ETH Zürich » Computer Science » Theory » Cryptography

Information Security and Cryptography Research Group

Prof. Ueli Maurer Prof. Phillip Rogaway Dr. Martin Hirt Dr. Vassilis Zikas Christian Badertscher Sandro Coretti Grégory Demay Robert Enderlein Daniel Jost Christian Matt Daniel Tschudi A picture of the group
top row, left to right: Ueli Maurer, Phillip Rogaway, Martin Hirt, Vassilis Zikas
middle row, left ro right: Christian Badertscher, Sandro Coretti, Grégory Demay
bottom row, left to right: Robert Enderlein, Daniel Jost, Christian Matt, Daniel Tschudi

Recent Research Highlights

  • Generic equivalence of breaking RSA and factoring. A long-standing open problem in cryptography is whether breaking the RSA cryptosystem is as hard as factoring the modulus, or whether it is potentially much easier. It is proved in [AM09] that breaking RSA and factoring are equivalent in a generic model of computation. Any generic algorithm for breaking RSA can be transformed into a factoring algorithm.
  • Efficient symmetric cryptography under very weak assumptions. In contrast to the standard notion of a pseudo-random function (PRF), which is indistinguishable from a random function for a computationally-bounded adversary asking arbitrarily many queries (within its running time constraint), the new notion of an s-query weak PRF was introduced in [MT08]. Such a function need only be secure against an adversary who obtains a fixed number s (e.g. s=2) of input-output pairs and, moreover, the inputs are random (not chosen). It is shown that provably-secure encryption can be obtained from an s-query weak PRF essentially as efficiently as from a full-fledged PRF.
  • Quantum cryptography -- revisited. Quantum cryptography has been advocated as being provably secure based only that the laws of quantum mechanics are correct. It was shown in [AKMR07] that, contrary to the established security proofs in quantum cryptography, there are provably-secure key agreement schemes which can be broken. While a generated key is indeed provably secure, its security is potentially lost when it is used. This shows that the traditional security definition is too weak. The flaw is due to a locking property of the notion of accessible information in quantum physics: one additional (physical) bit of information can increase the accessible information by more than one bit. This problem was solved in [Ren05] where the right security definition for quantum key distribution is stated and a new framework for proving the security is proposed.

You can also browse our Research highlights, Search engine for publications, and List of available publications.