I'm interested in cryptography, algebra and everything in between and around these topics. Some buzzwords for my research are provably secure public key cryptography, privacy-preserving technologies, blockchains and password-based protocols. Before joining IBM Research, I was a Postdoc at TU Darmstadt and ENS Paris. During my PhD, I was extremely lucky to enjoy supervision by both Jörn Müller-Quade and Dennis Hofheinz at Karlsruhe Institute of Technology (KIT) in Germany. I studied mathematics at KIT.
This website is static and written in plain html.
- Encryption-as-a-Service must not reveal a user's password to the encryption server - let's distribute to enhance privacy!
DPaSE: Distributed Password-Authenticated Symmetric Encryption
with Poulami Das and Anja Lehmann
- Security analysis of protocols sharing state (via a blockchain, or a PKI) is tricky. Better look at our paper before proving security of your blockchain application!
On the (Ir)Replaceability of Global Setups, or How (Not) to Use a Global Ledger
TCC 2021, with Christian Badertscher and Vassilis Zikas
- NIKEs with optimal security reductions have remained elusive so far. This paper gives the first one, with trade-offs in key sizes.
Towards Tight Adaptive Security of Non-Interactive Key Exchange
TCC 2021, with Dennis Hofheinz, Lisa Kohl and Roman Langrehr
- The IRTF is currently standardizing a lightweight PAKE protocol, and we analyze security of its many implementation variants using a new cool and concise modularization technique.
Security Analysis of CPace
Asiacrypt 2021, with Michel Abdalla and Björn Haase
- We can use fuzzy PAKE to securely connect personal electronics automatically, by turning sensor readings into cryptographic keys!
FastZIP: Faster and More Secure Zero-Interaction Pairing
ACM MobiSys 2021, with Mikhail Fomichev, Lars Almon, Timm Lippert, Jun Han and Matthias Hollick
- The Universal Composability Framework (Canetti, FOCS 2001) can't handle global setups? Yes it can!
Universal Composition with Global Subroutines: Capturing Global Setup within plain UC
TCC 2020, with Christian Badertscher, Ran Canetti, Björn Tackmann and Vassilis Zikas
- The beloved fuzzy PAKE goes asymmetric! This is a tricky task with room for improvement. Have a look, get challenged and try to improve upon our protocols!
Fuzzy Asymmetric Password-Authenticated Key Exchange
Asiacrypt 2020, with Andreas Erwig, Maximilian Orlt and Siavash Riahi
- It is time to revisit the security model for asymmetric PAKE.
Separating Symmetric and Asymmetric Password-Authenticated Key Exchange
- Log in with Google and Facebook and Instagram, and rest assured that none of them learn your password.
PESTO: Proactively Secure Distributed Single Sign-On, how How to Trust a Hacked Server
IEEE EuroS&P, with Carsten Baum, Tore Kasper Frederiksen, Anja Lehmann and Avishay Yanai
- Your blockchain is too slow? This paper introduces protocols and formal foundations for fairly routing off-chain transactions between multiple parties and intermediaries.
Multi-Party Virtual State Channels
Eurocrypt 2019, with Stefan Dziembowski, Lisa Eckey, Sebastian Faust and Kristina Hostáková
- Identity Management: State of the Art, Challenges and Perspectives
Privacy and Identity Management 2019, with Tore Kasper Frederiksen, Anja Lehmann and Rafael Torres Moreno
- Diffie-Hellman key exchange has a suboptimal security reduction with quadratic loss in the number of users. This loss was proven optimal in 2002 (Coron, Eurocrypt). We introduce a simple non-interactive key exchange from Hash Proof System that circumvents this 15 year old bound with only linear loss.
On Tightly Secure Non-Interactive Key Exchange
Crypto 2018, with Dennis Hofheinz and Lisa Kohl
- Fuzzy PAKE is the first AKE that can handle both low entropy and noisy authentication data.
Fuzzy Password-Authenticated Key Exchange
Eurocrypt 2018, with Pierre-Alain Dupont, David Pointcheval, Leonid Reyzin and Sophia Yakoubov
- On the relation between two extremely powerful primitives in cryptography.
Graded Encoding Schemes from Obfuscation
PKC 2018, with Pooya Farshim, Dennis Hofheinz and Enrique Larraia
- Revoking enrolled cryptography is tedious, but sometimes necessary when the underlying groups (e.g., elliptic curves) become outdated and too insecure. Is it possible to increase the security (parameter) of a scheme after it is enrolled? Believe it or not - it is possible!
Reconfigurable Cryptography: A flexible approach to long-term security
TCC 2016-A, with Dennis Hofheinz and Andy Rupp
- Computations in composite-order groups are slow. We show how to emulate them with prime-order groups, including not only group operations but also complex structures such as pairings or even multilinear maps. Spoiler: this work makes Groth-Sahai proofs in composite-order groups twice as efficient as before.
Polynomial Spaces: A New Framework for Composite-to-Prime-Order Transformations
CRYPTO 2014, with Gottfried Herold, Dennis Hofheinz, Carla Ràfols and Andy Rupp
(Full Version) (Slides)
- Introducing a strong security notion for the Diffie-Hellman key exchange, including feasibility as well as impossibility results.
Universally Composable Non-Interactive Key Exchange. SCN 2014, with Eduarda S.V. Freire and Dennis Hofheinz
SCN, CCS, EuroS&P, PETS (2022), Latincrypt, EuroS&P (2021), TCC, IMACC, CANS (2019), PKC, CANS (2018)