Semester Projects

Data compression reduces data size to save storage and communication costs by removing redundancy. Due its inherent dependency on the data, this process can cause information leakage, even if the compressed data is encrypted. A famous example is the compression ratio side channel [Kel02], exploited in the CRIME [RD12] and BREACH [GHP13] attacks against HTTPS, which reveals information through the length of the compressed data. More recently, Schwarzl et al. [SBS+23] have shown that timing variations in compressors and decompressors can also leak information, leading to decompression timing side-channel attacks. The authors used fuzzing techniques to discover and amplify timing side channels in decompressor implementations and demonstrated practicality by showcasing several attacks that can also be performed by a remote attacker.

This project will explore various topics related to timing side channels in compression and decompression. The project could proceed in one or more of the following directions based on the student’s interest:

1. Improve existing results on decompression timing side-channel attacks in terms of reliability and efficiency.
2. Examine the susceptibility to timing side-channel attacks of other compression algorithms such as brotli and bzip2.
3. Investigate the compression timing side channel as a novel leakage vector.
4. Design and evaluate defences against compression/decompression timing side-channel attacks.

On the attack side, the idea is to craft payloads that amplify the timing difference and reduce the number of queries; we can do this manually by closely examining specific designs of compression algorithms, drawing inspiration from existing techniques for compression ratio side-channel attacks [RD12, GHP13, Son24], using automated tools, or a combination of approaches.

This project is expected to be practical, with a strong focus on implementation and experiments. Good coding skills are required. No prior experience in cryptography is required.

References:

[GHP13] Yoel Gluck, Neal Harris, and Angelo Prado. BREACH: Reviving the CRIME attack. Black Hat, 2013. external page https://www.breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf.
[Kel02] John Kelsey. Compression and information leakage of plaintext. In FSE, volume 2365 of Lecture Notes in Computer Science, pages 263–276. Springer, 2002. external page https://www.iacr.org/cryptodb/archive/2002/FSE/3091/3091.pdf.
[RD12] Juliano Rizzo and Thai Duong. The CRIME attack. Ekoparty, 2012. external page https://docs.google.com/presentation/d/11eBmGiHbYcHR9gL5nDyZChu_-lCa2GizeuOfaLU2HOU.
[SBS+23] Martin Schwarzl, Pietro Borrello, Gururaj Saileshwar, Hanna Müller, Michael Schwarz, and Daniel Gruss. Practical timing side-channel attacks on memory compression. In SP, pages 1186–1203. IEEE, 2023. external page https://misc0110.net/files/compression_sc_sp23.pdf.
[Son24] Yuanming Song. Refined techniques for compression side-channel attacks. Master’s thesis, ETH Zurich, April 2024. https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/masters-thesis_yuanming-song.pdf.

Poly1305 is a widely used Message Authentication Code designed by Dan Bernstein [1], most commonly used in form of the ChaCha20-Poly1305 AEAD scheme. However, not only is Poly1305 a bad fit for ChaCha20 in particular, limiting its multi-user security [4], it was also designed for the hardware of its time and now sits at an unfortunate point in the security-performance-tradeoff space. Several suggestions exists for more better universal hash functions than the one at the core of Poly1305 [2,3].

The goal of this project is to create secure and highly optimized implementations of one or more of these schemes, both as a MAC and ideally combined with a suitable encryption scheme as AEAD scheme. This includes an exploration of the UHF to MAC construction to use, as well as an evaluation of the encryption scheme to use.

Requirements:
- Solid programming skills in C or Rust
- Good familiarity with Assembly and low level performance optimizations
- Basic background in cryptography, e.g. from the Bachelors course Information Security

Earliest Start: March

References:

[1] Daniel J. Bernstein. The poly1305-AES message-authentication code. external page https://cr.yp.to/mac/poly1305-20050329.pdf
[2] Jean Paul Degabriele, Jan Gilcher, Jérôme Govinden, and Kenneth G. Paterson. SoK: Efficient design and implementation of polynomial hash functions over prime fields. external page https://oaklandsok.github.io/papers/degabriele2024.pdf
[3] Sreyosi Bhattacharyya, Kaushik Nath, and Palash Sarkar. Polynomial hashing over prime order fields. external page https://eprint.iacr.org/2023/634
[4] Jean Paul Degabriele, Jérôme Govinden, Felix Günther and Kenneth G. Paterson. The Security of ChaCha20-Poly1305 in the Multi-user Setting. external page https://dl.acm.org/doi/10.1145/3460120.3484814

(Supervisor: Prof. Christoph Studer, Joint Supervisor: Dr. Stefan Mangold)

This project seeks to establish and evaluate a smartphone-based communication framework for humanitarian missions, where internet connectivity is either disrupted or entirely unavailable. By leveraging widely used wireless standards, devices will form multi-hop networks capable of forwarding messages without centralized infrastructure or specialized hardware. A dedicated test environment—combining multiple smartphones and computers—will be used to measure performance under realistic conditions, focusing on metrics such as reliability and coverage. Ultimately, the project will provide insights into designing resilient, delay-tolerant mesh networks to support critical coordination efforts when conventional communication methods fail.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Dr. Simon-Philipp Merz, Kien Tuong Truong)

This student project focuses on the emerging field of post-quantum cryptography, specifically exploring cryptographic systems based on the computational difficulty of decoding linear error-correcting codes. As quantum computers pose a threat to current public-key encryption, research in post-quantum cryptography has gained importance. The project aims to systematize recent advancements in information-set decoding (ISD) algorithms, which are crucial for understanding and potentially improving code-based cryptanalysis. The project will provide a comprehensive overview of existing ISD algorithms, analyze their variations and how they exploit the structure of decoding problems, such as regular syndrome decoding. Additionally, it will evaluate current leading implementations of ISD algorithms and seek to achieve concrete performance improvements. This research will contribute to the standardization efforts by organizations like the US National Institute of Standards and Technology (NIST) in developing secure cryptographic systems for a post-quantum world.

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Lenka Mareková)

This project's aim is to develop a Systematization of Knowledge, a type of work which aims to comprehensively review, organize, and synthesize existing knowledge on a particular topic. In this case the focus will be on mesh networks and their applications to offline communications, taking a broad definition of "mesh" to include traditional ad-hoc networks [1,2], peer-to-peer systems as well as more recently proposed mesh messaging designs [3,4,5], spanning cryptography but also security research more widely. The project will also survey a host of existing practical tools and their capabilities [6,7,8], thus providing a comprehensive overview of what is available in the real world, and what the potential gaps are.

The goal will be to catalogue existing usecases in which these networks have been or were intended to be utilised and describe the functionality they provide; to identify key assumptions behind the proposed designs; describe common threat models as well as the promised security guarantees. The work could also draw on related concepts from the anonymity and censorship resistance literature, and as a potential extension explore social science works on internet shutdowns and other contexts where standard communication media are not available or not reliable enough for use.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Dr. Jean-Philippe Aumasson, Dr. Lenka Mareková)

This project seeks to evaluate the cryptographic foundation of HashiCorp Vault, a widely deployed but under-researched open-source key management system (KMS). KMS are essential for securely generating, storing, and handling cryptographic keys and other sensitive data, a task often complicated by the need for strong security measures, such as hardware security modules (HSM) for bootstrapping trust. While prominent KMS from Microsoft, Google, and AWS are closed-source and integrated with their respective ecosystems, Vault offers an open-source alternative with complex cryptographic mechanisms that have not been extensively examined in academic research.

The project involves a thorough review of Vault's documentation and source code to understand its threat model and security controls, including optional enhancements like HSM-based unsealing and secret-sharing mechanisms. The student will develop an informal model of Vault's cryptographic protocols, scrutinize them for potential vulnerabilities, and test these vulnerabilities through proof-of-concept implementations. The final deliverables include a comprehensive report detailing the protocols, identified flaws, and potential mitigations. The study may also extend to comparing Vault with its recent fork, OpenBao, to assess differences in their security properties.
 

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Jan Gilcher)

This project aims to secure cryptographic algorithms against timing-based side-channel attacks by addressing the challenges posed by compiler optimizations that do not account for timing guarantees. Compilers can inadvertently introduce timing channels into seemingly secure code, creating difficulties for cryptographic implementers who must outsmart these optimizations to maintain constant-time properties. This situation ultimately benefits attackers exploiting timing variations. The primary task involves compiling a list of optimizations that break constant-time guarantees for the Clang compiler using existing constant-time verification tools based on the LLVM IR framework.

The project involves curating a collection of constant-time programming techniques and selecting a suitable verification tool. This includes researching cryptographic code, particularly implementations of AES, RSA, and Diffie-Hellman, and establishing criteria to evaluate and choose the best LLVM-based verification tool. Additionally, the project focuses on integrating this tool with the compilation pipeline to test the curated code snippets under various optimization settings. The aim is to document which Clang optimizations compromise constant-time guarantees and identify any patterns or trends in these insecure optimizations.
 

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Laura Hetz, Dr. Francesca Falzon)

Probabilistic data structures use probabilistic algorithms to provide approximate answers to queries with a trade-off between accuracy and resource efficiency (e.g., memory or query time). Widely used in applications like database management systems, network measurement, and privacy-preserving cryptographic protocols, these structures enable approximate answers to queries about the data. One such structure, the binary fuse filter (BFF), supports membership queries with a probability of false positives.

This project introduces a variation of the binary fuse filter designed to answer proximity membership queries, determining if an element is close to any in a set based on a metric like Hamming or Euclidean distance. By employing locality-sensitive hash (LSH) functions to hash similar items into the same buckets, the project aims to enhance the BFF for distance-sensitive queries. The research will involve formal analysis of the data structure's complexity and empirical testing to determine optimal parameters, thereby improving its performance for proximity-based applications.