Below we give examples for open and finished thesis topics for bachelor and master projects. Beyond these we are always open for innovative self-proposed topics.

Thesis Topics

13 Entries found

Secure two-party computation allows two parties to jointly compute a publicly known function without disclosing their respective inputs to each other. This can be realized using well-known cryptographic protocols such as the ones provided by Yao (Yao’s Garbled Circuits) and Goldreich, Micali, and Wigderson (GMW). These protocols both obliviously evaluate a virtual boolean circuit that represents the desired functionality. In case the functionality consists only of additions and multiplications, there is also the possibility to use a protocol that obliviously evaluates a virtual arithmetic circuit.

The ABY framework provides state-of-the-art implementations of all these protocols. It furthermore allows to select different protocols for different parts of the functionality in order to optimize the overall performance. The circuits representing the functionality can either be defined manually within the framework or are automatically generated from a high-level language with the help of a compiler like CBMC-GC. Nevertheless, the computational and communication overhead incurred by secure two-party computation is at least an order of magnitude higher compared to unprotected computation. Thus, while practicality in several application scenarios can already be claimed, the situation is far from satisfying.

Intel Software Guard Extensions (SGX) seems to be a promising alternative. This technology provides a trusted execution environment within processors s.t. code can be executed securely on a remote machine and is isolated from all other processes running on the same machine. Thereby it is possible for two parties to submit their inputs and (attested) code to an SGX-enabled machine and retrieve the computation result without significant overhead and without disclosing their inputs. What is especially appealing about SGX is its ubiquitous availability as it comes for free in all recent Intel CPUs.

Unfortunately, researchers have found many side-channel attacks that can compromise the security of SGX protected data. For example, a malicious operating system could monitor memory page accesses to infer information about the control flow, which in turn often depends on the data that is supposed to be protected.


A Systematic Comparison of Private Function Evaluation Protocols

Bachelor Thesis, Master Thesis


Secure function evaluation (SFE) allows two parties to jointly compute a known function on their private data. Private function evaluation (PFE) extends this by allowing one of the parties to define a private function which can then be computed on the private data of the other party without any of the parties learning the other party's private input. Practical PFE has been implemented as SFE of so-called universal circuits (UCs) in [KS16,GKS17]. These circuits can be programmed to evaluate any functionality up to a given size by specifying a number of input bits to the UC.

In the last decade, other approaches were proposed for private function evaluation that do not depend on UCs. These protocols that are defined specifically for PFE are less generic but might achieve better performance in practice. Katz and Malka proposed a PFE scheme based on Yao's garbled circuit protocol in [KM11]. This protocol utilizes additively homomorphic encryption and achieves linear complexity in the circuit size. Mohassel and Sadeghian proposed a protocol with two instantiations in [MS13]. The first instantiation improves over the protocol by Katz and Malka, while the second protocol utilizes oblivious transfers (based on symmetric-key operations), and therefore can be more efficient in practice, despite its O(n log n) complexity in the size of the function n. This thesis will focus on comparing all approaches for practical PFE and implementing one or more of them (based on the thesis type). A comparison between these specific approaches and PFE with UCs is also to be performed.


Silently Learning your Support Vector Machines Models

Bachelor Thesis, Master Thesis


Machine learning (ML) is widely used nowadays to extract new information from existing data and to make predictions based on the learned information. The use of ML, however, raises privacy concerns due to learning on users' data - which often leaks information about the training set - and/or the possibility of learning the service provider's model based on its forecasts. Because of the latter, for example, an adversary possessing the ML model of a company that offers ML as a service (MLaaS), which is a company secret, would (i) not require to pay to the company for the classification anymore and (ii) could even sell the model to a third party which would cause the company to loose in value.

This thesis will focus on deducing the server's Support Vector Machines (SVM) model based on its predictions. Although many solutions were proposed for privacy-preserving machine learning (including frameworks based on multi-party computation), there was a lack of attention to the attacks on the ideal functionality of machine learning. These enable an adversary to learn the service provider's model using specially crafted queries without interfering with the protocol. Possible attacks are shown in, for example, [1]. Furthermore, an example of vulnerable SVM can be found in [2].

Many protocols for secure computation represent the function to be computed as a Boolean circuit consisting of XOR and AND gates. Here, the XOR gates can be computed locally without the use of cryptographic operations, whereas the AND gates require interaction between the parties and are thus expensive. The goal of this thesis is to optimize n-input gates (the gates that map an n-bit input to the corresponding 1-bit output) by replacing them with the minimum number of AND gates and some amount of XOR gates in order to reduce their AND-size.

Pinkas et al. [1] have shown that exactly half of the n-input gates (namely those where the Hamming weight of the function table is even) can be computed by at most n-2 AND gates and free XORs for n<4. The research question is if this holds true also for n=4, 5, etc. The idea is to enumerate all circuits consisting of up to i=0,1, 2, ..., n-1 AND gates on n inputs and see to which n-input functionality they correspond.

Private function evaluation allows to evaluate a function on another party's secret input, while maintaining the privacy of both the functionality being computed and of the input. Universal circuits (UCs) are circuits that can be programmed to compute any circuit up to a given size. Due to recent advances on the practicality of UCs [KS16,LMS16], the state-of-the-art construction is able to privately evaluate any function up to a certain threshold defined by the abilities of the computing device. Due to the memory-intensive algorithms used for generating and evaluating a universal circuit, this threshold prevents us from employing UCs in large-scale real-world applications in their current form. However, the scalability of UCs can be improved by using files to store independent parts and intermediate results of the algorithms.

The term contact discovery in the context of mobile instant messaging refers to the task of determining which contacts in a client's address book, identified by their phone numbers, are registered at the same messaging service. Because of privacy concerns, one might prefer to not simply share all contacts with the service provider in order to compute the intersection.

A naive solution to this private set intersection (PSI) problem is sending the phone numbers in hashed form. Unfortunately, this is inherently insecure as brute-force and dictionary attacks allow to easily recover such low entropy values. Also, there is no forward-secrecy in the sense that after the protocol execution the service provider can test new values later-on without the client's permission.

The developers of Signal, an open-source instant messenger for encrypted communication, considered employing encrypted bloom filters [1], but this approach turned out to be unfeasible due to the requirement of sending 40MB to each client for a database of 10 million users.

Thus, the current situation seems anything but satisfying: widely-used messenger services take none or insufficient measures to protect their customers' privacy as the scientific community fails to provide practical solutions for private contact discovery.


Web application for privacy-preserving assignments

Bachelor Thesis, Master Thesis

in progress

The assignment problem is a combinatorial optimization problem which can be solved in polynomial time using the Hungarian algorithm. An example for this problem is as follows: n students register for a seminar where n topics are available. The students provide their preferences to all available topics, which are associated with some costs (the happiness of the student when assigned to that topic): e.g., a student's first preference will cost n, while his/her least preference will cost 1. Any student can be assigned to any topic, all topics have to be assigned exactly to one student and each student needs to be assigned to exactly one topic in such a way that the total cost (happiness) is maximized. Such assignment problems can be solved without using a trusted third party in a privacy-preserving manner. In order to achieve this, secure computation techniques can be utilized. The main goal is to enable students to bid for their preferred topics and get the result without anyone else learning their preferences.

Web application for privacy-preserving scheduling

Bachelor Thesis, Master Thesis


Web applications currently used for scheduling meetings - such as Doodle - do not protect the privacy of their users, i.e., compute the results based on the clear inputs of the participants. Though privacy-friendly variants of Doodle already exist based on public-key encryption [TUD], these solutions assume a trusted party whose private key can be used to decrypt all inputs. Secure computation, which allows two parties to jointly compute a function while both parties keep their inputs private, is a promising approach to provide privacy for the users' inputs without the use of a trusted poll initiator.


Generalizing Semi-Private Function Evaluation

Bachelor Thesis


The cryptographic primitive Secure Function Evaluation (SFE) enables the evaluation of a function public function f (x, y), under input parameters that are provided by different parties without them revealing their specific value. Restricting SFE further by requiring the function to be only known by one party is called Private Function Evaluation (PFE). Furthermore Semi-Private Function Evaluation (SPF-SFE) can help to increase the maximum function size which can be evaluated in a somewhat private manner. One way to achieve SPF-SFE is to split the function into blocks, as was shown in [PSS09]. However their implementation was crafted specifically for Yao’s garbled Circuit protocol. Therefore there are protocols, namely Goldreich- Micali-Wigderson (GMW), by which it could not be evaluated.We provide circuit designs for different Privately Programmable Blocks, which are constructed to work with the GMW protocol as well. Additionally we provide a toolchain to achieve SPF-SFE efficiently. Furthermore we implemented a tool used in the toolchain, which uses the aforementioned designs and can combine them with plain circuits and Universal Circuits (UCs) to build a single programmable circuit. A function designer can use the toolchain to balance out his needs for function privacy with performance.

Publication: Julian Bieber - Generalizing Semi-Private Function Evaluation

In order to improve public safety, government and private security companies increasingly put on video surveillance, which threatens the privacy of the public. In this Bachelor-Thesis we introduce a new demonstrator for privacy-preserving face recognition. The demonstrator performs privacy-preserving face recognition on a client input image with a database of images which outputs whether there is a match but reveals no other information to any party. This scenario has multiple applications, such as a camera-based surveillance of public places or identification at border control. Nowadays a camera-based surveillance of public places is a security feature, which can lead to a higher security but also reduces the privacy of the public. Therefore, we propose a system that uses secure two-party computation which additionally protects privacy of the public. Simultaneously, the face recognition needs to be faster to make them applicable to real-world scenarios.For this task SCiFI (SSP’10), a system for Secure Computation of Face Identification can be used. But the recognition part of SCiFI is originally done by computing the hamming distance based on homomorphic encryption on vectors, each representing an image, what has a high runtime and communication complexity. We replaced this part by a secure hamming distance computation using the ABY-Framework (NDSS’15), which results in a performance improvement. ABY is a mixed-protocol framework for secure two-party communication, which allows to combine secure computation schemes and efficiently convert between them. The hamming distance computation is based on boolean circuit and can be evaluated with Yao’s garbled circuit-Protocol or with the GMW-Protocol. The feature extraction of faces is still based on SCiFI, since it is well designed for secure computation and has a high recognition performance. The evaluation of the circuit for the hamming distance is very fast, so the new Demonstrator is a significant improvement in runtime compared to the original SCiFI system.

Publication: Nils Schroth - Demonstrator für privatsphäre-schützende Gesichtserkennung (German)

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang