Prof. Dr. Anja Lehmann

Chair for Cybersecurity - Identity Management

Hasso Plattner Institute
Digital Engineering Faculty, University of Potsdam

Room: H-1.13

Phone: +4933155094931
E-Mail: anja.lehmann(at)hpi.de

I am leading the Cybersecurity - Identity Management group where I work in the area of cryptography and privacy. More specifically, I'm interested in the design and analysis of cryptographic protocols with provable security guarantees, with a focus on privacy-enhancing technologies and distributed cryptography. See the publications section for recent research results and a brief overview of our research areas below.

Before joining HPI in 2020, I was a researcher in the Security & Privacy group of IBM Research – Zurich. In 2010, I completed my PhD in the cryptography group of Marc Fischlin at the Darmstadt University of Technology. I studied computer science at the Dresden University of Technology, obtaining a diploma in 2006.

Since October 2024 I'm also leading the Advanced Cryptography activities in the German EUDI Wallet project by SPRIND, where I work on enabling the use of anonymous credentials in the upcoming European Digital Identity (EUDI) wallet. See our EUDI project page for research results in that context.

I'm honored to have received the HPI Teaching Award as Best Lecturer.

[Research Profile] [Scientific Service] [Projects] [Publications] [Talks]

Ressearch Profile

Provable security is the methodological core of modern cryptography: guarantees rest on formal models that make precise what security and privacy a protocol is meant to provide, and on rigorous proofs that reduce the security of a complex protocol to well-established assumptions about the simpler primitives it is built from. Our research both applies these techniques to concrete systems and studies the underlying models and primitives, working from cryptographic foundations to applied protocols for real-world problems. Our current focus areas are as follows:

Privacy-Preserving Authentication: Cryptography provides well-understood tools for authentication, most notably digital signatures. In user-centric settings, however, these tools fall short of two distinct privacy goals. Authentication should be selective, letting users reveal only the attributes a service genuinely requires; and the cryptographic evidence that establishes security must not itself become a means of tracking. We design and analyze protocols that reconcile strong authentication with these privacy requirements. This work centers around anonymous credentials and group signatures, as well as privacy-preserving single sign-on.
Foundations of Real-World Cryptography: Formalizing the guarantees of complex cryptographic protocols is inherently challenging, and as a result such protocols still get deployed without rigorous analysis of their security and privacy properties. We develop formal models that capture the guarantees real-world protocols are intended to achieve and study whether deployed systems satisfy these formalized properties. Our study extends to the primitives and idealized models underlying applied protocols, such as oblivious pseudorandom functions (OPRFs) and the random oracle model. For these building blocks, we aim to sharpen the understanding of the exact security their formal models guarantee, and how those guarantees are preserved under composition.
Human-Centric Key Management: The security of cryptographic systems depends on the secrecy of their keys. Maintaining that secrecy is particularly challenging in user-centric settings, where keys must stay protected despite humans' inability to memorize high-entropy secrets and the absence of secure hardware on the user side. Password-based protocols tackle the first problem, deriving keys from a memorizable password while still aiming for strong guarantees despite its low entropy. Distributed cryptography tackles the second, spreading keys and operations across multiple parties so that compromising individual ones does not break the system's security.

Scientific Service

Program Co-Chair: IEEE EuroS&P 2026
- Previous Conferences: IEEE EuroS&P 2025, Real-World Crypto 2023 , Future of PI (Personal Identification) Workshop 2021, Security Standardisation Research Conference SSR 2018, IFIP Summer School on Privacy and Identity Management 2016, ICITS Conference 2015
Steering Committee:
- Real World Crypto Symposium
Program Committees:
- Eurocrypt 2027, RWC 2027, RWC 2026, RWC 2025, IEEE EuroS&P 2024, RWC 2024, Crypto 2023, RWC 2023, ACM CCS 2022, IEEE S&P 2022, RWC 2022, USENIX 2021, RWC 2021, IEEE S&P 2020, RWC 2020, Crypto 2019, IEEE S&P 2019, ACM CCS 2018, CT-RSA 2018, POST 2018, RWC 2018, TCC 2017, Indocrypt 2017, ACM CCS 2016, FC 2016, INFER 2016, CANS 2015, SAC 2015, FC 2015, IFIP Summer School 2017 & 2015, Open Identity Summit 2014 & 2013, PETS 2013, CSP EU Forum 2012, Crypto 2011
General Co-Chair: Real-World Crypto 2018 (Zurich, CH), ICITS Conference 2015 (Lugano, CH)

Academic Service

Faculty Council of the Digital Engineering Faculty (Member and Deputy Chair 10/22 - 09/24, Deputy Member since 10/24)
Doctoral Committee (since 06/22) and Habilitation Committee (since 10/22)
Hiring Committee Member for >30 professorship positions at HPI/UP, ETH Zurich, and TU Darmstadt.
Erasmus Coordinator for HPI/DEF (12/20-12/23)

Open Letters

Age Verification (March 26)
ProtectEU & threat to E2EE (May 25)
Cryptographers’ Feedback on the EU Digital Identity’s ARF (June 24)
Chatcontrol (neverending story… ) September 25, October 24, May 24, July 23
eIDAS: Article 45 and privacy for EU’s digital identity: (November 23): https://eidas-open-letter.org/, https://eidas-open-letter.org/statement-23-11-2023.pdf

Projects

Current:

ATLAS (2022-2025), BMBF Research Project. Development of an open source system for privacy-preserving data trustees.
EUDI Wallet (since 2025), SPRIND. Integration of ZKPs in the EUDI Wallet system. See our project page for more details.

Completed (at IBM Research Zurich):

Olympus, ICT4CART, USEIT, FutureTPM, ABC4Trust, FutureID and FI-Ware.

Publications

For pdfs of the papers, or the overview of all publications of our group, see our publications page.

[ 2026 ] [ 2025 ] [ 2024 ] [ 2023 ] [ 2022 ] [ 2021 ] [ 2020 ] [ 2019 ] [ 2018 ] [ 2017 ] [ 2016 ] [ 2015 ] [ 2014 ] [ 2013 ] [ 2012 ] [ 2011 ] [ 2010 ] [ 2009 ] [ 2008 ] [ 2007 ]

2026 [ to top ]

Lehmann, A., Özbay, C.: Putting Multi into Multi-Signatures: Tight Security for Multiple Signers. to appear at IACR Eurocrypt. (2026).

Friedrichs, K., Harding, F., Lehmann, A., Lysyanskaya, A.: Device-Bound Anonymous Credentials With(out) Trusted Hardware. to appear at IACR Eurocrypt. (2026).

Lehmann, A., Mouchet, C., Sidorenko, A.: Multi-Party Private Join. to appear at 26th Privacy Enhancing Technologies Symposium (PETS) (2026).

2025 [ to top ]

Friedrichs, K., Lehmann, A., Özbay, C.: Game Changer: A Modular Framework for OPRF Security. IACR Asiacrypt. pp. 582–613 (2025).

Lehmann, A., Sidorenko, A., Zacharakis, A.: Vision: A Modular Framework for Anonymous Credential System. Security Standardisation Research (SSR) 2025. (2025).

Bormann, C., Lehmann, A.: SoK: Anonymous Credentials for Digital Identity Wallets. Security Standardisation Research (SSR) 2025. (2025).

Hanff, K., Lehmann, A., Özbay, C.: Security Analysis of Privately Verifiable Privacy Pass. ACM CCS 2025. pp. 2922–2936 (2025).

Dayanikli, D., Lehmann, A.: Updatable aPAKE: Security Against Bulk Precomputation Attacks. ACM CCS 2025. pp. 1158–1172 (2025).

Dayanikli, D., Holz, L., Lehmann, A.: Virtual End-to-End Encryption: Analysis of the Doctolib Protocol. 20th ACM AsiaCCS. pp. 773–789 (2025).

Kroschewski, M., Lehmann, A., Özbay, C.: OPPID: Single Sign-On with Oblivious Pairwise Pseudonyms. Privacy Enhancing Technologies Symposium (PETS) 2025. pp. 629–649 (2025).

Lehmann, A., Özbay, C.: Commit-and-Prove System for Vectors and Applications to Threshold Signing. 28th IACR Public-Key Cryptography (PKC). pp. 200–232 (2025).

Abou Haidar, C., Das, D., Lehmann, A., Özbay, C., Perez Kempner, O.: Privacy-Preserving Multi-Signatures: Generic Techniques and Constructions Without Pairings. 28th IACR Public-Key Cryptography (PKC). pp. 66–98 (2025).

10.

Lehmann, A., Nazarian, P., Özbay, C.: Stronger Security for Threshold Blind Signatures. 44th IACR Eurocrypt 2025. pp. 335–364 (2025).

2024 [ to top ]

Faller, S., Handirk, T., Hesse, J., Horváth, M., Lehmann, A.: Password-Protected Key Retrieval with(out) HSM Protection. ACM Conference on Computer and Communications Security (CCS). pp. 2445–2459 (2024).

Dayanikli, D., Lehmann, A.: (Strong) aPAKE Revisited: Capturing Multi-User Security and Salting. IEEE European Symposium on Security and Privacy (Euro&SP). pp. 415–439 (2024).

Dayanikli, D., Lehmann, A.: Provable Security Analysis of the Secure Remote Password Protocol. 37th IEEE Computer Security Foundations Symposium (CSF). pp. 393–408 (2024).

Ackermann, E., Bober, K.-L., Jungnickel, V., Lehmann, A.: SEKA: Secretless Key Exchange and Authentication in LiFi Networks. IEEE European Symposium on Security and Privacy (Euro&SP). pp. 633–657 (2024).

Lehmann, A., Özbay, C.: Multi-Signatures for Ad-hoc and Privacy-Preserving Group Signing. 27th IACR Public-Key Cryptography (PKC). pp. 196–228 (2024).

2023 [ to top ]

Kroschewski, M., Lehmann, A.: Save The Implicit Flow? Enabling Privacy-Preserving RP Authentication in OpenID Connect. Privacy Enhancing Technologies Symposium (PETS). pp. 96–116 (2023).

Galal, T., Lehmann, A.: Privacy-Preserving Outsourced Certificate Validation. Privacy Enhancing Technologies Symposium (PETS). pp. 322–340 (2023).

Dayanikli, D., Lehmann, A.: Password-Based Credentials with Security against Server Compromise. ESORICS. pp. 147–167 (2023).

2022 [ to top ]

Das, P., Hesse, J., Lehmann, A.: DPaSE: Distributed Password-Authenticated Symmetric Encryption. ACM AsiaCCS. pp. 682–696 (2022).

Casacuberta, S., Hesse, J., Lehmann, A.: SoK: Oblivious Pseudorandom Functions. IEEE EuroS&P. pp. 625–646 (2022).

Hacker, P., Naumann, F., Friedrich, T., Grundmann, S., Lehmann, A.: AI Compliance - Challenges of Bridging Data Science and Law. ACM Journal of Data and Information Quality. (2022).

2021 [ to top ]

Diaz, J., Lehmann, A.: Group Signatures with User-Controlled and Sequential Linkability. Public-Key Cryptography - PKC 2021. pp. 360–388 (2021).

Fraser, A., Garms, L., Lehmann, A.: Selectively Linkable Group Signatures - Stronger Security and Preserved Verifiability. CANS. pp. 200–221 (2021).

2020 [ to top ]

Danz, N., Derwisch, O., Lehmann, A., Pünter, W., Stolle, M., Ziemann, J.: Provable Security Analysis of Decentralized Cryptographic Contact Tracing. (Preprint) IACR ePrint. (2020).

Camenisch, J., Drijvers, M., Lehmann, A., Neven, G., Towa, P.: Short Threshold Dynamic Group Signatures. SCN. pp. 401–423 (2020).

Baum, C., Frederiksen, T., Hesse, J., Lehmann, A., Yanai, A.: PESTO: Proactively Secure Distributed Single Sign-On, or How to Trust a Hacked Server. IEEE EuroS&P. pp. 587–606 (2020).

Camenisch, J., Drijvers, M., Lehmann, A., Neven, G., Towa, P.: Zone Encryption with Anonymous Authentication for V2V Communication. IEEE EuroS&P. pp. 405–424 (2020).

Bootle, J., Lehmann, A., Lyubashevsky, V., Seiler, G.: Compact Privacy Protocols from Post-Quantum and Timed Classical Assumptions. PQCrypto. pp. 226–246 (2020).

2019 [ to top ]

Moreno, R.T., Bernabé, J.B., Skarmeta, A.F., Stausholm, M., Frederiksen, T.K., Mart’inez, N., Ponte, N., Sakkopoulos, E., Lehmann, A.: OLYMPUS: towards Oblivious identitY Management for Private and User-friendly Services. GIoTS. bll. 1–6. IEEE (2019).

Chen, L., Kassem, N.E., Lehmann, A., Lyubashevsky, V.: A Framework for Efficient Lattice-Based DAA. CYSARM@CCS. bll. 23–34. ACM (2019).

Bradley, T., Camenisch, J., Jarecki, S., Lehmann, A., Neven, G., Xu, J.: Password-Authenticated Public-Key Encryption. ACNS. bll. 442–462. Springer (2019).

Frederiksen, T.K., Hesse, J., Lehmann, A., Moreno, R.T.: Identity Management: State of the Art, Challenges and Perspectives. Privacy and Identity Management. Data for Better Living: AI and Privacy. bll. 45–62. Springer (2019).

Garms, L., Lehmann, A.: Group Signatures with Selective Linkability. Public Key Cryptography (1). bll. 190–220. Springer (2019).

Lehmann, A.: ScrambleDB: Oblivious (Chameleon) Pseudonymization-as-a-Service. PoPETs. 2019, 289–309 (2019).

Klooß, M., Lehmann, A., Rupp, A.: (R)CCA Secure Updatable Encryption with Integrity Protection. EUROCRYPT (1). bll. 68–99. Springer (2019).

2018 [ to top ]

Lehmann, A., Tackmann, B.: Updatable Encryption with Post-Compromise Security. EUROCRYPT (3). bll. 685–716. Springer (2018).

Cremers, C., Lehmann, A. reds: Security Standardisation Research - 4th International Conference, SSR 2018, Darmstadt, Germany, November 26-27, 2018, Proceedings. Springer (2018).

Camenisch, J., Drijvers, M., Gagliardoni, T., Lehmann, A., Neven, G.: The Wonderful World of Global Random Oracles. EUROCRYPT (1). bll. 280–312. Springer (2018).

2017 [ to top ]

Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: UC-Secure Non-interactive Public-Key Encryption. CSF. bll. 217–233. IEEE Computer Society (2017).

Cachin, C., Camenisch, J., Freire-Stögbuchner, E., Lehmann, A.: Updatable Tokenization: Formal Definitions and Provably Secure Constructions. Financial Cryptography. bll. 59–75. Springer (2017).

Camenisch, J., Lehmann, A.: Privacy-Preserving User-Auditable Pseudonym Systems. EuroS&P. bll. 269–284. IEEE (2017).

Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous Attestation with Subverted TPMs. CRYPTO (3). bll. 427–461. Springer (2017).

Camenisch, J., Chen, L., Drijvers, M., Lehmann, A., Novick, D., Urian, R.: One TPM to Bind Them All: Fixing TPM 2.0 for Provably Secure Anonymous Attestation. IEEE Symposium on Security and Privacy. bll. 901–920. IEEE Computer Society (2017).

2016 [ to top ]

Camenisch, J., Drijvers, M., Lehmann, A.: Anonymous Attestation Using the Strong Diffie Hellman Assumption Revisited. TRUST. bll. 1–20. Springer (2016).

Camenisch, J., Drijvers, M., Lehmann, A.: Universally Composable Direct Anonymous Attestation. Public Key Cryptography (2). bll. 234–264. Springer (2016).

Camenisch, J., Lehmann, A., Neven, G., Samelin, K.: Virtual Smart Cards: How to Sign with a Password and a Server. SCN. bll. 353–371. Springer (2016).

Lehmann, A., Whitehouse, D., Fischer-Hübner, S., Fritsch, L., Raab, C.D. reds: Privacy and Identity Management. Facing up to Next Steps - 11th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Karlstad, Sweden, August 21-26, 2016, Revised Selected Papers. (2016).

2015 [ to top ]

Bichsel, P., Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Krenn, S., Lehmann, A., Neven, G., Preiss, F.-S.: Cryptographic Protocols Underlying Privacy-ABCs. Attribute-based Credentials for Trust. bll. 79–108. Springer (2015).

Camenisch, J., Lehmann, A., Lysyanskaya, A., Neven, G.: A Single Password for Everything?. ERCIM News. 2015, (2015).

Bichsel, P., Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Krenn, S., Krontiris, I., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S., Rannenberg, K., Sabouri, A.: An Architecture for Privacy-ABCs. Attribute-based Credentials for Trust. bll. 11–78. Springer (2015).

Lehmann, A., Wolf, S. reds: Information Theoretic Security - 8th International Conference, ICITS 2015, Lugano, Switzerland, May 2-5, 2015. Proceedings. Springer (2015).

Baldimtsi, F., Camenisch, J., Hanzlik, L., Krenn, S., Lehmann, A., Neven, G.: Recovering Lost Device-Bound Credentials. ACNS. bll. 307–327. Springer (2015).

Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.O.: Formal Treatment of Privacy-Enhancing Credential Systems. SAC. bll. 3–24. Springer (2015).

Camenisch, J., Lehmann, A.: Privacy for Distributed Databases via (Un)linkable Pseudonyms. ACM Conference on Computer and Communications Security. bll. 1467–1479. ACM (2015).

Camenisch, J., Lehmann, A., Neven, G.: Optimal Distributed Password Verification. ACM Conference on Computer and Communications Security. bll. 182–194. ACM (2015).

2014 [ to top ]

Camenisch, J., Lehmann, A., Neven, G., Rial, A.: Privacy-Preserving Auditing for Attribute-Based Credentials. ESORICS (2). bll. 109–127. Springer (2014).

Fischlin, M., Lehmann, A., Pietrzak, K.: Robust Multi-Property Combiners for Hash Functions. J. Cryptology. 27, 397–428 (2014).

Camenisch, J., Lehmann, A., Lysyanskaya, A., Neven, G.: Memento: How to Reconstruct Your Secrets from a Single Password in a Hostile Environment. CRYPTO (2). bll. 256–275. Springer (2014).

2013 [ to top ]

Horsch, M., Hühnlein, D., Lehmann, A., Schmölz, J., Wich, T.: Authentisierung mit der Open eCard App. Datenschutz und Datensicherheit. 37, 507–511 (2013).

Camenisch, J., Dubovitskaya, M., Lehmann, A., Neven, G., Paquin, C., Preiss, F.-S.: Concepts and Languages for Privacy-Preserving Attribute-Based Authentication. IDMAN. bll. 34–52. Springer (2013).

2012 [ to top ]

Camenisch, J., Lehmann, A., Neven, G.: Electronic Identities Need Private Credentials. IEEE Security & Privacy. 10, 80–83 (2012).

Fischlin, M., Lehmann, A., Schröder, D.: History-Free Sequential Aggregate Signatures. SCN. bll. 113–130. Springer (2012).

Degabriele, J.P., Lehmann, A., Paterson, K.G., Smart, N.P., Strefler, M.: On the Joint Security of Encryption and Signature in EMV. CT-RSA. bll. 116–135. Springer (2012).

2011 [ to top ]

Boneh, D., Dagdelen, Özgür, Fischlin, M., Lehmann, A., Schaffner, C., Zhandry, M.: Random Oracles in a Quantum World. ASIACRYPT. bll. 41–69. Springer (2011).

2010 [ to top ]

Fischlin, M., Lehmann, A., Ristenpart, T., Shrimpton, T., Stam, M., Tessaro, S.: Random Oracles with(out) Programmability. ASIACRYPT. bll. 303–320. Springer (2010).

Galindo, D., Libert, B., Fischlin, M., Fuchsbauer, G., Lehmann, A., Manulis, M., Schröder, D.: Public-Key Encryption with Non-Interactive Opening: New Constructions and Stronger Definitions. AFRICACRYPT. bll. 333–350. Springer (2010).

Fischlin, M., Lehmann, A.: Delayed-Key Message Authentication for Streams. TCC. bll. 290–307. Springer (2010).

Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Unlinkability of Sanitizable Signatures. Public Key Cryptography. bll. 444–461. Springer (2010).

Lehmann, A.: On the security of hash function combiners, (2010).

Dagdelen, Özgür, Fischlin, M., Lehmann, A., Schaffner, C.: Random Oracles in a Quantum World. CoRR. abs/1008.0931, (2010).

Eikemeier, O., Fischlin, M., Götzmann, J.-F., Lehmann, A., Schröder, D., Schröder, P., Wagner, D.: History-Free Aggregate Message Authentication Codes. SCN. bll. 309–328. Springer (2010).

Fischlin, M., Lehmann, A., Wagner, D.: Hash Function Combiners in TLS and SSL. CT-RSA. bll. 268–283. Springer (2010).

2009 [ to top ]

Brzuska, C., Fischlin, M., Freudenreich, T., Lehmann, A., Page, M., Schelbert, J., Schröder, D., Volk, F.: Security of Sanitizable Signatures Revisited. Public Key Cryptography. bll. 317–336. Springer (2009).

Lehmann, A., Tessaro, S.: A Modular Design for Hash Functions: Towards Making the Mix-Compress-Mix Approach Practical. ASIACRYPT. bll. 364–381. Springer (2009).

Brzuska, C., Fischlin, M., Lehmann, A., Schröder, D.: Santizable Signatures: How to Partially Delegate Control for Authenticated Data. BIOSIG. bll. 117–128. GI (2009).

2008 [ to top ]

Fischlin, M., Lehmann, A., Pietrzak, K.: Robust Multi-property Combiners for Hash Functions Revisited. ICALP (2). bll. 655–666. Springer (2008).

Fischlin, M., Lehmann, A.: Multi-property Preserving Combiners for Hash Functions. TCC. bll. 375–392. Springer (2008).

2007 [ to top ]

Dönigus, D., Endler, S., Fischlin, M., Hülsing, A., Jäger, P., Lehmann, A., Podrazhansky, S., Schipp, S., Tews, E., Vowe, S., Walthart, M., Weidemann, F.: Security of Invertible Media Authentication Schemes Revisited. Information Hiding. bll. 189–203. Springer (2007).

Fischlin, M., Lehmann, A.: Security-Amplifying Combiners for Collision-Resistant Hash Functions. CRYPTO. bll. 224–243. Springer (2007).

Prof. Dr. Anja Lehmann

[Research Profile] [Scientific Service] [Projects] [Publications] [Talks]

Ressearch Profile

Scientific Service

Academic Service

Open Letters

Projects

Publications

Contact

Directions

Open Positions

News