Category Archives: Cryptography

University of Tartu is looking for professor of cryptography

Vacancy: UT, Institute of Computer Science, Professor of Cryptography
Duties and responsibilities: Development of curricula and courses in Cryptography. Teaching subjects related to Cryptography. Supervision of PhD and Master students. Successful application for research grants, administration of them and performing the research required under the grants. See also job description.
Required qualifications: PhD or an equivalent qualification in the relevant field See also requirements for teaching and research staff.
Required experience: Teaching experience at the university level, experience in supervising Master and PhD students. Administrative and research competence needed to provide the leadership in organising research.
Required language skills: Excellent command of English. Knowledge of Estonian is desirable but not essential.
Workload 1,00; and the classroom teaching load at least 128 academic hours per calendar year
Salary According to UT salary rules, depending on the candidate’s qualification and the level of experience. See also UT salary rules.
Starting at 01.01.2018
Deadline: 03.08.2017

Position fields can be interpreted rather broadly. Cryptography classic and quantum, post-quantum; privacy preserving data mining; privacy and security; new technologies like blockchain; from theoretical to more applied backgrounds. It is important to have a broad view of the field in order to be able to help our curriculum development goals as well as lead research in broad spectrum with many smaller more independent groups. Cryptography has been one of University of Tartu and Estonian ICT sector strongholds, many opportunities for local collaborations exist and could be developed.

Appointments will be for indefinite contracts, i.e. at immediately “tenured” level, with standard performance reviews every 5 years. Since university rules are flexible, internationally competitive levels can be negotiated dependent on ability to attract funding, international collaborations, visibility, etc.


Estonian delegation answers to EU encryption questionnaire

Council of the European Union has prepared a questionnaire to map the situation and identify the obstacles faced by law enforcement authorities when gathering or securing encrypted e-evidence for the purposes of criminal proceedings. These are the answers from the Estonian delegation obtained by a public information request:

1. How often do you encounter encryption in your operational activities and while gathering
electronic evidence/evidence in cyber space in the course of criminal procedures?
o often (in many cases)

2. What are the main types of encryption mostly encountered during criminal investigations
in cyberspace?
o HTTPS, TOR, P2P / I2P, e-communications (through applications such as Skype, WhatsApp, Facebook, etc.)
o offline encryption – encrypted digital devices (mobile phone / tablet /computer), encrypting applications (TrueCrypt / VeraCrypt / DiskCryptor, etc)

3. Under your national law, is there an obligation for the suspects or accused, or persons who
are in possession of a device/e-data relevant for the criminal proceedings, or any other person
to provide law enforcement authorities with encryption keys/passwords?
o No. Pursuant to Article 215 of the Criminal Procedure Code, investigative
authorities and prosecutor’s offices can order the production of data from any person.
Suspect and accused person do not have to disclose encyption keys/passwords.

5. Under your national law, is it possible to intercept/monitor encrypted data flow to obtain
decrypted data for the purposes of criminal proceedings? If so, is a judicial order (from a
prosecutor or a judge) required?
o Yes. §126.7. Wire-tapping or covert observation of information.

8. Do you consider that your current national law allows sufficiently effective securing of e-evidence when encrypted?
o Ues. Current legislation to gather evidence can be considered sufficient. The challenges
related to encryption as more or less of technical nature.

10. In your view, will measures in this regard need to be adopted at EU level in the future?
o practical (e. g. development of practical tools for police and judicial authorities)
o improve exchange of information and best practices between police and judicial authorities
o create conditions for improving technical expertise at EU level

Basically, Estonian delegation answer can be read as “not interested in EU-level crypto backdoors”. Which is good, but could have been said more explicitly.

There are positive signs on EU-level for opposing legislation for backdoors:

Andrus Ansip, the Commission vice president in charge of the EU’s technology policies, has said he opposes laws that force companies to create backdoors to weaken encryption.

Europol, the EU law enforcement agency, and ENISA, the agency in charge of cybersecurity, signed an agreement in May opposing laws that strongarm firms into providing backdoors.


PhD thesis: “Efficient non-interactive zero-knowledge protocols in the CRS model”

Prastudy Mungkas Fauzi PhD thesis: “Efficient non-interactive zero-knowledge protocols in the CRS model”
Defense date: 17.02.2017 – 14:15 (J. Liivi 2-405, Tartu, Estonia)

Thesis supervisor: Lead Research Fellow Helger Lipmaa (Institute of Computer Science, UT)

Associate Professor Ivan Visconti (University of Salerno, Italy);
Dr Carla Ràfols Salvador (University of Pompeu Fabra, Barcelona, Spain)

In this work we provide three scenarios where NIZK arguments are relevant: verifiable computation, authorization, and electronic voting. In each scenario, we propose NIZK arguments in the CRS model that are more efficient than existing ones, and are comparable in efficiency to the best known NIZK arguments in the RO model.


The head of SMIT’s security department Tiit Hallas gives public lecture on cryptography


The public lecture will be held in the building of the IT College, Raja 4C, auditorium 314, Tuesday, October 18, at 13:00. The public lecture will also be broadcast live on the website of the IT College.

The main purpose of Tiit Hallas public lecture is to answer various question on the topic. Tiit will talk about cryptography related terms, describe the overall level of how cryptography works and the need for cryptography to ensure the security. Tiit has promised to bring sophisticated content to listeners as simply
and understandably as possible.

Tiit Hallas has worked in information security for over eight years in both public and private sector and has gained plenty of practical as well as theoretical experience in the field. He has a BA in Information System Development from IT College and an MSc in Cyber Security from Tallinn University of Technology. As well as delivering lectures and talks on the subject, Tiit is involved with Information Security in his daily work as the Head of Information Security at the IT and Development Centre of the Ministry of the Interior, where he not only manages staff but is also engaged with finding solutions to practical information security issues.

The lecture will be in Estonian.


Study on the lifecycle of cryptographic algorithms 2016


This study is a natural continuation of three previous studies conducted in 2011, 2013 and 2015. The fourth version of cryptographic algorithms life cycle study published on June 9, has more than 10 authors and has 163 reference source. The 2016 report is the first one in its sequence to be written in English, because the study is unique on a global scale, and the previous versions has been of great international interest.

The foreword of the report has been written by Anto Veldre:

The Dutch DigiNotar case in 2011 demonstrated the hard choices a country faces if a PKI supporting its government’s IT systems is compromised. [..] Therefore, it was decided in 2011 to assemble a scientific task force to analyse the problems and risks that reliance on cryptography is posing on the sustainable functioning of our society.

Among the usual topics in cryptography, there is quite revealing section “Cryptographic protocols over radio connection”. For example, there the authors find that Estonian public transportation cards are vulnerable to various kinds of Denial of Service and cloning attacks:

The transportation cards in Tallinn are built on MIFARE Classic, whereas in Tartu MIFARE Ultralight C cards are used. However, even though both of the cards support cryptographic authentication, this functionality is not used. In both cases, the protocol running between the card and the reader is essentially the same, consisting of transmitting the card’s unique ID and a signature. [..] While this measure prevents unauthorised parties from issuing new cards, it does not stop the card cloning attack. [..] Cloning a card that carries a monthly ticket causes direct financial loss to the transportation service provider and must hence be urgently addressed.

Even though the ID fields of transportation cards are not writeable, other fields may be. This is for example the case with Tartu bus cards that allow e.g. the signature field to be overwritten by a standard app working on a regular NFC-capable smartphone. As a result, the card will become invalid, giving us a potential Denial of Service attack.

The report analyzes different radio frequency card technologies used for physical access control.  There are many problems – transparency issues, use of weak cryptography or no cryptography at all. The authors have also interviewed Hardmeier and G4S to study deployment issues. Some of the deployment issues revealed are quite disturbing:

Interview with a company installing NFC-based access control systems revealed that it is common practice to use same keys also in several installations, making e.g. door keys of one company work at the door of another company, too.


Cybersecurity related bachelor’s and master’s theses in University of Tartu 2015/2016


Defense committee: Dominique Unruh (chairman), Siim Karus, Vitaly Skachek, Dirk Oliver Theis, Raimundas Matulevicius.

A Cost-Effective Approach to Key Management in Online Voting Scenarios
Abstract: Since smart cards both offer reasonable prices and expose an API for development, this document evaluates different approaches to implement threshold encryption over smart cards to support an electoral process.
Student: Sergio Andrés Figueroa Santos
Curriculum: NordSecMob (MSc)
Supervisor: Sven Heiberg, Helger Lipmaa, Tuomas Aura
Reviewer: Ivo Kubjas
Defense: 02.06.2016, 09:00, Liivi 2-405

Revision of Security Risk-oriented Patterns for Distributed Systems
Abstract: In this thesis, we target the secure system development problem by suggesting application of security risk-oriented patterns. The applicability of these security risk-oriented patterns is validated on business processes from aviation turnaround system.
Student: Silver Samarütel
Curriculum: Software Engineering (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Alexander Horst Norta
Defense: 02.06.2016, 09:00, Liivi 2-405

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security
Abstract: In order to support and simplify the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them.
Student: Andrey Sergeev
Curriculum: Cyber Security (MSc)
Supervisor: Raimundas Matulevicius
Reviewer: Henri Lakk
Defense: 02.06.2016, 09:00, Liivi 2-405

Secure and Efficient Mix-Nets
Abstract: This thesis studies a zero-knowledge shuffle argument proposed by J. Furukawa in 2005. Firstly, we provide a more detailed and easily readable description of the shuffle and shuffle-decryption zero-knowledge protocols than in the original paper. Secondly, we provide two new characterizations of a permutation matrix and two simple modifications of the shuffle protocol that reduce the computational complexity.
Student: Janno Siim
Curriculum: Computer Science (MSc)
Supervisor: Helger Lipmaa
Reviewer: Sven Laur
Defense: 02.06.2016, 09:00, Liivi 2-405

A Comprehensive Protocol Suite for Secure Two-Party Computation
Abstract: In some scenarios, a two-party model is a better fit when no natural third party is involved in the application. In this work, we design and implement a full protocol suite for two-party computations on Sharemind, providing an alternative and viable solution in such cases.
Student: Sander Siim
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Pille Pullonen
Reviewer: Dominique Unruh
Defense: 06.06.2016, 09:00, Liivi 2-405

An improved type system for a privacy-aware programming language and its practical applications
Abstract: he goal of this thesis is to make it easier to add protection domain kinds to the SecreC language by allowing the programmer to define the protection domain kind data types, arithmetic operations and type conversions in the SecreC language without changing the compiler.
Student: Ville Sokk
Curriculum: Computer Science (MSc)
Supervisor: Dan Bogdanov, Jaak Randmets
Reviewer: Vesal Vojdani
Defense: 06.06.2016, 09:00, Liivi 2-405

Energy Harvesting in Cooperative Communications
Abstract: Energy harvesting (EH) is a crucial technology for a variety of wireless systems that have limited access to a reliable electricity supply or recharging sources. In this thesis, the design of a multiple access relay system (MARS) using EH is considered.
Student: Akashkumar Rajaram
Curriculum: Cyber Security (MSc)
Supervisor: Nalin Jayakody, Vitaly Skachek
Reviewer: Bin Chen
Defense: 06.06.2016, 09:00, Liivi 2-405

Security of Eduroam Passwords
Abstract: The University of Tartu has decided that the university’s eduroam accounts will share the same user credentials as the rest of the university’s services. This could potentially be abused by exploiting weaknesses in wireless security in order to gain access to a user’s university account. The aim of this research was to uncover any such weaknesses.
Student: Raul-Martin Rebane
Curriculum: Computer Science (BSc)
Supervisor: Dominique Unruh
Reviewer: Meelis Roos
Defense: 06.06.2016, 09:00, Liivi 2-405

Applying a Security Testing Methodology: a Case Study
Abstract: This thesis aims to describe and apply a process necessary to verify the security of a web application. A checklist of security requirements was gathered combining OWASP ASVS web application security standard and OWASP Top Ten project.
Student: Karin Klooster
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos, Margus Freudenthal
Reviewer: Kritjan Krips
Defense: 08.06.2016

Word frequency based log analysis
Abstract: The purpose of this bachelor thesis is to explore if you can use word frequency based analysis for log files and find interesting events without knowing the log structure.
Student: Karl Lääts
Curriculum: Computer Science (BSc)
Supervisor: Meelis Roos
Reviewer: Artjom Lind
Defense: 08.06.2016

Randomly Distributed PIN Code Input Layout
Abstract: This thesis examines the possibility of reducing the visual security breach of PIN code input by randomising the input field.
Student: Rain Tõugjas
Curriculum: Computer Science (BSc)
Supervisor: Tauno Palts, Kristjan Krips
Defense: 08.2016

Smart Home Hacking
Abstract: This work investigates the security and privacy issues found at an emerging smart home technology such as the CoSSMic platform.
Student: Suela Kodra
Curriculum: NordSecMob (MSc)
Supervisor: Danilo Gligoroski, Marie Moe, Dominique Unruh
Reviewer: Raimundas Matulevičius
Defense: 18.08.2016, 09:30, Liivi 2-403

Cache-Timing Techniques: Exploiting the DSA Algorithm
Abstract: This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm.
Student: Cesar Pereida Garcia
Curriculum: NordSecMob (MSc)
Supervisor: Billy Bob Brumley, Dominique Unruh, N. Asokan
Reviewer: Arnis Paršovs
Defense: 26.08.2016, 11:00, Liivi 2-403


Study on the lifecycle of cryptographic algorithms 2015


Commissioned by Estonian Information System Authority (RIA), a new study has been completed on the lifecycle of encryption algorithms. According to Toomas Vaks, Deputy Director-General of RIA, it is important to abolish 1024-bit keys as soon as possible everywhere. For the next five years, 2048-bit keys and, in the long-term, 3072-bit keys at a minimum should be used.