The digitization of electronic voting systems is critically discussed around the globe . Often, Remote Electronic Voting (REV) system architectures are centralized and intransparent for voters. In contrast, a DL-based REV system can offer a decentralized and auditable view for the public [1,2]. However, a decentralized system brings forth privacy and verifiability challenges that require in-depth research and analysis. The CSG@Ifi is actively developing Provotum, a decentralized voting system . Therefore, the following topics are possible to be investigated in the scope of Provotum, or REV in general.
Topic 1: "Mixnet Integration"
Description: The Provotum system has a Mixnet module that is not yet fully integrated with the rest of the REV system. The focus of this thesis is (a) to integrate the Mixnet module into the REV system, and (b) investigate a secret sharing approach for Provotum with a threshold of k/n instead of currently n/n. Third (c) this thesis also investigates the current voting protocol's implementation based on Finite Field Cryptography with a suitable Elliptic Curve-based implementation. Finally, the system should be evaluated in a distributed setting, using Ansible and Terraform to deploy the system globally on cloud providers.
Requirements: Knowledge on Rust, Distributed Systems and Applied Cryptography
Work Distribution: 10% Related Work, 30% Design, 30% Implementation, 30% Documentation
Dedicated Reference: [5,6]
Type: [BA, MA, IS]
Topic 2: "Risk Assessment and Threat Modeling of Provotum 3.0"
Description: REV systems are deployed in an adversarial context, where anyone is a potential attacker. This thesis focuses on the in-depth risk assessment, analysis and classification of threats in the context of Provotum. This thesis first (a) reviews relevant related work on threat modeling and risk assessments and identifies the most suitable approach. It also reviews relevant related work (other REV systems) in looking for comparison benchmarks. Then (b) this thesis identifies relevant threat agents, threats and classifies them. Further (c) the threats should be classified and mitigations investigated (e.g., using a perfectly private audit trail (PPAT)). E.g., this includes attacks on a pure voting protocol, or DL-consensus layer, as well as physical attacks on a deployed system. Finally, the thesis concludes (d) with a comparative
Requirements: Prior Knowledge on Cybersecurity and risk assessment methodology
Work Distribution: 20% Related Work, 30% Risk Assessment 30% Threat Modeling 20% Documentation
Dedicated Reference: [7,8]
Type: [BA, MA, IS]
Topic 3: "Formal Verification and Coercion-Resistance"
Description: This topic covers the formalization of the Provotum voting protocol, which has different extensions (Receipt-Freeness) and variations (Mixnet- and Homomorphic Encryption-based) as well as other specialties. The major goals of this thesis is (a) gaining insight into the state of formal verification of voting protocols and (b) to formalize the voting protocol of Provotum in a format that allows formal verification (in a software-based proof verification tool), and (c) document the process within the scope of this thesis. Finally, this thesis should investigate the current research directions of Coercion-Resistance in Voting Systems, as well as their formal definitions and trade-offs.
Requirements: Basic knowledge of formal verification and the notion of security proofs
Work Distribution: 20% Related Work, 30% Design, 30% Implementation, 20% Documentation
Dedicated References: 
Type: [BA, MA, IS]
 Christian Killer, Bruno Rodrigues, Eder Scheid, Muriel Franco, Burkhard Stiller. Practical Introduction to Blockchain-based Remote Electronic Voting. IEEE International Conference on Blockchain and Cryptocurrency (ICBC 20). 3-6 May. Toronto, Canada. https://github.com/christiankiller/icbc20-bcbev-tutorial
 Christian Killer, Bruno Rodrigues, Eder John Scheid, Muriel Franco, Moritz Eck, Nik Zaugg, Alex Schetlin, Burkhard. Stiller: Provotum: A Blockchain-Based and End-to-End Verifiable Remote Electronic Voting System; IEEE 45th Conference on Local Computer Networks (LCN), Sidney, Australia, November 2020, pp 1–12, Available at: https://www.researchgate.net/publication/345319094_Provotum_A_Blockchain-based_and_End-to-end_Verifiable_Remote_Electronic_Voting_System
 Provotum. Available at: https://github.com/provotum
 Christian Killer, Markus Knecht, Claude Müller, Bruno Rodrigues, Eder Scheid, Muriel Franco, Burkhard Stiller. Æternum: A Decentralized Voting System with Unconditional Privacy; IEEE International Conference on Blockchain and Cryptocurrency (ICBC 2021), Darlinghurst, Australia, May 2021, pp 1–8. To appear
 SafeCurves: choosing safe curves for elliptic-curve cryptography Available at: https://safecurves.cr.yp.to/
 Security Analysis of ElGamal Implementations, Available at: https://www.sop.inria.fr/everest/Tamara.Rezk/publication/SecryptElGamal.pdf
 Adam Shostack. 2014. Threat Modeling: Designing for Security (1st. ed.). Wiley Publishing.
 Cuvelier É., Pereira O., Peters T. (2013) Election Verifiability or Ballot Privacy: Do We Need to Choose?. In: Crampton J., Jajodia S., Mayes K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40203-6_27
 Véronique Cortier: "Formal Verification of E-Voting: Solutions and Challenges. ACM SIGLOG News 2 (January 2015), 25–34. DOI:https://doi.org/10.1145/2728816.2728823
Supervisors: Christian Killerback to the main page