Research programs and applications are made accessible on this page.

Boolean Circuit Compiler for Secure Multi-party Computation (CBMC-GC)

CBMC-GC can be found here.

Disguised Chromium Browser (DCB)

DCB is a modified Chromium browser to protect against browser Fingerprinting. In this work we demonstrate the first anti-fingerprinting strategies, which protect against Flash fingerprinting without deactivating it, provide robust and undetectable anti-canvas fingerprinting, and use a large set of real word data to hide the actual system and browser properties without losing usability.

In order to counter fingerprinting and prohibit re-identification of users, two main strategies are employed: (1) configuring many browsers to share the same configuration, making all user look the same to the fingerprinter, and (2) randomize browser features in each session by using other real-world data to hide the original values.

To protect against canvas fingerprinting we modify the image rendering of the canvas itself. The image manipulation is deterministic and due to the slight image changes not visible to the user. Therefore, it is not possible for fingerprinters to detect this strategy and to remove or subtract any modification from the canvas to reconstruct the original image.

The 8 GB source files need to be compiled to run the browser and can be found here.

[1] Peter Baumann, Stefan Katzenbeisser, Martin Stopczynski, Erik Tews: Disguised Chromium Browser: Robust Browser, Flash and Canvas Fingerprinting Protection. WPES'16, October 24 2016, Vienna, Austria. DOI:

Parellel Circuit Compiler and Framework (ParCC and UltraSFE)

Secure two-party computation (TPC) based on Yao’s garbled circuits has seen a lot of progress over the past decade. Yet, compared with generic computation, TPC is still multiple orders of magnitude slower. To improve the efficiency of secure computation based on Yao’s protocol, we propose a practical parallelization scheme. In [1], we present an automatic compiler for ANSI-C to parallel circuits (ParCC) and illustrate the capabilities of evaluating parallel circuits with our framework UltraSFE, based on the JustGarble framework.

We're currently working on open sourcing UltraSFE. Updates and sources will be published here.

Moreover, we're currently integrating ParCC into CBMC-GC for its next release at, stay tuned.

[1] Niklas Büscher & Stefan Katzenbeisser: Faster Secure Computation through Automatic Parallelization, to appear at USENIX Security Symposium 2015, Washington D.C., USA

Enhanced Privacy ID (EPID)

The Enhanced Privacy ID (EPID) anonymous authentication scheme defines protocols (setup, join, sign, verify) for the remote, anonymous and (optionially) unlinkable authentication of a device [1], [2]. The scheme comprises three parties. A member (user) that wants to authenticate to a verifier (service provider), and an issuer needed for the setup. The unlinkability property provides a method to revoke a user even if the private key of it is not known, resulting in a privacy-enhanced revocation.

A software implementation of the EPID protocols in Java can be downloaded here. Implemented are a pairing based version of the EPID protocols, and a small graphical frontend that allows to run the protocols locally on one machine. The code is best used by importing it into the Eclipse IDE.

[1] Brickell, E. & Li, J. Enhanced Privacy ID: A Direct Anonymous Attestation Scheme with Enhanced Revocation Capabilities. IEEE Transactions on Dependable and Secure Computing, 2012, 9, pp. 345-360,

[2] Brickell, E. & Li, J. Enhanced Privacy ID: A remote anonymous attestation scheme for hardware devices. Intel Technology Journal, 2009, 13, pp. 96-111.