Publications
2023
- WhatsApp deployed an E2EE chat history backup using the OPAQUE password-authenticated key exchange. We investigate its security.
Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol.
Crypto 2023, with Gareth T. Davies, Sebastian Faller, Kai Gellert, Tobias Handirk, Máté Horvárth, and Tibor Jager
(Full Version)
- Anonymous credential presentations need to be bound to humans in order to prevent identity theft. We figure out how to do this without leaving digital picture traces.
How to Bind Anonymous Credentials to Humans.
USENIX 2023, with Nitin Singh and Alessandro Sorniotti
(Full Version)
- The IRTF is standardizing a protocol for securely authenticating with passwords on TLS sessions. We provide formal models and a security analysis.
Password-Authenticated TLS via OPAQUE and Post-Handshake Authentication.
Eurocrypt 2023, with Stanislaw Jarecki and Hugo Krawczyk
(Full Version)
- MPC can help protect your privacy against SSO providers.
Attribute-based Single Sign-On. Secure, Private, and Efficient.
Proc. Priv. Enhancing Technol. 2023, with Tore K. Frederiksen, Bertram Poettering, and Patrick Towa
(Full Version)
2022
- Sublinear verification time for ring signatures is possible if we allow for some preprocessing.
DualDory: Logarithmic-Verifier Linkable Ring Signatures Through Preprocessing.
ESORICS 2022, with Jonathan Bootle, Kaoutar Elkhiyaoui, and Yacov Manevich
- The outcome of the internship of my wonderful intern Sílvia - a classification of OPRFs
SoK: Oblivious Pseudorandom Functions.
EuroS&P 2022, with Sílvia Casacuberta Puig and Anja Lehmann
(Full Version)
- Encryption-as-a-Service must not reveal a user's password to the encryption server - let's distribute to enhance privacy!
DPaSE: Distributed Password-Authenticated Symmetric Encryption.
AsiaCCS 2022, with Poulami Das and Anja Lehmann
(Full Version)
2021
- Security analysis of protocols sharing state (via a blockchain, or a PKI) is tricky. Better look at our paper before proving security of your blockchain application!
On the (Ir)Replaceability of Global Setups, or How (Not) to Use a Global Ledger.
TCC 2021, with Christian Badertscher and Vassilis Zikas
(Full Version)
- NIKEs with optimal security reductions have remained elusive so far. This paper gives the first one, with trade-offs in key sizes.
Towards Tight Adaptive Security of Non-Interactive Key Exchange.
TCC 2021, with Dennis Hofheinz, Lisa Kohl and Roman Langrehr
(Full Version)
- The IRTF is currently standardizing a lightweight PAKE protocol, and we analyze security of its many implementation variants using a new cool and concise modularization technique.
Security Analysis of CPace.
Asiacrypt 2021, with Michel Abdalla and Björn Haase
(Full Version)
- We can use fuzzy PAKE to securely connect personal electronics automatically, by turning sensor readings into cryptographic keys!
FastZIP: Faster and More Secure Zero-Interaction Pairing.
ACM MobiSys 2021, with Mikhail Fomichev, Lars Almon, Timm Lippert, Jun Han and Matthias Hollick
(Full Version)
2020
- The Universal Composability Framework (Canetti, FOCS 2001) can't handle global setups? Yes it can!
Universal Composition with Global Subroutines: Capturing Global Setup within plain UC.
TCC 2020, with Christian Badertscher, Ran Canetti, Björn Tackmann and Vassilis Zikas
(Full Version)
- The beloved fuzzy PAKE goes asymmetric! This is a tricky task with room for improvement. Have a look, get challenged and try to improve upon our protocols!
Fuzzy Asymmetric Password-Authenticated Key Exchange.
Asiacrypt 2020, with Andreas Erwig, Maximilian Orlt and Siavash Riahi
(Full Version)
- It is time to revisit the security model for asymmetric PAKE.
Separating Symmetric and Asymmetric Password-Authenticated Key Exchange.
SCN 2020
(Full Version)
- Log in with Google and Facebook and Instagram, and rest assured that none of them learn your password.
PESTO: Proactively Secure Distributed Single Sign-On, how How to Trust a Hacked Server.
IEEE EuroS&P, with Carsten Baum, Tore Kasper Frederiksen, Anja Lehmann and Avishay Yanai
(Full Version)
2019
- Your blockchain is too slow? This paper introduces protocols and formal foundations for fairly routing off-chain transactions between multiple parties and intermediaries.
Multi-Party Virtual State Channels.
Eurocrypt 2019, with Stefan Dziembowski, Lisa Eckey, Sebastian Faust and Kristina Hostáková
(Full Version)
- Identity Management: State of the Art, Challenges and Perspectives.
Privacy and Identity Management 2019, with Tore Kasper Frederiksen, Anja Lehmann and Rafael Torres Moreno
(SpringerLink)
2018
- Diffie-Hellman key exchange has a suboptimal security reduction with quadratic loss in the number of users. This loss was proven optimal in 2002 (Coron, Eurocrypt). We introduce a simple non-interactive key exchange from Hash Proof System that circumvents this 15 year old bound with only linear loss.
On Tightly Secure Non-Interactive Key Exchange.
Crypto 2018, with Dennis Hofheinz and Lisa Kohl
(Full Version)
- Fuzzy PAKE is the first AKE that can handle both low entropy and noisy authentication data.
Fuzzy Password-Authenticated Key Exchange.
Eurocrypt 2018, with Pierre-Alain Dupont, David Pointcheval, Leonid Reyzin and Sophia Yakoubov
(Full Version)
- On the relation between two extremely powerful primitives in cryptography.
Graded Encoding Schemes from Obfuscation.
PKC 2018, with Pooya Farshim, Dennis Hofheinz and Enrique Larraia
(Full Version)
2016
- Revoking enrolled cryptography is tedious, but sometimes necessary when the underlying groups (e.g., elliptic curves) become outdated and too insecure. Is it possible to increase the security (parameter) of a scheme after it is enrolled? Believe it or not - it is possible!
Reconfigurable Cryptography: A flexible approach to long-term security.
TCC 2016-A, with Dennis Hofheinz and Andy Rupp
(Full Version)
2014
- Computations in composite-order groups are slow. We show how to emulate them with prime-order groups, including not only group operations but also complex structures such as pairings or even multilinear maps. Spoiler: this work makes Groth-Sahai proofs in composite-order groups twice as efficient as before.
Polynomial Spaces: A New Framework for Composite-to-Prime-Order Transformations.
CRYPTO 2014, with Gottfried Herold, Dennis Hofheinz, Carla Ràfols and Andy Rupp
(Full Version) (Slides)
- Introducing a strong security notion for the Diffie-Hellman key exchange, including feasibility as well as impossibility results.
Universally Composable Non-Interactive Key Exchange. SCN 2014, with Eduarda S.V. Freire and Dennis Hofheinz
(Full Version)
|
Program Commitees
USENIX Security 2023, IEEE EuroS&P 2023, SCN 2022, CCS 2022, EuroS&P 2022, PETS 2022, Latincrypt 2021, EuroS&P 2021, TCC 2019, IMACC 2019, CANS 2019, PKC 2018, CANS 2018
Program Chair
Security Standardization Research Conference, SSR 2023, Lyon, France
General Chair
Eurocrypt 2024, Zurich, CH
Security Standardization Research Conference, SSR 2023, Lyon, France
Other professional activities
Crypto Review Panel Member, 2020-2023, Crypto Forum Research Group @IRTF
Organized Workshops and other events
|