Durch die Teilnahme an den Modulveranstaltungen erhält der Studierende Kenntnisse über aktuelle Probleme und Aufgabenstellungen im Bereich Sicherheit in informationstechnischen Systemen.
Der Studierende ist anschließend in der Lage eine Aufgabenstellung aus einem aktuellen Themengebiet der Sicherheit in der Informationstechnik selbstständig auf wissenschaftliche Weise zu bearbeiten, eine schriftliche Ausarbeitung dazu anzufertigen sowie die Qualität von wissenschaftlichen Texten zu bewerten. Darüber hinaus kann der Studierende die von ihm erarbeiteten Erkenntnisse vor einem fachlichen Publikum präsentieren.
Wechselnde Schwerpunktthemen zur Sicherheit in
Die Modulteilnehmer erarbeiten selbstständig aktuelle
wissenschaftliche Beiträge und fertigen eine schriftliche
Ausarbeitung an die in einem Peer-Review Verfahren bewertet wird. Die Resultate werden anschließend in Form von Vorträgen allen Teilnehmern präsentiert. Es erfolgt eine intensive Behandlung der Thematik in der Diskussion.
Folgende Module sollten vor der Teilnahme bereits erfolgreich absolviert sein:
- Kryptologie oder gleichwertige Grundlagenvorlesung
Es wird empfohlen, ergänzend an folgenden Modulen teilzunehmen: - Sichere Implementierung kryptographischer Verfahren
- Selected Topics in System Security
Lehr- und Lernmethoden
Jeder Teilnehmer bearbeitet eine individuelle fachliche Aufgabenstellung. Dies geschieht insbesondere in selbstständiger Einzelarbeit des Studierenden.
Der Teilnehmer bekommt - abhängig von seinem individuellen Thema - einen eigenen Betreuer zugeordnet. Der Betreuer hilft dem Studierenden insbesondere zu Beginn der Arbeit, indem er in das Fachthema einführt, geeignete Literatur zur Verfügung stellt und hilfreiche Tipps sowohl bei der fachlichen Arbeit als auch bei der Erstellung der schriftlichen Ausarbeitung und des Vortrags gibt.
Darüber hinaus wird ein Präsentationstraining zusammen mit ProLehre und eine Einführung in das Schreiben von wissenschaftlichen Arbeiten angeboten.
Modulprüfung mit folgenden Bestandteilen:
- Schriftliche Ausarbeitung über vorgegebenes Thema als Hausarbeit sowie gegenseitige Bewertung in Form von Peer-Reviews (50%).
- ca. 30 minütige Präsentation des vorgegebenen Themas incl. anschließender Diskussion (50%)
- Studierende könne durch sehr gute Mitarbeit, die sich insbesondere auch in Form von Diskussionsbeiträgen im Rahmen des Seminars zeigt, einen Bonus von 0,3 auf die Gesamtnote für das bestandene Modul erwerben.
In recent years, various side-channel attacks emerged [2,3] that aim to steal secret information from the power side-channel without direct physical access. Instead, these attacks make use of resources that are present inside the victim environment and can be controlled remotely.
A possibility to mount such kind of attacks is the use of internal sensors based on FPGA primitives that transfer the internally-measured side-channel leakages outside. Time-to-Digital Converters(TDCs)  constitute a primitive that can be used to monitor these internal voltage fluctations.
The goal of this topic is to provide an overview about TDC-based side-channel attacks and their comparison to setups that collect measurements externally by using an oscilloscope.
 Gnad et al.: "Analysis of transient voltage fluctuations in FPGAs", International Conference on Field-Programmable Technology (FPT), 2016  Schellenberg, et al. "An inside job: Remote power analysis attacks on FPGAs", DATE, 2018  Martínez-Rodríguez et al.: "SoK: Remote Power Analysis", 2021. https://eprint.iacr.org/2021/015
Gate Design and Synthesis Approaches for In-Memory Computing
Gate Design and Synthesis Approaches for In-Memory Computing
Memristors are an emerging technology and show promising performance for non-volatile memory applications. As memories will likely be the first widely commercially produced memristor-based devices, it is reasonable to research possibilities to use the underlying technologies and structures for other applications.
One particular such topic is in-memory computing, where the memory cells’ memristors are used as active elements to carry out boolean operations on stored data. Because the principle of operation is quite different to standard CMOS gates, new gate design approaches are needed; restrictions regarding interconnections and the transport of logic values necessitate different concepts for logic synthesis as well.
The aim of this work is to
convey understanding of the gate design possibilities using memristors as active elements (e.g. ),
summarise the state of the art of logic synthesis using memristor-based gates/logic cells (e.g. ), and
provide a short outlook regarding practical applications.
Memristor Technologies: Properties and Applications
After a few decades have passed between their theoretical proposal and the first real-world devices, practical memristors are now entering the market. Memristors are actively researched for a variety of different applications, e.g. non-volatile memory, neuromorphic computing, and in-memory computation . In this early stage of the field’s development, a number of different technologies for achieving memristive behaviour compete .
The aim of this work is to
briefly explain the existing technologies’ principle of operation,
asses the state-of-the-art memristors’ perfomance in relevant metrics (e.g. write endurance ), and
rate the technologies’ suitability for different applications.
High Level Synthesis (HLS) is an approach to generate HW accelerators from algorithmic descriptions written in a programming language like C or C++. This increases productivity because a designer has not to deal with low level RTL design. However, this layer of abstraction can lead to unwanted effects like higher area consumption or critical implications with respect to securtiy.
The goal of this work is to compare the design quality of HLS designs with direct RTL implementations. The comparison should include subjects like resource consumption, performance and side-channel resistance.
L. Zhang et al., "Examining the consequences of high-level synthesis optimizations on power side-channel," 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 2018, pp. 1167-1170, doi: 10.23919/DATE.2018.8342189.
Unlike a desktop application, a web application is split into browser-side and server-side components. Between both sides typically a lot of information needs to be exchanged. In order to secure this traffic, encryption methods are applied. Side-channel leakage often goes hand in hand with encryption and it has been shown, that it can be exploited even in web applications.
The goal of this topic is to exemplary state different threat models and the information an attacker can gain from exploiting them. Furthermore, the opportunities and limitations compared to classical side-channel analysis on non-web applications should be evaluated.
Chen, Shuo, et al. "Side-channel leaks in web applications: A reality today, a challenge tomorrow." 2010 IEEE Symposium on Security and Privacy. IEEE, 2010
Analyzing Masking Methods for Lattice-Based Cryptography
Lattice-based cryptography is based on mathematical problems that are considered secure against quantum computer attacks. It can be deployed on classical computers and the today's communication infrastructure. However, implementing lattice-based cryptography is not straightforward as it is vulnerable to implementation attacks. Side-Channel Attacks (SCA) exploit physical leakages to retrieve information about a secret element of an algorithm. Typical countermeasures to harden implementations against SCA are masking and hiding. The goal of this is survey to summarize masking methods to protect lattice-based cryptography against SCA.
Oscar Reparaz, Sujoy Sinha Roy, Frederik Vercauteren, and Ingrid Ver-bauwhede. A masked ring-lwe implementation. In Cryptographic Hardwareand Embedded Systems - CHES 2015 - 17th International Workshop, Saint-Malo, France, September 13-16, 2015, Proceedings, pages 683–702, 2015.
Van Beirendonck, M., D’Anvers, J. P., Karmakar, A., Balasch, J., & Verbauwhede, I. (2020). A Side-Channel Resistant Implementation of SABER. IACR Cryptol. ePrint Arch, 733, 2020.
Solving Reverse Engineering Issues with Graph Theory Solutions?
Gate-level netlist reverse engineering is basically graph analysis. The single gates and wires of a netlist can be interpreted as a graph structure. During sequential reverse engineering, this graph is analyzed in order to identify and extract the control logic. For this purpose, the first analysis step is the classification of state and data flip-flops in this gate-level netlist graph. To solve this classification problem, a number of different methods are already developed and investigated. One promising method (RELIC), which is proposed by T. Meade et. al., determines similarity scores which represent the similarities between flip-flop input structures. Based on the results, the flip-flops are classified.
This seminar work should first give a general overview of already existing graph node similarity score algorithms. In a second step, it should analyze and discuss which of these could be used as alternatives to the similarity score algorithm of RELIC.
Zager, L. A., & Verghese, G. C. (2008). Graph similarity scoring and matching. Applied mathematics letters, 21(1), 86-94.
Meade, T., Jin, Y., Tehranipoor, M., & Zhang, S. (2016, May). Gate-level netlist reverse engineering for hardware security: Control logic register identification. In Circuits and Systems (ISCAS), 2016 IEEE International Symposium on (pp. 1334-1337). IEEE.
The topic of physical unclonable functions (PUFs) can be seen as a part of biometric security. Biometric security itself is a wide research area which involves various aspects one of which is an information theoretical analysis. The goal of this research is determine how good a system can be in theory. In  the authors target a basic scenario, in which they evaluate the trade-off between privacy (i.e. protecting the biometric data) and security (i.e. roughly speaking how many key bits can be derived).
This seminar topic is supposed to summarize key aspects of such an information-theoretic approach and possibly translate it to the context of PUFs. It is highly recommended to have some background in either information theory or PUFs.
 Lai, Lifeng, Siu-Wai Ho, and H. Vincent Poor. "Privacy–security trade-offs in biometric security systems—Part I: Single use case." IEEE Transactions on Information Forensics and Security 6.1 (2010): 122-139.
Word identification is an important step during reverse engineering of gate-level netlists. Identified words help to understand the general structure of a circuit and can therefore result in a better comprehension of the overall design functionality. There exist different approaches to identify and trace words within a netlist.
This seminar work should first give an overview of already existing word identification strategies. In a second step, it should compare and evaluate the different approaches.
Li, Wenchao, et al. "Wordrev: Finding word-level structures in a sea of bit-level gates." 2013 IEEE international symposium on hardware-oriented security and trust (HOST). IEEE, 2013.
Tashjian, Edward, and Azadeh Davoodi. "On using control signals for word-level identification in a gate-level netlist." 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC). IEEE, 2015.
Meade, Travis, et al. "The old frontier of reverse engineering: Netlist partitioning." Journal of Hardware and Systems Security 2.3 (2018): 201-213.
Side-Channel Analysis (SCA) exploits information leaked by a device over its timing behavior, power consumption or EM emanations to reveal, e.g., the secret key of a cryptographic algorithms is retrieved. “Classical” SCA methods such as Differential Power Analysis (DPA) or Correlation Power Analysis (CPA) collect a number of measurements for different input values of the algorithm under attack and combine the leakage of different measurements to conduct the attack.
Instead, Algebraic SCA  makes use of the internal state of the attacked algorithm to formulate a SAT problem and thus allows for combining different leakages. Furthermore, attacks on a single measurement are possible, an attacker does not need to know inputs and outputs and even countermeasures such as masking schemes can circumvented.
The goal of this topic is to provide an overview over existing approaches on algebraic side-channel analysis that exceeds the seminal works in [1-2] and to outline current trends and applications ofalgebraic attacks.
 Renauld, M. & Standaert, F.-X.: Algebraic Side-Channel Attacks. Information Security and Cryptology, Springer Berlin Heidelberg, 2010, 393-410  Renauld, M.; Standaert, F.-X. & Veyrat-Charvillon, N.: Algebraic Side-Channel Attacks on the AES: Why Time also Mtters in DPA Cryptographic Hardware and Embedded Systems - CHES 2009, Springer Berlin Heidelberg, 2009, 97-111
Address Space Layout Randomization (ASLR) randomizes the address offsets of various program components in the memory space. It is used to reduce the attack surface such that it gets harder for an attacker to redirect the control flow to malicious code. Nevertheless, side-channels like timing can be used to overcome ASLR.
This work should highlight how and which side-channels can be used to overcome ASLR and their limitations should be discussed. Additionally, possible countermeasures can be mentioned.
D. Evtyushkin, D. Ponomarev and N. Abu-Ghazaleh, "Jump over ASLR: Attacking branch predictors to bypass ASLR," 2016 49th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO), Taipei, 2016, pp. 1-13, doi: 10.1109/MICRO.2016.7783743.
R. Hund, C. Willems and T. Holz, "Practical Timing Side Channel Attacks against Kernel Space ASLR," 2013 IEEE Symposium on Security and Privacy, Berkeley, CA, 2013, pp. 191-205, doi: 10.1109/SP.2013.23.
Protecting Cloud FPGAs against a Malicious Cloud Provider
FPGAs are becoming a commonly used platforms in cloud environments which lead to the emergence of the FPGA-as-a-service computation paradigm. In such a scenario, it is vital to protect the bitstream from an untrusted cloud provider, such that it cannot steal intellectual properties contained in the customer design and prevent the insertion of trojans inside a design. This seminar should present the mechanisms suggested by the research community to address these two issues and put them in perspective with what commercial cloud providers are currently offering.
 C.Jin et al., Security of Cloud FPGAs: A Survey, preprint available at https://arxiv.org/pdf/2005.04867.pdf
H. Englund et al., Secure acceleration on cloud-based FPGAs - FPGA enclaves, 2020 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW)
 A. Duncan et al., SeRFI: Secure Remote FPGA Initialization in an Untrusted Environment, 2020 IEEE 38th VLSI Test Symposium (VTS)
Most Side-Channel attacks, like DPA, are executed in the timing domain. As a result, the measurements need to be aligned in order to mount a successfull attack. Shifting the attack to the frequency domain overcomes the requirement of aligned measurements, and allows also to attack secured implementations.
The goal is to give an insight into the topic of side-channel attacks that operate in the frequency domain. Furthermore, the advantages or disadvantages compared to well known techniques like DPA should be drawn.
Gebotys, Catherine H., Ho, Simon, Tiu, C. C.. "EM Analysis of Rijndael and ECC on a Wireless Java-Based PDA". Cryptographic Hardware and Embedded Systems -- CHES 2005. Springer Berlin Heidelberg. 2005.
Y. Lu, K. H. Boey, M. O'Neill, J. V. McCanny and A. Satoh, "Is the differential frequency-based attack effective against random delay insertion?," 2009 IEEE Workshop on Signal Processing Systems, Tampere, 2009.
Differential Computation Analysis (DCA) is the software counterpart of the Differential Power Analysis (DPA) that uses the power consumption of a device to extract secret information. A DCA can be mounted on white-box implementations of cryptographic algorithms, i.e., an attacker has full access to the internal state and can extract software traces containing the read and write accesses made to memory.
This work should give an insight into DCA. Moreover, the limitations of DCA should be discussed as well as possible countermeasures.
Bos, Joppe W., Hubain, Charles, Michiels, Wil, Teuwen, Philippe. 'Differential Computation Analysis: Hiding Your White-Box Designs is Not Enough'. Cryptographic Hardware and Embedded Systems -- CHES 2016. Springer Berlin Heidelberg. 2016.
Synthesis, where a RTL Design is translated into a netlist and later into a layout, provides the best result when wire lengths are optimised and critical paths are taken into account. The problem of partitioning for hardware design has been of interest to the EDA community for many years. A good partitioning of parts of the design allows for an efficient layout, which allows for a faster and more efficient chip. Nowadays, partitioning algorithms are inbuilt into every design flow tool.
yle="font-variant-ligatures: normal; font-variant-caps: normal; orphans: 2; text-align: start; widows: 2; -webkit-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-color: initial; word-spacing: 0px;">However, the underlying algorithms become important when considering reverse engineering. Netlist partitioning of an unknown netlist is much easier when the method to originally partition the design during synthesis is known. This paper should provide an overview of commonly used partitioning methods for synthesis, and consider the different effects these algorithms have on the structure of the design.
A. C. H. Wu and D. D. Gajski, "Partitioning algorithms for layout synthesis from register-transfer netlists," 1990 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers, Santa Clara, CA, USA, 1990, pp. 144-147.
Β. W. Kernighan S. Lin "An Efficient Heuristic Procedure for Partitioning Graphs" Bell System Technical Journal vol. 49 no. 2 pp. 291-308 1970.
D. R. Brasen and G. Saucier, "Using cone structures for circuit partitioning into FPGA packages," in IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, vol. 17, no. 7, pp. 592-600, July 1998.
Garbled circuit is a cryptographic protocol which was developed by Yao in 1986. It does not target a secure communication or storage, but a secure computation between two untrusted parties. Garbled circuit enables the computation of a function outcome which is dependent on the inputs of both parties without revealing the secret inputs to the other party. Over time the original protocol was improved and new application fields were developed, like the secure evaluation of neural networks by Ball et. al.
The seminar work should shortly introduce the concept of garbled circuit as well as its main optimizations. The second part of the work should give an overview of its different application fields which were developed in the last years.
A. C. Yao, "How to generate and exchange secrets," 27th Annual Symposium on Foundations of Computer Science (sfcs 1986), Toronto, ON, Canada, 1986, pp. 162-167.
M. Ball, B. Carmer, T. Malkin, M. Rosulek and N. Schimanski, "Garbled Neural Networks are Practical," IACR Cryptology ePrint Archive, 2019, 338
High quality true random number generators are crucial for the security of many cryptographic protocols. The BMBF provides in the AIS 31 quality criteria for the certification of TRNGs. In this context it is required to provide a model the TRNG. For this seminar topic, the methodology for building a statistical TRNG model that fulfills the requirements of the AIS 31 should be summarized and examples for such a model building should be provided. The student might start research with the references below.
Overview of Functional Encryption and its Applications
Functional Encryption (FE) is an abstract term for public-key cryptosystems that differ from conventional encryption schemes: By using a secret key, the decryption procedure returns a function of the plaintext instead the plaintext itself. In addition to that, FE schemes rely on a trusted authority that generates secret keys for different users and different functions.
The goal of this work is to present the different types of Functional Encryption and its to give an overview of its applications.
Boneh D., Sahai A., Waters B. (2011) Functional Encryption: Definitions and Challenges. In: Ishai Y. (eds) Theory of Cryptography. TCC 2011. Lecture Notes in Computer Science, vol 6597. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19571-6_16
Lattice-based cryptography is based on mathematical problems that are considered secure against quantum computer attacks. FALCON is a lattice-based signature scheme submitted to the NIST (National Institute of Standards and Technology) standardization process for post-quantum cryptography. Among all post-quantum signature schemes, it has the the smallest bandwith (public-key and signature size). This work should analyze the signature scheme FALCON. A special focus should be on the performance of the scheme and the benefits/drawbacks compared to other signature schemes.
Physical Unclonable Functions (PUFs) derive a secret from manufacturing variations. While a PUF itself is implemented in hardware, its post-processing, testing according to metrics, and possibly modeling can be done in software. To some extent the source code of for such research is made publically available, e.g. [1,2].
The goal of this seminar topic is to provide an overview of already existing resources which could be used for further analysis.
In order to protect supply chains, to identify devices, or to ensure data and hardware security several works have been published, which use both Physical Unclonable Functions (PUFs) and Blockchain at the same time. But do these approaches add some value or is it just a hype?
The goal of this seminar is to
Provide an overview over existing work.
Analyze the different security targets addressed by Blockchains and PUFs.
Reveal possible pit falls and benefits arrising from this combination.
The following might serve as a starting point to the topic and for literature research:
Intrinsic ID; Internet of Things Authentication:A Blockchain solution using SRAM Physical Unclonable Functions[Link]
L. Negka et al.; Employing Blockchain and Physical Unclonable Functions forCounterfeit IoT Devices Detection; COINS '19: Proceedings of the International Conference on Omni-Layer Intelligent Systems [Link]
Formal Hardware Verification - Do you trust your CPU?
Over the last years, the stream of bugs related to hardware components has not ceased. Meltdown and Spectre are just some of the most well-known examples.
As thorough testing can not guarantee the correctness of a design, another approach is becoming more interesting: Formal (proof-based) verification of hardware.
In this paper, structured insights into the concepts of formal hardware verification (eg. ) shall be given and a modern concept (eg. ) for proving the correctness of hardware according to the spec shall be explained in detail.
 Coupet-Grimal S., Jakubiec L. (1996) Coq and hardware verification: A case study. In: Goos G., Hartmanis J., van Leeuwen J., von Wright J., Grundy J., Harrison J. (eds) Theorem Proving in Higher Order Logics. TPHOLs 1996. Lecture Notes in Computer Science, vol 1125. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0105401
 Joonwon Choi, Muralidaran Vijayaraghavan, Benjamin Sherman, Adam Chlipala, and Arvind. 2017. Kami: APlatform for High-Level Parametric Hardware Specification and Its Modular Verification.Proc. ACM Program.Lang.1, ICFP, Article 24 (September 2017), 30 pages.https://doi.org/10.1145/3110268
Natural Language Processing - How to Reverse Engineer Human Speech
With the development of machine learning, also the processing of human language has attracted a lot of attention.
Deciphering the meaning of a sentence still remains a tough problem and might be declared a harder problem than detecting objects in images.
In this paper, structured insights into the concepts of natural language processing shall be given and a modern concept for language processing (eg. ) shall be explained in detail.
 Matt Gardner, Joel Grus, Mark Neumann, Oyvind Tafjord, Pradeep Dasigi, Nelson Liu, Matthew Peters, Michael Schmitz, Luke Zettlemoyer. AllenNLP: A Deep Semantic Natural Language Processing Platform. https://arxiv.org/abs/1803.07640
No Software is free of bugs, some minor, some might expose your service with a severe vulnerability. Most severe vulnerabilties stem from bad memory management, be it a buffer overflow or a double free.
The Rust programming language rethinks many paradigms that lead to bad memory management and enforces the programmer to really plan his data structures.
In this paper, structured insights into the concepts of Rust shall be given and recent developments, such as Code Verification Proofing for Rust , shall be evaluated.
 Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: securing the foundations of the rust programming language. Proc. ACM Program. Lang. 2, POPL, Article 66 (January 2018), 34 pages. DOI:https://doi.org/10.1145/3158154
Established public key cryptography can be considered broken in the presence of a large scale quantum computer. In order to act on this emerging threat the National Institute of Standards and Technology (NIST) has started a competition  to standardize possible post-quantum cryptography algorithms.
In the third round of the contest the code-based cryptosystems “Classic McEliece”, “HQC” and “BIKE” are still under consideration from NIST. This work should give an overview of published attacks and countermeasures against code-based cryptosystems and comment on their applicability on the remaining round three candidates. As a starting point for a literature review the reference  should be used.
 https://csrc.nist.gov/Projects/post-quantum-cryptography  Sim, B.-Y.; Kwon, J.; Choi, K. Y.; Cho, J.; Park, A. & Han, D.-G. Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography IACR Transactions on Cryptographic Hardware and Embedded Systems, IACR Transactions on Cryptographic Hardware and Embedded Systems, 2019, Volume 2019, Issue 4
Kurzbeschreibung: Analysis of State-of-the-art security threads to Neural Networks with the focus on hardware attacks such as Power Analysis or Cache Attacks.
With the rise in popularity of Machine Learning for diverse tasks the choice of hardware accelerator becomes more important. Examples for ASICs are Google’s TPU or Intel’s Loihi.
However, by implementing Neural Networks (NN) on edge devices they are also prune to Side Channel Analysis (SCA). Batina et al. (1) proved the feasability of differential power analysis on NN and Dubey et al. (2,3) additionally implemented a countermeasure.
The task of this work is to gather the state-of-the-art of hardware attacks on NN implementations in a survey.
(1) CSINN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel; Batina, L.; Bhasin, S.; Jap, D. & Picek, S.; 28th USENIX Security Symposium (USENIX Security 19), 2019, 515-532
(2) MaskedNet: A Pathway for Secure Inference against Power Side-Channel Attacks; Dubey, A.; Cammarota, R. & Aysu, A.; arXiv preprint arXiv:1910.13063, 2019
(3) BoMaNet: Boolean Masking of an Entire Neural Network; Dubey, A.; Cammarota, R. & Aysu, A.;arXiv preprint arXiv:2006.09532, 2020;
With the rapid increase in cloud computing, solutions for protecting the privacy of the data in the cloud should be deployed. One of them is hommorphic encryption, a paradigm which allow computations on encrypted data without having to decrypt it. The implementation of such encryption schemes is challenging and usually slow on general purpose computers. With the raise of FPGAs in the cloud, hommorphic encryption can be accelerated via these platforms [1, 2, 3].
This work should introduce the concept of hommorphic encryption and its possible acceleration via FPGA platforms.
: Pöppelmann et al., Accelerating HomomorphicEvaluation on Reconfigurable Hardware, CHES 2015 : Sinha Roy et al., FPGA-based High-Performance ParallelArchitecture for Homomorphic Computing on Encrypted Data, HPCA 2019 : M. Sadegh Riaz et al., HEAX: An Architecture for Computing on Encrypted Data, ASPLOS 20
Traditional Databases are generally relational, whereas in the past years, graph based databases, such as neo4j, are becoming more common. This work should highlight the difference between these two types of databases, discuss the advantages and disadvantages of each, and evaluation for which use cases each database style is appropiate.
Khan, Wisal, Waqas Ahmad, Bin Luo, and Ejaz Ahmed. ‘SQL Database with Physical Database Tuning Technique and NoSQL Graph Database Comparisons’. In 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), 110–16, 2019. https://doi.org/10.1109/ITNEC.2019.8729264. Shrivastava, Swapnil, and Supriya N. Pal. ‘Graph Mining Framework for Finding and Visualizing Substructures Using Graph Database’. In 2009 International Conference on Advances in Social Network Analysis and Mining, 379–80, 2009. https://doi.org/10.1109/ASONAM.2009.16. Vyawahare, H.R., P.P. Karde, and V.M. Thakare. ‘A Hybrid Database Approach Using Graph and Relational Database’. In 2018 International Conference on Research in Intelligent and Computing in Engineering (RICE), 1–4, 2018. https://doi.org/10.1109/RICE.2018.8509057.
Established public key cryptography can be considered broken in the presence of a large scale quantum computer. In order to act on this emerging threat the National Institute of Standards and Technology (NIST) has started a competition  to standardize possible post-quantum cryptography algorithms. A promising candidate algorithm is the NTRU cryptosystem which was first introduced by Jeffrey Hoffstein, Jill Pipher and Joseph H. Silverman in 1996. Since then it several different variants of the system were developed: - NTRUEncrypt  - NTRU-HRSS-KEM  - NTRU Prime  In the second round of the contest NTRUEncrypt and NTRU-HRSS-KEM merged to form NTRU . Each algorithm is accompanied with its respective reference implementation, while several variants are integrated in the open source library pqm4  and PQClean .
This work should given an overview of the difference and similarities between the different algorithms with a focus on: - Parameters of the algorithm (e.g. “Which basic ring do they use? Is there a reason why?”) - Did the authors mention why they changed something in their algorithms - How are the algorithms implemented in practice using the respective reference implementations and [6,7] (e.g. “Which multiplication method do they use?”)