Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI

Analysis and Design of Privacy Preserving Protocols

Tarek Galal

Cybersecurity – Identity Management
Hasso Plattner Institute

Office: G-3.1.13
Tel.: +49-(0)331 5509-3473
E-Mail: tarek.abdelsalam(at)hpi.de
Links: Research Group Team Page
Advisor: Prof. Dr. Anja Lehmann
Start: Mai 2022

Research Interests

  • Applied Cryptography
  • Privacy-enhancing protocols
  • Secure Implementations


I started my PhD in May 2022 motivated by applications of cryptography in solving real-world problems. My research focuses on analyzing existing cryptographic protocols as well as designing new ones with provable security and privacy guarantees. Of particular interest to me is the privacy properties of solutions to different problems and whether they are satisfactory or improvable. Currently I am looking at privacy-preserving end-user certificates, their real world applications, and the security and privacy properties they can guarantee. My process typically involves formally defining systems with a set of desired goals, giving proofs for achieved ones, showing those which aren’t and what is required to achieve those goals. I am also interested in bringing the theory to practice either by providing as part of my research sufficient details for realizing the works, or by providing open source, secure implementations where appropriate. In the next section I give a more detailed overview of the problem I am currently working on.

Privacy-preserving Certificates with Outsourced Validation


Digital Certificates are the backbone of security in communication with servers over the internet. They provide guarantees regarding the identity of servers to clients as well as the integrity of all transmitted data. Although applications for digital certificates are not limited to this context, they have been for the most part solely used by servers and seldom used by end users where users are the entities owning certificates. The first major shift in this trend was ignited by Covid-19 vaccination certificates. These are certificates issued to users when they get vaccinated and contain verifiable attributes describing the type of vaccination, the date it was administered, and other associated information.  Such certificates can later be presented to a service provider that requires its customers to fulfill a vaccination policy of its choosing. The effectiveness of this process during the Covid-pandemic resulted in vaccination certificates becoming the first widely deployed end-user cryptographic credentials, held by users in their smart phones, and presented on demand.

One successful initiative for realising a digital vaccination certificates infrastructure is the so called EU Digital Covid Certificate by the European Commission. It consists of multiple issuance authorities from several participating EU countries where certificates are issued to any EU resident who has been tested, received a vaccination, or recovered from COVID-19, all in their respective country of residence. In order to not interfere with the Freedom of Movement Act of the EU, interoperability of certificates across countries is required such that issuance authorities and verifiers may exist in different countries [1].

Problem Statement

The flow of end-user certificates from issuance to verification brings certain challenges to light. While server certificates only contain attributes that are verified against a set of predefined and known rules (e.g., expiry date is in the future), end-user certificates make no assumptions about acceptance criteria of their prospective verifiers. In addition to cryptographically verifying them, it is up to service providers to define policies that attributes of end-user certificates must satisfy to be accepted. Taking into account interoperability across different issuers, such policies may be satisfiable via complex combinations of attributes, all necessary to be considered by service providers while verifying the certificates.  Furthermore, end-user certificates may contain private information that do not contribute to fulfillment of such policies, hence, a user may wish not to reveal them. This is also different from server certificates where no information are hidden from verifiers.

Due to the aforementioned challenges, verification of end-user certificates turned out to be more convoluted relative to server certificates. On the one hand, the verification logic is more complicated due to flexibility of policies, on the other hand, careful consideration need to be put into the amount of information verifiers can collect during verification sessions and the amount of power they are given as a result. To address these complexities in the context of Digital Covid Certificates, an official proposal was set out by the European Commission that extends the system with the capability of outsourcing verification to a new party: Validation Service [2]. Instead of executing the process themselves, service providers delegate verification procedures to some Validation Service which verifies the authenticity of certificates, ensures contained attributes fulfill desired policies, and communicates results back. This enables multiple service provider to offload the work of verifying user certificates to a single Validation Service.


The idea of introducing an additional party into the system whose role is to verify certificates on behalf of service providers brings several advantages not only to vaccination certificates but generally to end-user certificates. With the responsibility moving to Validator Services, service providers no longer are required to manage the intricacies of verifying user certificates or to ensure compliance with data protection regulations like GDPR. While this has the potential of furthering adoption of end-user certificates in broader sets of applications, it raises a few questions, in particular whether shifting problems underlying verification from service providers to Validator Services is sufficient.  Thus, it is part of my research to answer this question and propose improvements where appropriate.



  • Towards Smart Contract-ba... - Download
    Towards Smart Contract-based Verification of Anonymous Credentials. Muth, Robert; Galal, Tarek; Heiß, Jonathan; Tschorsch, Florian in WTSC ’22: Workshop on Trusted Smart Contracts (2022).