Encrypto Theses

Below we give examples for open and finished thesis topics for bachelor and master projects. Beyond these we are always open for innovative self-proposed topics.

Thesis Topics

9 Entries found


Web application for privacy-preserving scheduling

Bachelor Thesis, Master Thesis


Web applications currently used for scheduling meetings - such as Doodle - do not protect the privacy of their users, i.e., compute the results based on the clear inputs of the participants. Though privacy-friendly variants of Doodle already exist based on public-key encryption [TUD], these solutions assume a trusted party whose private key can be used to decrypt all inputs. Secure computation, which allows two parties to jointly compute a function while both parties keep their inputs private, is a promising approach to provide privacy for the users' inputs without the use of a trusted poll initiator.


Web application for privacy-preserving assignments

Bachelor Thesis, Master Thesis


The assignment problem is a combinatorial optimization problem which can be solved in polynomial time using the Hungarian algorithm. An example for this problem is as follows: n students register for a seminar where n topics are available. The students provide their preferences to all available topics, which are associated with some costs (the happiness of the student when assigned to that topic): e.g., a student's first preference will cost n, while his/her least preference will cost 1. Any student can be assigned to any topic, all topics have to be assigned exactly to one student and each student needs to be assigned to exactly one topic in such a way that the total cost (happiness) is maximized. Such assignment problems can be solved without using a trusted third party in a privacy-preserving manner. In order to achieve this, secure computation techniques can be utilized. The main goal is to enable students to bid for their preferred topics and get the result without anyone else learning their preferences.

Secure Multi-Party Computation (SMPC) allows multiple parties to compute a publicly known function while keeping their inputs private. This privacy property is desirable, e.g., in the context of distributed Genome-Wide Association Studies (GWAS).

In GWAS, researchers try to find associations between variations in genomes and traits (e.g. diseases) by computing certain statistics on sequenced genome data of case and control groups. Since genome sequencing is still comparatively expensive and meaningful GWAS results require large participant groups, it is reasonable for research institutes to collaborate and share their data sets for this purpose. However, participants do not want their genome data to be given out of hand, since data leakage could lead, for example, to discrimination by health insurance companies.

In the past there have been several efforts to employ SMPC techniques for privacy-preserving GWAS computations, mostly as part of the yearly iDash competition. However, none of them are satisfying: they employ outdated frameworks for their implementations, evaluate performance using very small input data sets, consider only the two party case (i.e. only two research institutes collaborate), and do not take into account several practically relevant statistics.

The term contact discovery in the context of mobile instant messaging refers to the task of determining which contacts in a client's address book, identified by their phone numbers, are registered at the same messaging service. Because of privacy concerns, one might prefer to not simply share all contacts with the service provider in order to compute the intersection.

A naive solution to this private set intersection (PSI) problem is sending the phone numbers in hashed form. Unfortunately, this is inherently insecure as brute-force and dictionary attacks allow to easily recover such low entropy values. Also, there is no forward-secrecy in the sense that after the protocol execution the service provider can test new values later-on without the client's permission.

The developers of Signal, an open-source instant messenger for encrypted communication, considered employing encrypted bloom filters [1], but this approach turned out to be unfeasible due to the requirement of sending 40MB to each client for a database of 10 million users.

Thus, the current situation seems anything but satisfying: widely-used messenger services take none or insufficient measures to protect their customers' privacy as the scientific community fails to provide practical solutions for private contact discovery.


Generalizing Semi-Private Function Evaluation

Bachelor Thesis


The cryptographic primitive Secure Function Evaluation (SFE) enables the evaluation of a function public function f (x, y), under input parameters that are provided by different parties without them revealing their specific value. Restricting SFE further by requiring the function to be only known by one party is called Private Function Evaluation (PFE). Furthermore Semi-Private Function Evaluation (SPF-SFE) can help to increase the maximum function size which can be evaluated in a somewhat private manner. One way to achieve SPF-SFE is to split the function into blocks, as was shown in [PSS09]. However their implementation was crafted specifically for Yao’s garbled Circuit protocol. Therefore there are protocols, namely Goldreich- Micali-Wigderson (GMW), by which it could not be evaluated.We provide circuit designs for different Privately Programmable Blocks, which are constructed to work with the GMW protocol as well. Additionally we provide a toolchain to achieve SPF-SFE efficiently. Furthermore we implemented a tool used in the toolchain, which uses the aforementioned designs and can combine them with plain circuits and Universal Circuits (UCs) to build a single programmable circuit. A function designer can use the toolchain to balance out his needs for function privacy with performance.

Publication: Julian Bieber - Generalizing Semi-Private Function Evaluation

In order to improve public safety, government and private security companies increasingly put on video surveillance, which threatens the privacy of the public. In this Bachelor-Thesis we introduce a new demonstrator for privacy-preserving face recognition. The demonstrator performs privacy-preserving face recognition on a client input image with a database of images which outputs whether there is a match but reveals no other information to any party. This scenario has multiple applications, such as a camera-based surveillance of public places or identification at border control. Nowadays a camera-based surveillance of public places is a security feature, which can lead to a higher security but also reduces the privacy of the public. Therefore, we propose a system that uses secure two-party computation which additionally protects privacy of the public. Simultaneously, the face recognition needs to be faster to make them applicable to real-world scenarios.For this task SCiFI (SSP’10), a system for Secure Computation of Face Identification can be used. But the recognition part of SCiFI is originally done by computing the hamming distance based on homomorphic encryption on vectors, each representing an image, what has a high runtime and communication complexity. We replaced this part by a secure hamming distance computation using the ABY-Framework (NDSS’15), which results in a performance improvement. ABY is a mixed-protocol framework for secure two-party communication, which allows to combine secure computation schemes and efficiently convert between them. The hamming distance computation is based on boolean circuit and can be evaluated with Yao’s garbled circuit-Protocol or with the GMW-Protocol. The feature extraction of faces is still based on SCiFI, since it is well designed for secure computation and has a high recognition performance. The evaluation of the circuit for the hamming distance is very fast, so the new Demonstrator is a significant improvement in runtime compared to the original SCiFI system.

Publication: Nils Schroth - Demonstrator für privatsphäre-schützende Gesichtserkennung (German)

In 2013, the Portable Circuit Format (PCF) project was started to improve the way circuits for secure computation can efficiently be built, stored and evaluated. Secure computation is a growing field of cryptography, especially in the last decade and allows two or more parties to jointly evaluate a common function over their inputs without the need to disclose any information but the final result of the calculation. To allow an evaluation in such an oblivious way, the common function is first translated into a circuit, that consists of the combination of many connected Boolean gates. These - usually very big - circuits have to be processed efficiently, which is a known problem of secure computation, but necessary to make it usable for a bigger audience and hence assist in its dissemination.

In the course of this thesis, all components of the PCF project are described as well as their relation to each other. In addition, different improvements for the project have been implemented with regard to recent researches. The existing implementation that is used for the function evaluation based on the known approach of Yao’s Garbled Circuits (GC). We add an implementation of the Goldreich, Micali and Wigderson (GMW) protocol, since the GMW approach provides a more efficient function evaluation for certain circuits. With the aim to support different arithmetic operations in addition to the existing Boolean ones, we introduce some new expressions for the circuit evaluation description. The advantages and disadvantages of all implemented project modifications are presented in detail in the course of this thesis.


Publication: Benedikt Hiemenz - Analysis and Extensions of the PCF Secure Two-Party Computation Compiler

This thesis focuses on the practical realization of general two-party Secure Function Evaluation in a mobile environment and the possibility of enhancing these techniques by the use of a trusted hardware token. Secure function evaluation allows multiple mutually distrusting parties to jointly compute a function on their private inputs without revealing anything but the function output. This technique is particularly interesting in the context of mobile electronics, such as smartphones, where typically highly sensitive user data is stored and processed. The protection of this data is desirable but very costly, due to the high complexity of secure computation protocols. Implementing Secure Function Evaluation schemes on smartphones is a challenging task due to their limitations in processing power, memory and battery-life. To address these issues, we extended an existing two-party secure function evaluation scheme by a trusted hardware token that allows to securely pre-generate data, used in the actual function evaluation phase for masking sensitive values. For the purpose of securely distributing data generated by the token, we designed and implemented a communication protocol based on TLS on the smart card. We present working demonstrators for managing the hardware token and running secure two-party function evaluation on Android smart phones making use of a microSD smart card. The use cases we implemented are private set intersection to find shared contacts and securely scheduling a meeting. Our implementation is benchmarked and its performance is analyzed.


Publication: Daniel Demmler - Hardware-Assisted Two-Party Secure Computation on Mobile Devices

Secure Function Evaluation (SFE) allows two parties to evaluate a function without sharing their inputs with one another, while Private Function Evaluation (PFE) hides additionally the computed function which one party provides, i.e. PFE is SFE with private functions. PFE can be efficiently reduced to SFE by using a Universal Circuit (UC) as public function for the computation.
A UC is a special Boolean Circuit, which is able to simulate every function of a certain size n. The first implementation of a UC was provided by Kolesnikov and Schneider (FC’08). Valiant (STOC’76) proposed the first and more efficient UC construction of size O(n log n). He detailed two variants for his construction, one with 2-way and one with 4-way recursive structure. One of these two constructions - the 2-way split UC construction - was implemented by Kiss and Schneider (Eurocrypt’16). Lipmaa et al. (Eprint 2016/017) generalized this construction to a k-way split construction and concludes that the best performing construction would be the 4-way split construction. However, the 4-way split UC construction, achieving better concrete performance, was not implemented so far.
In this work, we design and implement a module for Valiant’s 4-way split UC construction. This module can be embedded into a toolchain for PFE, which was provided by Kiss and Schneider (Eurocrypt’16) - designed for their own UC implementation. Additionally, we propose a modular consideration of UCs using the k-way split construction by Lipmaa et al. (Eprint 2016/017).

Student: Daniel Günther

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang