Prof. Anja Lehmann, Karla Friedrichs

Description

The lecture deals with advanced methods and protocols of cryptography, such as secret sharing and zero-knowledge proofs. A central topic will be the security goal of privacy and data protection, and the lecture will give an overview of how the presented cryptographic methods can be used to build privacy-preserving solutions. The course begins with homomorphic encryption, illustrating how computations can be performed directly on encrypted data. It then studies secret sharing and threshold cryptography as fundamental tools for distributed trust and robust key management. Advanced signature schemes are presented to show how authenticity can be achieved in multi-party settings, followed by zero-knowledge proofs as a core primitive for privacy-preserving authentication and verifiable computation. Finally, the lecture introduces secure multi-party computation, including garbled circuits and private set intersection, to demonstrate how mutually distrustful parties can jointly compute functions over private inputs without revealing their data.

The goal of the lecture is to give a broad overview of the available cryptographic techniques beyond the basic concepts of encryption and authentication. The course highlights practical design considerations and real-world deployment scenarios for modern privacy-enhancing technologies, and discusses trade-offs between efficiency, security and privacy in advanced cryptographic constructions.

Topics

• (Partially) Homomorphic Encryption
• Secret Sharing & Threshold Crypto
• Advanced Signatures: Threshold / Multi / Blind Signatures
• Zero-knowledge Proofs (Theory & Applications)
• Multi-Party Computation (Yao's Garbled Circuits, Private Set Intersection, ...)

Organisation

Weekly lecture and weekly exercise (dates tba). Oral exam after the lecture period.

Requirements

The lecture requires solid knowledge of cryptography, e.g., acquired through successful participation in the lecture (Introduction to) Cryptography, or a similar course.

Links

[Moodle] [CAS Campus]

Prof. Anja Lehmann, Andrey Sidorenko, Karla Friedrichs, Cavit Özbay, Dr. Andrea Flamini, Dr. Alexandros Zacharakis

Description

How do we convince ourselves that the cryptography around us does what we expect it to do? That end-to-end-encrypted messages are indeed confidential, bank transfers cannot be tampered with, and only your key can remotely open your car? Today, the gold standard is provable security: security and privacy claims are backed up by a formal proof. In the introductory cryptography class, you have already learned about reduction proofs, where we argue that a certain attack is difficult based on some computationally hard problem. But the world of cryptographic proofs is much larger.

In this seminar, we want to look at the most common proof techniques that appear in current cryptographic research. Students will not only learn about how the techniques work, but also discover their innate logic and possible controversies. After a dry-run through the different techniques, seminar participants are guided through studying a recent paper, understanding and evaluating how the proof technique is applied. 

At the end of the course, student will have learned to:

• Read und understand security proofs in current publications in cryptography
• Evaluate how meaningful a security proof is, and what its limitations are
• Write their own security proofs, with a range of techniques at their disposal

Examples for the techniques studied in this seminar are: Game Hops, Random Oracle Model, Algebraic Group Model, Generic Group Model, Forking in Sigma Protocols

Organisation 

In the first part of this seminar, the teaching team introduces selected proof techniques to the students, providing insights on their use and limitations.

In the second part, each student chooses one of the techniques for a deep dive. They are assigned a suitable paper (or can propose a pick of their own) which makes use of the given technique. Their task is to understand and present to the other seminar participants one main result and how the proof supports it, while also discussing how convincing the security argument is. Students are supported with guiding questions and one-on-one supervision by the teaching team throughout the semester.

Finally, the students summarize their results and learnings in a written assignment.

The grade is based on both the written report and presentation.

Requirements

The seminar requires solid knowledge of cryptography, e.g., acquired through successful participation in the lecture (Introduction to) Cryptography, or a similar course.

Links

[Moodle] [CAS Campus]

Prof. Chitchanok Chuengsatiansup, Prof. Anja Lehmann

Description

Pairing-based cryptography leverages bilinear pairings on specially structured elliptic curves to enable advanced primitives that are difficult or inefficient with conventional elliptic-curve methods. A key application are signature schemes that support efficient zero-knowledge proofs, allowing users to authenticate repeatedly without revealing their signature or creating linkability between sessions. This capability is central to privacy-preserving digital identity systems. With the European Union planning deployment of the European Digital Identity (EUDI) Wallet by the end of 2026 and emphasizing unlinkability under eIDAS, pairing-based signatures have gained renewed attention. At the same time, their adoption raises challenges: ensuring long-term robustness against future quantum threats by using higher classical security levels, and achieving secure, efficient implementations considering the constraints of hardware environments such as secure elements and HSMs.

Main Tasks

In this master project, we want to investigate the efficiency and security of pairing-based cryptographic constructions. In brief, we aim to outline trade-offs each pairing construction offers, demonstrate the performance costs of entire pairing-based protocols beyond a microbenchmark of sub-operations , and conduct a side-channel security analysis of their implementations. The findings of this project should provide a guideline of how each pairing-based construction performs in practice and how to best prepare for a potential migration to high security levels. In more detail, the main tasks are as follows:

1. Compare and contrast different pairing-based constructions.
2. Develop a toolkit to evaluate the performance of pairing-based cryptographic libraries
3. Implement and benchmark pairing-based protocols currently considered for the EUDI Wallet
4. Analyze side-channel security of pairing-based implementations

Requirements

We expect students with strong programming experience, curiosity in efficient cryptographic implementations, and eagerness to secure our digital world. It would be a plus if you have already completed an “Introduction to Cryptography” or “(Advanced) Side-Channel Analysis” course.

For more information, please check out the project description.

This course is offered by Linus Neumann, and Balthasar Martin

Description

While academia pioneers the evolution of IT security concepts, practical IT in high-risk environments is constrained by architecture complexity, legacy dependencies, and the organization’s change inertia. This forces practitioners to pragmatically balance the organization’s attack surface, threat landscape and risk appetite to protect its interests. In this lecture, we analyse insights from research and practical IT security in three domains:

• Red Team attack simulations: We review insights from actual attack simulations that lead to complete or critical compromise, and discuss the changes impacted organizations implemented. 
• Incident Management: We review actual incidents and derive consequences for organizations’ threat models and security controls. 
• Breaking and building mobile networks: We demonstrate original research on practical vulnerabilities and discuss how mobile networks mitigated their impact.

Topics

• Enterprise environments and security concepts
• Mobile network technology vulnerabilities and security concepts
• Incident Response and architecture resilience
• Red Team attack simulations and practical

Skills / Competences

• Red Team attack simulations: Practical attacks on Microsoft Active Directory; Practical attacks on Cloud environments (EntraID, GCP); A-bypass in social engineering attacks
• IT-Security as an organizational unit: IT security operating models in large organizations: Responsibilities, incentives, inefficiencies, and common conflicts; Threat Modeling, Security Architecture
• Incident Management: Forensic technologies
• Mobile Networks: Overview of mobile network architectures, technologies and security concepts across 2G, 3G, 4G and 5G; Original research into practical attacks on mobile network technologies such as radio layer encryption, SIM card security and interconnect attacks

Organisation

The lecture and exercises will be given as block courses at HPI. The tentative schedule is as follows, with full-day events on Fridays. The exact time slots will be announced at the beginning of the lecture.

• Tuesday, 14.04 (13:30-15:00): Intro Session
• Friday, 08.05: Lecture 1 (Organizational Maturity)
• Friday, 15.05: Exercise 1
• Friday, 22.05: Lecture 2 (Red Team)
• Friday, 29.05: Exercise 2
• Friday, 05.06: Lecture 3 (Incident Management)
• Friday, 12.06: Exercise 3
• Friday, 19.06: Lecture 4 (Mobile Networks)
• Friday, 26.06: Exercise 4
• Friday, 03.07: Buffer slot
• Friday, 10.07: Project Presentations

Students are also assigned project work which they present at the end of the course. The grade is based on the project work and final presentation.

For organisational matters, please reach out to office-lehmann(at)hpi.de.

Links

[Moodle] [CAS Campus]