Research topics at CRoCS

How to get involved

  1. Find project you like,
  2. Contact people involved,
  3. Have fun while saving the world (of research and open-source)!

Join us! We are always looking for enthusiastic people with passion for problem solving willing to work hard yet having good fun. Don't be afraid if you don't have previous experience in the project area you like. We are here to help you and we all learn something in the process.

Read the research domains to get a wider picture. Check currently open topics in IS, but do not hesitate do discuss different ones with contact person listed below.

Security of cryptographic implementations

We systematically analyze the security of cryptographic implementations, including the blackbox ones with no access to a source code (e.g., cryptographic smartcards). Typically, a large number of cryptographic operations is executed with observed data and various side-channel information recorded and statistically analyzed. The approach leads to several high-profile discoveries, including the practical factorization of RSA keys from Infineon chips (ROCA attack CVE-2017-15361) or EC private key extraction from timing of ECDSA signatures (Minerva attack CVE-2019-15809). The goal is not only to find an attack but also to provide open-source verification tools.

Find out more Publications

Last update: 17.01.2024

Contact: Jan Jančár j08ny@mail.muni.cz

More information, projects and resources:

  • ROCA online Tester: A tool for testing RSA keys for the ROCA vulnerability.
  • ROCA repository: A code repository with the testing tool for the ROCA vulnerability.
  • Minerva repository: An artifact repository for the Minerva vulnerability.
  • ECTester: A tool for testing blackbox elliptic curve cryptography implementations on smartcards and in software libraries.
  • pyecsca: Python Elliptic Curve Cryptography Side-Channel Analysis toolkit.
  • Fooling primality tests repository: An artifact repository for the “Fooling primality tests on smartcards” paper.
  • 4p-1 repository: An artifact repository for the “I Want to Break Square-free: The 4p−1 Factorization Method and Its RSA Backdoor Viability” paper.

Involved people:

Selected publications:

Usability of cryptographic APIs and tools

This project focuses on the cryptographic APIs and tools with respect to their developer usability. Such APIs are notoriously complex and prone to usage errors – our goal is to analyze their (in)correct usage and propose precautions and guidelines to achieve better usability and security.

In the past the research focus was on usable interfaces of cryptographic libraries from the point of developers and administrators lacking detailed security education. We are interested in both programmable and command-line interfaces, with the emphasis placed on X.509-capable libraries, such as OpenSSL, GnuTLS and NSS, paying special attention to the process of certificate creation and validation. The goal is to enable the developers to use security APIs errorlessly and API designers create better interfaces less prone to misuse. We emphasize the necessity of a usable design even for tools targeted at experienced users.

Recently, we also focused on tools for cryptographic developers, such as tools for verification of constant-timeness.

Find out more Publications

Last update: 17. 01. 2024

Contact: Vašek Matyáš matyas@fi.muni.cz

Involved people:

Selected publications:

Security of cryptographic hardware (smartcards, TPMs...)

For more than two decades, we analyze the security of cryptographic hardware and interesting uses in security systems as a trusted element. We work mainly with JavaCard based cryptographic smart cards and Trusted Platform Modules (TPMs). We maintain a large collection of JavaCards and use them to assess their performance, quality of truly random number generators, key generation algorithms as well as security improvements over time. While the internal implementation of cryptographic operations is typically proprietary, we had to develop a suite of techniques for black-box analysis of the implementation correctness - with the advantage of assessment also by other users without the need for proprietary knowledge.

We also develop tools and libraries helping open-source developers to create open, faster, and more secure JavaCard applets.

Find out more Publications

Last update: 23.10.2024

Contact: Petr Švenda svenda@fi.muni.cz

More information, projects and resources:

Involved people:

Former participants: Matúš Němec (2015-2020) (analysis of software generated RSA keys); Peter Sekan (2015-2019) (analysis of RSA keys, large datasets); Rajesh Kumar Pal (2016-2017) (JavaCard implementation of CAESAR candidates); Rudolf Kvašňovský 2014-2017 (alignment of DPA traces, YAFU); David Komárek 2015-2016 (power analysis of RSA operation); Lukáš Šrom 2014-2015 (support tests); Lenka Kuníková 2013-2014 (performance evaluation of JavaCards) and quite a lot of other people helping us since 2002

Selected publications:

Cryptanalysis of elliptic curves and other algebraic methods

Likely the most theoretical and math-heavy research we do, though still with real-world consequences in mind. We approach elliptic curves from many different directions: we study ECC implementations, problems with ECC formulas, ECC key datasets and in general diverse mathematical ideas involving elliptic curves. Sometimes, this requires us to dive into lattice methods as well.

In the past, we were systematically analyzing standardized elliptic curves. Lately, we have been mainly focusing on ECC with respect to side-channel attacks and the involvement of elliptic curves in the Bitcoin protocol.

Find out more Publications

Last update: 18. 01. 2024

Contact: Vojtěch Suchánek vojtechsu@mail.muni.cz

More information, projects and resources:

Involved people:

Selected publications:

Randomness statistical testing of TRNG and PRNG

The robust generation of truly random data or pseudo-random data indistinguishable from the truly random ones is a crucial component for many cryptographic systems. We focus on finding defects in a supposedly random data with the help of automated testing methods included in so-called randomness statistical testing batteries.

While most existing batteries focus on the predefined fixed tests, we automatically generate tests which adapt to the analyzed data - resulting in a stronger bias detection with a less amount of data required and with direct interpretability of the bias found. We also design and develop means for speedup of existing statistical batteries - both with help of more efficient implementations as well as distributed high-speed execution.

We build and continuously extend a large database of real-world cryptographic functions (CryptoStreams project containing block and stream ciphers, hash functions, PRNGs) parametrized by the number of used internal rounds and systematic patterns in their inputs. The resulting output data are then analyzed for the presence of unwanted defects.

Find out more Publications

Last update: 23. 10. 2024

Contact: Marek Sýs syso@mail.muni.cz

Current projects:

  • BoolTest - efficient and interpretable statistical testing battery: Github repository
  • Randomness Testing Tool (RTT, STS NIST, Dieharder, TestU01) - unified interface for different statistical batteries Github repository

Involved people:

  • Milan Brož 2019-now (Randomness Testing Tool)
  • Marek Sýs 2013-now (BoolTest - concept and improvements, NIST STS speed up, EACirc - concept, results interpretation)

Previous projects and resources:

Former participants: Petr Švenda 2008-2017 (EACirc project lead, initial implementation, Cryptostream), Dušan Klinec 2015-2022(BoolTest - polynomial representation, Cryptostream - large number of cryptoprimitives); Karel Kubíček 2014-2017 (Cryptostream - former main developer, block ciphers, TEA, metaheuristics, generator); Tamas Rozsa 2016-2020 (cryptostreams functions); Radka Cieslarová 2015-2019 (heatmap analysis of function); Michal Hajas 2015- 2019 (bytecode emulator, margins); Martin Ukrop 2012-2017 (framework model, refactoring, SHA-3 candidates testing, supporting tools); Ľubomír Obrátil 2014-2017 (BOINC&EACirc tasks automization); Jiří Novotný 2014-2016 (CUDA programming, EACirc core); Jan Švarc 2014-2015 (CUDA programming); Zdenek Říha 2013-2016 (bytecode emulator); Milan Čermák 2012-2013 (CUDA support); Ondrej Dubovec 2011-2012 (SHA-3 candidates testing); Matěj Prišťák 2011-2012 (object model and refactoring, XML support, eStream candidates testing); Tobiáš Smolka 2011-2012 (BOINC related support);

Selected publications:

Social and behavioral aspects of security

Our end-user oriented usable security projects focus on computer security and interactions of systems with end-users. We started in our first significant project in this area in 2014, in cooperation with three industrial partners, Faculty of social studies, and Faculty of law. The project aimed to identify influences that make users change their risky behavior to more secure one. Four sets of experiments ran in cooperation with commercial companies (ESET, Netsuite and SodatSW). Every experiment targeted a different target group and used a different technique (warning, security dialogue, e-learning, user-friendly password recovery, etc.). This project was unique for the cooperation of three different faculties of MU and three commercial companies, who wanted to understand their users better and increase their products' overall security by improving interfaces and processes used by their end-users.

We also finished a project in cooperation with the Faculty of social studies and AHEAD Itec/Monet+ company. It aimed at user testing of selected authentication methods (NFC token, smart card with card reader, fingerprint and PIN code). Results from this project are available here: https://crocs.fi.muni.cz/public/papers/2020-tacr-report

Find out more Publications Internal wiki

Last update: 21. 1. 2021

Contact: Vašek Matyáš matyas@fi.muni.cz, Agáta Kružíková kruzikova@mail.muni.cz

Involved people:

Former participants: Radim Janča (2014-2016); Lydia Kraus (2018-2020); Kamil Malinka (2013-2016); Vlasta Šťavová (2014-2019); Martin Ukrop (2016-2018); Lenka Knapová (2018-2020)

Selected publications:

  • [2018] Stavova, V., Dedkova, L., Ukrop, M., and Matyas, V. (in press). A large-scale comparative study of beta testers and standard users. Communications of the ACM. ACM, 2018, 64–71.
  • [2017] Stavova, V., Matyas, V., Just M. and Ukrop, M.:Factors Influencing the Purchase of Security Software for Mobile Devices – Case Study, Infocommunications Journal, 2017, 18–23.
  • [2016] Stavova, V., Matyas, V. and Just M.: Codes v. People: A Comparative Usability Study of Two Password Recovery Mechanisms, WISTP 2016.
  • [2016] Stavova, V., Matyas, V. and Just M.: On the impact of warning interfaces for enabling the detection of Potentially Unwanted Applications, EuroUSEC 2016.

Threshold Cryptography with Security-Certified Devices

Secure storage of secret key is paramount in cryptographic applications as the knowledge of the key directly corresponds to the ability of signing documents, decrypting messages, or confirming cryptocurrency transactions. To protect the secret keys, specialized cryptographic hardware like smartcards, HSM (hardware security module), or lately cryptocurrency wallets is used. However, due to implementation vulnerabilities, the private key may be still extracted even from the security-certified devices.

With the use of threshold cryptography, the risk of vulnerable implementations can be mitigated. Threshold cryptography allows for splitting of the secret key among multiple devices, which partake in an interactive protocol to perform cryptographic operations. The complete secret key is never reconstructed during this protocol, so if at least one of the devices remains uncorrupted, the secret key is not exposed. Our research focuses on threshold cryptography protocols executed on security-certified devices (smartcards, TPMs, cryptocurrency wallets).

Find out more Publications

Last update: 22. 10. 2024

Contact: Antonín Dufka dufkan@mail.muni.cz

More information, projects and resources:

Involved people:

  • Jan Kvapil 2022-now (multi-party signing policies, verifiable computation)
  • Jiří Gavenda 2019-2022 (threshold ECDSA protocols)
  • Kristián Mika 2019-2024 (Bridge Suite, MPCOP for Raspberry Pi)
  • Jakub Janků 2019-now (threshold Schnorr for smartcards and TPMs, MeeSign client)
  • Antonín Dufka 2019-now (threshold cryptography on smartcards, MeeSign platform)
  • Dušan Klinec 2018-2022 (Monero on Trezor T)
  • Petr Švenda 2018-now (project lead, some initial implementations)

Selected publications:

We analyze cryptographic aspects of implementations in Bitcoin and other cryptocurrencies with a focus on hardware wallets, privacy protocols, cryptographic implementations, and their failures. The goal is to make Bitcoin and selected cryptocurrency technologies better, more accessible, more private, and overall less vulnerable.

The work leverages our expertise in the side-channel analysis of cryptographic hardware (especially relevant for the hardware wallets), scrutiny of cryptographic implementations (both builder's and attacker's perspective), and randomness testing (crucial to have non-biased private keys and non-leaking signatures).

Find out more Publications

Last update: 22. 10. 2024

Contact: Petr Svenda svenda@fi.muni.cz

More information, projects and resources:

Involved people:

Former participants: Dušan Klinec 2017-2022 (Monero on Trezor T, attack on Ledger's Monero); Filip Vass 2021-2022 (EU SSI framework); Denis Varga 2021-2022 (CoinJoin protocols analysis); K. Raczova 2020-2021 (usability of Bitcoin wallets); Adam Parak 2021-2022 (building blocks of hardware wallets); Jan Kubeša 2019-2022 (weak Bitcoin EC keys);

Selected publications:

Open-source security tools

We believe that the open-source security tools are crucial not only for the general accessibility, but also to produce more robust secure software and hardware products and their more transparent security certifications. Not only the dedicated testing laboratories, but also end-users shall be able to replicate majority of the steps carried during the certification like Common Criteria or FIPS140-2.

Existing certification process produces trove of interesting, but hard to automatically process data. We extract, process and analyze these datasets to aid quick identification of potentially vulnerable products, provide ecosystem insight, and reason about the overall state of security. We also map and evaluate the existing open-source security software from several categories including (but not limited to) operating systems, browsers, password managers, and encryption tools. Majority of our other research results are accompanied with open-source tooling.

Find out more Publications

Last update: 22. 10. 2024

Contact: Petr Švenda svenda@fi.muni.cz

More information, projects and resources:

Involved people:

Selected publications:

Archived projects

Click to see Archived projects. Older projects, which are not currently actively pursued further, but may be activated again later (as happened for multiple projects already).