2022
Key Rapping at Asiacrypt 2022
Matilda Backendal is presenting her work on Puncturable Key Wrapping at Asiacrypt. Her video abstract features the Applied Cryptography group engaged in "key rapping" - check it out! external page https://youtu.be/yh45UpVQjYA?t=199. Credits for the video to Kien, our rapper!
5.12.2022
Kenny awarded the Golden Owl
We are proud to announce that the Golden Owl 2022 for the Department of Computer Science was awarded to our Professor Kenny Paterson. The Owl is awarded by VSETH, ETH's student association, for outstanding teaching.
Our group is honoured by the students' feedback, and we take the occasion to renew our commitment to excellence in teaching.
21.11.2022
Kien Tuong Truong joins the Applied Cryptography Group as a doctoral student on 15 November 2022. Kien completed his Master's in Cyber Security at ETH and, after a thesis in our lab on the security of Swiss messaging applications, he will work on the analysis of other real-world cryptographic protocols. His interests concern attacks and cryptographic vulnerabilities "in the wild".
15.11.2022
Applied Crypto Group wins Distinguished Paper Award at ACM CCS 2022
The paper “Victory by KO: Attacking OpenPGP Using Key Overwriting" by Lara Bruseghini (ETH Zurich & Proton AG), Daniel Huigens (Proton AG) and Kenny Paterson (ETH Zurich) won a distinguished paper award at ACM CCS 2022 this week. The annual conference is one of the top four security conferences and was held in Los Angeles this year, where Lara accepted the award on behalf of the team. The paper has already had a substantial impact on the use of OpenPGP in practice: multiple libraries have updated their code and the OpenPGP standard under development at the IETF now includes the countermeasures recommended in the paper. In addition, the “key overwriting” or “KO” attack vector is proving to be very useful in the group’s follow-up work on cloud storage systems. To read more about the paper, please visit external page https://www.kopenpgp.com/
11.11.2022
Security Standardisation Research Conference 2023
The external page Security Standardisation Research Conference 2023 is co-organized by our group member Felix Günther and Julia Hesse (IBM Research Zurich). It will take place 22-23 April 2023 in Lyon, France, co-located with the external page Eurocrypt conference. SSR 2023 invites research, SoK, and vision papers on all aspects of security standardisation research; submission deadline is 5 January 2023, for full details see the external page Call for Papers.
7.11.2022
Mia Filić and Anu Unnikrishnan at Stanford Security Seminar
Mia and Anu will present their work on Probabilistic Data Structures in adversarial settings at the Stanford Security Seminar this Friday.
The presentation is available over Zoom: external page https://cs.stanford.edu/events/security-seminar-adversarial-correctness-and-privacy-probabilistic-data-structures-mia-filic
4.11.2022
Massimiliano Taverna joins the Applied Cryptography Group as a scientific assistant on 7 November 2022. After a Master’s in Cyber Security at ETH and a thesis in our lab about practical attacks on blockchains, he will extend his thesis research during his two-month stay in our group. His interests concern Web3, with the goal of enhancing its security, as well as multiple areas of applied cryptography.
31.10.2022
Shannon Veitch joins the Applied Cryptography Group as a doctoral student on 1 November 2022. Shannon did her Master’s in Computer Science at the University of Waterloo in the CrySP Lab. Her work focused on secret sharing schemes and secure multi-party computation. She is interested in applying cryptography to the design and development of privacy enhancing technologies.
25.10.2022
Last week, the paper “An Efficient Query Recovery Attack Against a Graph Encryption Scheme” was awarded the Best Student Paper Award at ESORICS 2022. The paper is joint work with Francesca Falzon, a former visitor of the Applied Crypto group and current PhD student at the University of Chicago, and Kenny Paterson. The paper presents the first leakage abuse attack against a scheme that supports private shortest path queries on graphs, and it achieves this by extending a classical algorithm for the tree isomorphism problem. Read more at https://www.research-collection.ethz.ch/handle/20.500.11850/564478.
10.10.2022
Fernando Virdia joins Intel Research
Fernando has reached the end of his postdoctoral studies in the group, but will continue to do awesome post-quantum cryptography research for Intel!
As we well know, a straight line is not the shortest path between a postdoc and tenure -- we all look forward to welcoming Fernando back in academia soon.
22.8.2022
PDS in Adversarial Environments @CCS
Four of our members, Mia Filić, Kenneth G. Paterson, Anu Unnikrishnan, and Fernando Virdia, have been exploring probabilistic data structures, such as Bloom and Cuckoo filters. The paper summary of their findings titled “Probabilistic Data Structures in Adversarial Environments” has been accepted to external page ACM CCS 2022.
28.7.2022
Patrick Towa joins Aztec Network
We are proud to announce that Patrick has completed his postdoctoral studies at the Applied Cryptography group, and will continue his journey as a Cryptography Researcher at Aztec Network - a leading technology company in zero-knowledge SNARKs development and privacy for the Ethereum blockchain. Patrick focused his recent work on efficient anonymous communication, and post-quantum key exchanges.
To his fellows, Patrick leaves the following words: “Trees that are slow to grow bear the best fruit.” Patrick, we will miss you!
22.7.2022
Flagbot, ETH's capture-the-flag academic team, qualifies for DEF CON CTF 2022.
ETH students and alumni played together with EPFL's CTF team under the umbrella team "Organizers". After a very successful season, during which Organizers was consistently on the leaderboard of various top CTFs and managed to defend the #1 place on ctftime.org's global scoreboard, the DEF CON Qualifiers was still a harsh battle to fight, with endless reverse engineering challenges and binary exploitation combined with cryptography. Organizers nevertheless managed to secure a place for the prestigious DEF CON Finals, and is among the 16 teams invited to play in person in Las Vegas in August, for the second year in a row.
27.6.2022
The paper “MEGA – Malleable Encryption Goes Awry” by Matilda Backendal, Miro Haller and Kenny Paterson from the Applied Crypto Group was accepted to the IEEE Symposium on Security & Privacy 2023. MEGA is a cloud-based storage system with 250 million users worldwide, storing more than 1000 Petabytes of data. The team uncovered five significant cryptographic vulnerabilities in the MEGA system. These were disclosed to MEGA in March 2022 and some of them were patched in June. The work received media attention from Ars Technica, Hacker News, The Register, and more. Further details, including the paper itself, can be found at: external page https://mega-awry.io.
27.6.2022
Our paper external page "Rethinking Searchable Symmetric Encryption" authored by Zichen Gui, Sikhar Patranbis and Kenny Paterson from the Applied Crypto Group has been accepted to external page IEEE S&P 2023!
In the paper, we set out to show that a major change of direction is needed in searchable symmetric encryption (SSE) research. We point out that the literature, by and large, has only considered an adversarial model against a subcomponent of an overall SSE system, namely the "encrypted index". And most of the constructions focused on building "encrypted indices".
However, a "full" SSE system also includes document retrieval and that component is not protected by most of the SSE schemes in the literature. In the paper, we show how leakage from document retrieval can be exploited if no additional protection is used on top of an "encrypted index". We also show that the cost of protecting document retrieval is very high using "off-the-shelf" techniques like ORAM or PIR.
This has led us to believe that we need to "rethink SSE" -- by designing SSE schemes that take system-wide leakage into account from the start.
25.6.2022
We look forward to the visit of Joy Shi. She is a Bachelor student at Caltech, and the recipient of a Student Summer Research Fellowship (ETH SSRF). She joins our group during July and August 2022.
20.6.2022
We look forward to the visit of Lenka Mareková. She will join our group during the months of July and August 2022. Lenka is a PhD student at Royal Holloway, University of London. In her work she is focusing on analysing the security of messaging protocols using formal models as well as by studying how they are implemented in practice.
7.6.2022
The paper “Four Attacks and a Proof for Telegram” by Kenny Paterson, former Applied Crypto group member Igors Stepanovs and collaborators Martin Albrecht and Lenka Mareková from Royal Holloway, University of London was awarded with a distinguished paper award at the prestigious IEEE Symposium on Security & Privacy 2022. Taking a "deep dive" on the Telegram secure messaging protocol, it describes a number of practical and theoretical attacks on Telegram's MT Proto protocol, as well as provides a security proof for a repaired version of Telegram. Read more at external page https://mtpsym.github.io/
24.5.2022
Tianxin Tang joins the Applied Cryptography group as a postdoctoral researcher on 22 March 2022. She obtained her Ph.D. from Georgia Institute of Technology under the guidance of Dr. Alexandra Boldyreva. Her thesis focused on mitigating the leakage of searchable encryption and adding support for versatile functionality. She is interested in exploring various aspects of accessing and computing on encrypted data.
7.3.2022
Zichen Gui joins the Applied Cryptography group as a postdoctoral researcher on 1 April 2022. He obtained his Ph.D. from the University of Bristol under the supervision of Bogdan Warinschi and Oliver Johnson. He is interested in the trade-off between security and efficiency for encrypted database systems. His work focuses on analysing existing schemes, building better security models and devising more advanced schemes.
1.3.2022
Three papers by researchers from our group have recently been accepted to top-tier conferences:
- The paper "Breaking Bridgefy, again — Adopting libsignal is not enough" was accepted to the external page USENIX Security Symposium 2022. It reports new attacks on the Bridgefy messaging app and emerged from Raphael Eikenberg's Master thesis; it's co-authored by Martin Albrecht from Royal Holloway, University of London and Kenny Paterson.
- The paper "On the Concrete Security of TLS 1.3 PSK Mode" by former visiting student Hannah Davis (UC San Diego), Denis Diemert and Tibor Jager (University of Wuppertal) and Felix Günther was accepted to external page EUROCRYPT 2022. It closes gaps in prior security proofs for the widespread TLS 1.3 protocol and provides new and tight security bounds.
- The paper "Anonymous, Robust Post-Quantum Public-Key Encryption" by Paul Grubbs (University of Michigan), Varun Maram, and Kenny Paterson was also accepted to external page EUROCRYPT 2022. It conducts a systematic study of anonymity and robustness for post-quantum encryption and provides insights on the finalist schemes in NIST's standardization process (external page preprint available).
2.2.2022
