Research

The analysis and design of post-quantum secure cryptographic systems is becoming increasingly important and urgent, as sufficiently powerful quantum computers could be available in the next 10 to 20 years. In particular, the chair focuses on systems of symmetric cryptography, which currently receive less attention in research. Nevertheless, it has been shown in recent years that the availability of sufficiently powerful quantum computers also affects the security of many classical symmetric algorithms. Not only "Grover's algorithm" can be used for this purpose. In certain attack models, algorithms such as "Simon's Algorithm" can be even more effective.

Selected publications on this topic:

Lang, Nathalie, and Stefan Lucks. "On the Post-Quantum Security of Classical Authenticated Encryption Schemes." Cryptology ePrint Archive (2023) [Link].

Kelsey, John, Stefan Lucks, and Nathalie Lang. "Coalition and Threshold Hash-Based Signatures." Cryptology ePrint Archive (2022) [Link].

Leuther, Jannis, and Stefan Lucks. "QCB is Blindly Unforgeable." International Conference on Codes, Cryptology, and Information Security. Cham: Springer Nature Switzerland, 2023 [Link].

The chair deals with both the analysis and design of block ciphers. With "Pholkos", a so-called tweakable block cipher was developed that can work with up to 512-bit message blocks and is based on AES-like structures. Tweakable block ciphers could be an important building block for post-quantum secure symmetric systems in the future.

Selected publications on this topic:

Bossert, J., List, E., Lucks, S., & Schmitz, S. (2022, January). Pholkos–efficient large-state tweakable block ciphers from the AES round function. In Cryptographers’ Track at the RSA Conference (pp. 511-536). Cham: Springer International Publishing. [Link].

Forler, C., List, E., Lucks, S., & Wenzel, J. (2018). Poex: a beyond-birthday-bound-secure on-line cipher. Cryptography and Communications, 10, 177-193 [Link].

The famous "Hartbleed" exploit, which became public in 2014, was due to a bug in the OpenSSL library. This and potentially future misimplementations can be prevented by following a clear formal language definition for the underlying format. Upon closer examination, we determined that the so-called "length-prefix" formats are a formal language class that is neither context-free nor context-sensitive.

Two new related complexity-theoretic language classes called "Calc-Regular" and "Calc-Context-Free" have been proposed by us to precisely define the set of length-prefix languages.

Selected publications on this topic:

Lucks, Stefan, Norina Marie Grosch, and Joshua König. "Taming the length field in binary data: calc-regular languages." 2017 IEEE Security and Privacy Workshops (SPW). IEEE, 2017 [Link].

 Jakoby, Andreas, Jannis Leuther, and Stefan Lucks. "Formal Language Theory for Practical Security-Extended Abstract." 2021 IEEE Security and Privacy Workshops (SPW). IEEE, 2021 [Link]