2023

Congratulations!

Varun Maram has successfully defended his doctoral thesis titled "Generic Enhancements of Post-Quantum Public-Key Encryption" on 11th December 2023. The thesis was supervised by Prof. Dr. Kenny Paterson, and co-referred by Prof. Dr. Dennis Hofheinz and Prof. Dr. Andreas Hülsing (Technische Universiteit Eindhoven).

11.12.2023

Polynomial Hash Functions over Prime Fields at Oakland 24

The paper "SoK: Efficient Design and Implementation of Polynomial Hash Functions over Prime Fields" by Jean Paul Degabriele (Technology Innovation Institute), Jan Gilcher, Jérôme Govinden (Technical University of Darmstadt), and Kenny Paterson has been accepted for publication at IEEE Security and Privacy 2024. In this work the team explored the vast design and implementation space of polynomial hash functions. Furthermore, looking at the design of Poly1305, they ask the question "Given today's advancements and applications would we still converge to this same design?", and are able to answer this question in the negative, proposing several improved, alternative designs.

20.11.2023

Laura Hetz wins CAST IT Security Student Award

For her work on “Communication-Efficient Privacy-Preserving Mobile Contact Discovery", Laura Hetz, doctoral student in our group, won the 1st place of the CAST IT Security Student Award in the category Master's thesis.

This thesis was written at the Technical University of Darmstadt under the supervision of Professor Thomas Schneider from TU Darmstadt and Christian Weinert from Royal Holloway, University of London.

In her thesis, Laura focused on a privacy-preserving solution for contact discovery in popular messenger apps such as WhatsApp or Signal, and the results were published at ESORICS'23.

16.10.2023

Steven Galbraith visiting the Applied Cryptography Group

It was a pleasure to have Steven visit us during his sabbatical from University of Auckland. His Distinguished Computer Science Colloquium "Can We Trust Post-Quantum Cryptography?" attracted a wide audience, and was a great and provocative exploration of current state of research, with emphasis on isogeny cryptography. Steven, thank you for your insights and your time with us!

22.9.2023

Swiss Crypto Day at ETH Zurich

The second Swiss Crypto Day, hosted at ETH Zurich after a three-year hiatus, was a resounding success, bringing together a diverse group of speakers from both industry and academia. The event showcased the dynamic and thriving community of cryptographers in Switzerland, with topics ranging from foundational research to real-world applications -- from Karen Klein's (ETHZ) analysis of new techniques for formal security proofs, to Paul Bottinelli's exploration of crypto vulnerabilities in the wild and Ioana Nedelcu's (Google) presentation of Google's Tink cryptographic library. With invited speakers representing leading Swiss institutions such as IBM Research - Zürich, EPFL, and the University of St. Gallen, and participants from all over Switzerland, the Crypto Day was a great networking opportunity.

We all look forward to the next Crypto Day, hosted by University of St. Gallen in fall 2024, and to reigniting a tradition of biannual meetings for the Swiss cryptographic community.

8.9.2023

Applied Crypto at USENIX Security '23

We had a strong presence at this year's USENIX, with three talks from members and students of our group! Massimiliano Taverna presented our attack against Ethereum Classic, "Snapping Snap Sync: Practical Attacks on Go Ethereum Synchronising Nodes"; Kien Tuong Truong our work on Threema, "Three Lessons From Threema: Analysis of a Secure Messenger"; Tianxin Tang our cryptanalysis of MongoDB, "Security Analysis of MongoDB Queryable Encryption".

14.8.2023
 

Two papers co-authored by our group members have been accepted to external pageACM CCS 2023call_made

• The paper "Compact Frequency Estimators in Adversarial Environments" by Mia Filić, Sam A. Markelon, and Thomas Shrimpton presents concrete attacks forcing compact frequency estimators (CFEs) such as Count-Min Sketch (CMS) and HeavyKeeper (HK) to make significant estimation errors. The authors furthermore explore the benefits of combining existing CFEs into a new one. They give a new CFE (CountKeepr) combining the CMS and HK. The CountKeepr is typically more accurate than CMS for "honest" streams, the attacks against CMS and HK stand less effective, and the CFE has a native ability to flag suspicious estimates, which, to our knowledge, no other CFE admits.
  
• The paper "Verifiable Verification in Cryptographic Protocols" by Marc Fischlin (TU Darmstadt) and Felix Günther proposes a novel cryptographic mechanism to detect implementation errors in cryptographic code. By making verification algorithms output additional confirmation codes, erroneous verification steps become detectable in higher-level applications, tying security to basic functionality.

27.7.2023

The affiliated events held in conjunction with Eurocrypt 2024 will be hosted at ETH Zurich on May 25-26, 2024, co-organized by Felix Günther and Kristina Hostáková (Foundations of Cryptography group). Proposals for events can be submitted until 4 September 2023.

See the external pageCall for Affiliated Eventscall_made for details.

10.7.2023

The paper "Security Analysis of MongoDB Queryable Encryption" by Zichen Gui, Kenneth G. Paterson, and Tianxin Tang was accepted at USENIX Security 2023. external pageQueryable Encryptioncall_made is the first commercially available encrypted search product based on searchable symmetric encryption. In this work, the team took a deep dive into cryptanalysing MongoDB's Queryable Encryption. The team found that the logging systems in MongoDB leaks statistical information about the databases encrypted using Queryable Encryption, which enabled devastating plaintext recovery attacks. 

You can read the full paper Downloadhere (PDF, 1.1 MB)vertical_align_bottom.

5.6.2023

Pushing Crypto Forward: Briar Updates

The Briar project has external pageannouncedcall_made] they released fixes to vulnerabilities we discovered!
Yet another successful "crypto in the wild" project from AC: Yuanming Song completed his Downloadsemester project (PDF, 614 KB)vertical_align_bottom with us, analysing the privacy and cryptography of Briar, a messaging app targeting high-risk users.

30.5.2023

The paper "MEGA – Malleable Encryption Gone Awry” by Matilda Backendal, Miro Haller and Kenny Paterson, was selected to receive a distinguished paper award at the 2023 IEEE Symposium on Security and Privacy being held this week in San Francisco. In this work, the team took a close look at security in the MEGA system, one of the largest consumer-facing cloud storage systems with more than 250 million users and more than 1000 Petabytes of stored data. The team uncovered five significant cryptographic vulnerabilities in the MEGA system. These were disclosed to MEGA in March 2022 and some of them were patched in June 2022. The work received media attention from Ars Technica, Hacker News, The Register, and more. Further details, including the paper itself, can be found at: external pagehttps://mega-awry.iocall_made

25.5.2023

When Messages are Keys: HMAC security at Crypto '23!

Our paper on the dual-PRF security of HMAC, by Matilda Backendal, Mihir Bellare, Felix Günther, and Matteo Scarlata, was accepted to Crypto 2023. We give a complete characterization of when using messages as keys in HMAC is (in)secure, and fill gaps in the literature by proving PRF security of HMAC for keys of practical lengths.

8.5.2023

Threema paper at USENIX Security 23!

Our cryptographic analysis of Threema was accepted to USENIX 23! "Three Lessons from Threema: Analysis of a Secure Messenger" will be presented this August in Anaheim, CA.

22.03.2023

New attacks on MEGA at EUROCRYPT 23!

The paper "Caveat Implementor! Key Recovery Attacks on MEGA", by Martin R. Albrecht, Miro Haller, Lenka Mareková, and Kenny, was accepted and will be presented in external pageLyoncall_made this spring.

The new attack can recover user RSA private keys and file keys. This is a follow-up to "MEGA: Malleable Encryption Goes Awry", by Matilda, Miro and Kenny, accepted at S&P 2023.

6.3.2023

Three talks contributed by the Applied Crypto group have been accepted to the external pageReal World Crypto Symposium 2023call_made, taking place in Tokyo in March. The presentations will cover:

• cryptographic vulnerabilities in the cloud storage system MEGA (by Matilda Backendal, Miro Haller, and Kenny Paterson – external pagehttps://mega-awry.io/call_made),
• a security analysis of the EDHOC lightweight key exchange protocol (by Felix Günther and Marc Ilunga), and
• attacks on the Threema secure messaging app (by Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong – external pagehttps://breakingthe3ma.app/call_made).

6.2.2023

Varun Maram and Keita Xagawa's work on "Post-Quantum Anonymity of Kyber" was accepted to PKC!

Our follow-up work on Mega by Kenny Paterson, Miro Haller, Martin Albrecht and Lenka Marekova, titled "Mega2", was accepted to Eurocrypt 2023.

6.2.2023