design of the Messaging Layer Security (MLS) Protocol [Download pdf (PDF, 1.3 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Igors Stepanovs.
Radwa Abdelbar. Post-Quantum KEM-based TLS with Pre-Shared Keys [Download pdf (PDF, 972 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Dr. Patrick Towa.
Raphael Eikenberg. Breaking Bridgefy, Again [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.
Andreas Pfefferle. Security Analysis of the Swiss Post’s E-Voting Implementation. Supervisor: Prof. Kenny Paterson.
Mihael Liskij. Survey of TLS 1.3 0-RTT Usage [Download pdf (PDF, 803 KB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Nicolas Klose. Characterizing Notions for Secure Cryptographic Channels [Download pdf (PDF, 1.4 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.
Alexandre Poirrier. Continuous Authentication in Secure Messaging [pdf]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Benjamin Dowling, Dr. Felix Günther.
Luca Di Bartolomeo. ArmWrestling: efficient binary rewriting for ARM [Download pdf (PDF, 661 KB)]. Joint Supervisor: Prof. Kenny Paterson.
2020
Matteo Scarlata. Post-Compromise Security and TLS 1.3 Session Resumption [Download pdf (PDF, 1.5 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Benjamin Dowling.
Anselme Goetschmann. Design and Analysis of Graph Encryption Schemes [Download pdf (PDF, 2.9 MB)]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Sikhar Patranabis.
Lara Bruseghini. Analysis of the OpenPGP Specifications and Usage. Joint Supervisor: Prof. Kenny Paterson.
Semira Einsele. Average Case Error Estimates of the Strong Lucas Probable Prime Test [Download pdf (PDF, 893 KB)]. Joint Supervisor: Prof. Kenny Paterson.
Jan Gilcher. Constant-Time Implementation of NTS-KEM [Download pdf (PDF, 3.2 MB)]. Supervisor: Prof. Kenny Paterson.