Events

Upcoming

2024-12-20 Distinguished Lecture
Towards a Secure and Privacy-Respecting Web

Invited talk by Christoph Kerschbaumer (Mozilla).

Photo of Christoph Kerschbaumer

2025-01-27 Public Lecture
Georg Fuchsbauer will give a talk on “Space-efficient blockchains“

Tha talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria .

Abstract. The move from “proof of work” to “proof of stake” has arguably overcome the problem of energy waste in blockchains. However, for public verifiability, most systems require all transactions to be stored forever, by every full node. In Bitcoin this data now amounts to over 600GB, while in Ethereum it is over 1TB. We will overview two approaches to space-efficient systems. “Mimblewimble” is a protocol where spent transactions can be erased from the blockchain while maintaining verifiability. “Mina” goes further and, using a heavy-weight cryptographic concept called zk-SNARK, reduces its blockchain size to 22kB, which will never grow.

Photo of Georg Fuchsbauer

December 2024

2024-12-16 Research Seminar
Provable Side-Channel Resilience in Hardware and Software

The first slide of Johannes Haring's presentation, along with views of four participants in the Zoom meeting

2024-12-09 Research Seminar
Computationally Sound Automated Protocol Verification

The first slide of Simon Jeanteur's presentation, and he as the speaker in the Zoom meeting

November 2024

2024-11-26 Distinguished Lecture
Idealized Models in Cryptography: What, Why, and Where to Now?

Invited talk by Adam O’Neill (University of Massachusetts, Amherst).

Photo of Adam O'Neill
Georg Fuchsbauer and Adam O'Neill are standing next to the screen with a slide from the presentation

2024-11-25 Public Lecture
Krzysztof Pietrzak will give a talk on “Sustainable Blockchains“

The talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria .

Abstract. The Bitcoin blockchain achieves consensus in an open setting, i.e., where everyone can participate. This was believed to be impossible, the key idea to make this possible was to use computing power rather than some kind of identities for voting through “proofs of work”. Unfortunately, this approach is not sustainable: the Bitcoin blockchain burns roughly as much electricity as a country like Austria. We will outline sustainable alternatives for achieving a Bitcoin-like blockchain, with a focus on using disk space instead of computation and how this is realized in the Chia Network blockchain.

Zoom screen with a speaker and the title slide of the presentation

2024-11-18 Outreach to society
FinTechWeek Vienna Opening 2024: Cybersecurity in the Age of AI

Prof. Matteo Maffei will deliver a keynote at FinTechWeek Vienna Opening 2024. As artificial intelligence continues to transform the cybersecurity landscape, it introduces both new risks and opportunities. The keynote will explore the extensive impacts of AI on cybersecurity, highlight key threats, and discuss collaborative research strategies to stay ahead in this dynamic field.

Photo of Matteo Maffei

2024-11-15 Distinguished Lecture
Reproducible and Ethical Web Security Measurements

Invited talk by Ben Stock (CISPA Helmholtz Center for Information Security).

Zoom screen with a speaker and the title slide of the presentation
Zoom screen with a speaker and the summary slide of the presentation

2024-11-08 Achievement
TUW Team Secures Third Place in CSAW Student Cybersecurity Competition

Lea Salome Brugger, a former master’s student at TU Wien and now a PhD student at ETH Zürich, won 3rd place at the CSAW Applied Research Competition in cybersecurity. She presented CheckMate , a collaborative project developed with Laura Kovács, Anja Petković Komel, Sophie Rain, and Michael Rawson. The competition was organized for the 8th time by Grenoble INP - Esisar and the LCIS laboratory, focusing on research that has a practical impact. Finalists presented their work to a jury of industrial experts.

October 2024

2024-10-28 Distinguished Lecture
Anonymity, Consent, and Other Noble Lies: An Empirical Study of the Data Economy

Invited talk by Joel Reardon (University of Calgary).

Photo of Joel Reardon

2024-10-23 Outreach to society
Humanistic AI in Vienna. AI and Me: The Citizens’ Perspective

Prof. Laura Kovács is a participant in the panel discussion on the impacts and benefits of AI for citizens at Vienna Digital Days 2024. The discussion will focus on the application perspective, exploring the impacts and potential benefits of AI in citizens’ daily lives. Key areas of focus will include technology assessment and security. The discussion will revolve around three primary topics: the labor market and education, data security, and health, with a particular emphasis on its effects on perception and medicine.

Photo of Laura Kovacs

2024-10-21 Public Lecture
Daniel Gruss give a talk on “Sustainable Security.“

The talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria . This lecture series, a pioneering initiative in Austria, unites all Austrian CS departments and faculties to emphasize the vital role of sustainability in computer science. It showcases research solutions for real-world challenges and inspires progress towards a sustainable future.

Abstract. Global ICT electricity consumption is already beyond 11 percent of the worldwide electricity production and still increasing. By 2030 it may reach around 25 percent. Previous approaches to improve efficiency and performance have often sacrificed security, leading to disastrous security issues like Meltdown and Spectre. Patching just these two vulnerabilities increases power consumption on affected computers by a seemingly harmless 5 percent. By 2030, this may be more than 1 percent of the global electricity production by just a single out of thousands of patches. This development is not sustainable, and in this talk, we will discuss both the problem and potential revolutionary solutions.

Photo of Daniel Gruss and a slide of his online presentation.

2024-10-18 Networking
Breaking the Web’s Invisible Walls: Studying Emerging Client-Side Vulnerabilities at Scale

Invited talk by Soheil Khodayari (CISPA) and discussion on security of JavaScript-based web applications.

Photo of Soheil Khodayari standing next to the screen with a slide from his presentation.

2024-10-16 Distinguished Lecture
Semantic Models for Trustworthy Systems: A Hybrid Intelligence Augmentation Program

Invited talk by Giancarlo Guizzardi (University of Twente).

Photo of Giancarlo Guizzardi

2024-10-15 Lecture
Empowering Innovation: Unlocking the Potential of Privacy-Enhancing Technologies

Lecture by Prof. Dominique Schröder (TUW).

Photo of Dominique Schroeder

2024-10-07 Outreach to society
Happiness is endless in research

Prof. Laura Kovács shares insights from her diverse academic journey and emphasizes the importance of overcoming challenges for young researchers in her interview with Romanian Nőileg Magazine. She highlights the value of adaptability and openness to opportunities, stressing the significance of curiosity and finding joy in one’s work. Kovács encourages early-career scientists, particularly women, to embrace the challenges of research and pursue their interests with confidence. She also underscores the need for persistence in the competitive field of IT, noting the excitement of creating something new.

Photo of Laura Kovacs

September 2024

2024-09-30 Research Seminar
Anthemius: Efficient & Modular Block Assembly for Concurrent Execution

Ray Neiheiser is standing in front of the first slide of the presentation

2024-09-27 Distinguished Lecture
Proofs as Polynomials

Invited talk by Ruzica Piskac (Yale University) on techniques for proving program safety.

Photo of Ruzica Piskac

2024-09-27 Female Mentoring Session

During an informal talk, Prof. Ruzica Piskac, Professor of Computer Science at Yale University and leader of the Rigorous Software Engineering (ROSE) group, shared her personal journey in computer science, emphasizing the challenges she faced and how she overcame them. The discussion also explored the current state of female representation in formal methods, computer science, and software engineering. Participants asked questions and shared their own experiences. Held in a warm and relaxed atmosphere, the conversation, moderated by Laura Kovacs, provided a wonderful opportunity not only to exchange insights but also to network.

Photo of Ruzica Piskac and participants listening to her talk
Photo of Laura Kovacs introducing Ruzica Piskac for participants

2024-09-23 Summer School

Graz Security Week 2024 will be hosted by the IAIK – the Institute of Applied Information Processing and Communication at Graz University of Technology. The cybersecurity summer school is aimed at graduate students interested in security, privacy, and correctness. The main topics of the school this year include Cryptography & Cryptographic Implementations, Side Channels Privacy, and Safe AI. The program is available and registration is now open . Join us!

Poster of Graz Security Week

August 2024

2024-08-16 Presentation

Stefan Gast contributed to three papers that will be presented at the 33rd Usenix Security Symposium , which is focused on the latest security and privacy developments in computer systems and networks. In the paper “Divide and Surrender: Exploiting Variable Division Instruction Timing in HQC Key Recovery Attacks” authors R. L. Schröder, S. Gast, and Q. Guo identify a critical side-channel vulnerability in the Hamming QuasiCyclic (HQC) algorithm. This vulnerability stems from the variable execution times of division instructions affected by the modulo operator. The paper introduces a technique called DIV-SMT, designed for processors with Simultaneous Multithreading (SMT), which precisely measures these timing variations to create a highly accurate Plaintext-Checking (PC) oracle. This innovative method enables rapid recovery of HQC secret keys, drastically reducing both the time and number of queries required compared to traditional methods. For successful exploitation, the attacker must be on the same physical core as the victim. The effectiveness of this approach was demonstrated on an AMD Zen2 machine.
The paper “SnailLoad: Exploiting Remote Network Latency Measurements without JavaScript” by the TU Graz research team introduces SnailLoad, a novel side-channel attack leveraging network latency to infer user activities on a computer without the need for direct access to network traffic. Unlike traditional side-channel attacks that typically require the attacker to directly monitor network traffic, such as through a person-in-the-middle (PITM) attack or by being in close proximity to WiFi signals, SnailLoad only necessitates that the victim loads assets from an attacker-controlled server. This method utilizes network latency fluctuations as a side channel to detect activities like video watching or website browsing. “The main threat here is that any TCP server can stealthily obtain latency traces from any clients connecting to it,” explained Stefan Gast to SecurityWeek . The research team has further expanded public understanding of this threat by launching a dedicated website that offers a detailed description and a live demonstration of SnailLoad, providing real-world insights into how the attack functions.
The capability of hackers to spy on individuals through any device connected to the internet has captured considerable media attention. The Independent warns that SnailLoad effectively bypasses conventional security measures such as firewalls and VPNs. “When the victim accesses a website, watches an online video, or speaks to someone via video, the latency of the internet connection fluctuates in a specific pattern that depends on the particular content being used,” Stefan Gast further detailed. Testing showed that the researchers could spy on users watching videos with a 98% success rate, with the method proving particularly effective when the internet connection was slow and the videos were of substantial size.
More media coverage about SnailLoad is available through the following links: DER STANDARD , heise online .
At the symposium, the paper titled “SLUBStick: Arbitrary Memory Writes through Practical Software Cross-Cache Attacks within the Linux Kernel” by L. Maar, S. Gast, M. Unterguggenberger, M. Oberhuber, and S. Mangard will also be presented.

2024-08-14 Distinguished Lecture
Security in a World of Software Supply-Chain Vulnerabilities

Invited talk by Nikos Vasilakis (Brown University) and discussion on solutions to secure software ecosystems against attacks that exploit third-party components.

Photo of Nikos Vasilakis

July 2024

2024-07-06 Workshop
Asynchronous Hyperproperties: from Theory to Practice

Hyperproperties are a general framework to reason about properties requiring comparing multiple system executions, like security properties or robustness requirements. In this workshop, we want to bring together practitioners from different backgrounds with theoreticians developing frameworks for specifying hyperproperties.
The workshop format will focus on discussions and promoting the interchange of ideas between different communities. Find more information at the Workshop site , CySec News .

Workshop Logo
Ana da Costa is standing before the screen. On the screen the first slide of the presentation is displayed
Student discussion at Workshop

2024-07-05 Distinguished Lecture
Access Control in Mobile Software Stacks: Can we do fundamentally better?

Invited talk by Sven Bugiel (CISPA Helmholtz Center for Information Security) and discussion on fundamental improvements can be made at the system design level to enhance the security of mobile operating systems.

Photo of Sven Bugiel

June 2024

2024-06-24 Distinguished Lecture
On Challenges in Defending Against Code Stylometry

Invited talk by Konrad Rieck (TU Berlin, Guest Professor at TU Wien) and discussion on сhallenges in defending against code stylometry.
Location: TU Wien, FAV Hörsaal 1 Helmut Veith (1040 Vienna, Favoritenstr. 9-11, Erdgeschoß, Room HEEG02)
Time: 16:00 – 17:00

Photo of Konrad Rieck

2024-06-19 Outreach to society
Chat control is a security risk for all of Europe

Matteo Maffei (TU Wien), Daniel Gruss (TU Graz), Krzysztof Pietrzak (ISTA), and René Mayrhofer (Johannes Kepler University Linz), in a dialogue with DER STANDARD, have expressed significant concerns about the proposed client-side scanning measures in the EU.

As the European Parliament reviews the child sexual abuse (CSA) prevention and combat regulation, which advocates for the preemptive scanning of messages in platforms like WhatsApp, a broad spectrum of stakeholders, including researchers, data protection organizations, and child protection centers, have raised alarm. Critics argue that this method risks compromising secure communication, exposing citizens to extensive surveillance, and potentially allowing misuse by state actors or criminals. Additionally, there is apprehension about the arbitrary classification of content as illegal, which may encroach upon freedoms such as political speech. If enforced, this policy could fundamentally alter the operation of messaging services across Europe. Encrypted services like Signal might exit the European market, while others, such as WhatsApp and Threema, could be compelled to lower their encryption standards to align with new EU regulations.

Daniel Gruss pointed out the inherent security weaknesses in client-side scanning software, noting that such systems, once deployed, are bound to harbor exploitable flaws due to their complexity. Matteo Maffei emphasized the profound impact on fundamental rights, likening the scanning process to an invasive system where every letter is read, verified, and resealed before delivery. He argued that using client-side scanning to break encryption carries huge risks that could threaten the security of all citizens.

Highlighting the importance of maintaining robust communication security, the experts advocate for more research into bolstering system security rather than diminishing it, underscoring that secure communication is a critical and well-understood pillar of IT security that must be preserved.
Find the full text of the article in German on DER STANDARD .

2024-06-11 Networking
Automatic On-Device Mitigation for Crypto API Misuse

Invited talk by Florian Draschbacher (TU Graz) and discussion on automatic on-device mitigation for crypto API misuse in Android applications.

Photo of Florian Draschbacher

2024-06-11 Achievement
Best Paper Award at HOST 2024

The paper titled “Security Aspects of Masking on FPGAs,” authored by Barbara Gigerl, Kevin Pretterhofer, and Stefan Mangard, was honored with the Best Paper Award at the IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 2024.

2024-06-03 Networking
Formal Verification of Probe Isolating Non-Interference in Secure Circuits

TUW hosted an enriching full-day session led by SPyCoDe PIs, Laura Kovács and Roderick Bloem, focusing on the advanced topic of formal verification of probe isolating non-interference (PINI) in secure circuits. The meeting featured distinguished expert Dr. Nikolaj Bjorner from Microsoft Research, renowned for his work with the advanced SMT (Satisfiability Modulo Theories) constraint solver Z3, who contributed unique insights and expertise. Other participants included Clemens Eisenhofer and Robin Coutelier. Throughout the day, the group explored how SMT reasoning could be expanded to enhance the security features of electronic circuits, effectively increasing their resistance to various forms of interference and tampering, both with and without the use of probabilities. This event not only showcased the latest advancements in secure circuit design but also promoted collaboration among some of the brightest minds in the field. It was a day filled with stimulating exchanges, thought-provoking ideas, and meaningful knowledge sharing, setting the stage for further research.'

Laura Kovács, Roderick Bloem, Nikolaj Bjorner, Robin Coutelier, and Clemens Eisenhofer

May 2024

2024-05-21 Presentation
Simon Jeanteur presented CryptoVampire at the 45th IEEE Symposium on Security and Privacy

The presentation highlighted the results of collaborative research with Laura Kovács, Matteo Maffei, and Michael Rawson. CryptoVampire represents a significant breakthrough in protocol verification, enabling the first fully automated proofs via the innovative Computationally Complete Symbolic Attacker (CCSA) model. This advancement considerably strengthens the capabilities for automatic verification of protocols, employing a more sophisticated model than was previously possible.

Simon Jeanteur is standing in front of his presentation poster

2024-05-13 Research Seminar
Trapdoor Memory-Hard Functions

The first slide of the presentation

April 2024

2024-04-29 Research Seminar
VIRAS: A Conflict-Driven Descision Procedure for mixed Integer-Real Arithmetic

Johannes Schoisswohl is standing before the screen. On the screen the first slide of the presentation is displayed

2024-04-17 Distinguished Lecture

Invited talk by Byron Cook (UCL, TU Darmstadt, Amazon) and discussion on automated reasoning and internal proof projects of Amazon. Location: TU Wien, Campus Freihaus, Informatikhörsaal (1040 Vienna, Treitlstraße 3)
Time: 11:15 – 13:00

Photo of Byron Cook

2024-04-15 Research Seminar
Efficient and Secure Compression Functions for Arithmetization-Oriented Hashing

The first slide of Stefano Trevisani's presentation, and he as the speaker in the Zoom meeting
The Zoom view shows Stefano Trevisani standing before the screen, with the first slide of the presentation displayed on it

2024-04-02 Retreat
Retreat at the Institute of Science and Technology Austria

Retreat logo
Collage of photos from discussions in small groups
SPyCode community at Retreat at ISTA

2024-04-01 Outreach to society
Why We Will Never Get Rid of Side Channels

In the April episode of the “What That Means” InTechnology Podcast, Daniel Gruss discusses with hosts Camille Morhardt and Anders Fogh (Intel) the balance between side channels and resource sharing, common challenges and how to manage them, the impact of AI on side channels, and securing critical infrastructure stored in space. Find more on YouTube .”

A frame from the broadcast showing Daniel Gruss talking during the live stream.

March 2024

2024-03-26 Distinguished Lecture

Invited talk by Reiner Hähnle (TU Darmstadt) and discussion on a program logic of context-aware trace contracts.

Photo of Reiner Hähnle

2024-03-18 Research Seminar
Rational protocol design

The first slide of Fabian Regen's presentation, and he as the speaker in the Zoom meeting

2024-03-04 Research Seminar
Comparing Apples to Androids: Discovery, Retrieval, and Matching of iOS and Android Apps for Cross-Platform Analyses

The first slide of Magdalena Steinböck's presentation, and she as the speaker in the Zoom meeting

February 2024

2024-02-26 Research Seminar
Secure Blockchains in Network Transition Periods

Jakob Rosenblattl is standing before the screen. On the screen the first slide of the presentation is displayed
In-person participants of the seminar

2024-02-19 Research Seminar
Secure and Verifiable Implementations of off-chains Protocols

Magdalena Solitro is standing before the screen. On the screen the first slide of the presentation is displayed

January 2024

2024-01-29 Research Seminar
Cryptanalysis Using Constraint Programming

Hosein Hadipour is standing before the screen. On the screen the first slide of the presentation is displayed

2024-01-22 Research Seminar
Software Fault Attacks and Energy Efficiency

Jonas Juffinger is standing before the screen. On the screen the first slide of the presentation is displayed
In-person participants of the seminar

2024-01-15 Research Seminar
Secure implementation of the masking countermeasure on different platforms

Barbara Gigerl is giving a presentation at the seminar. The first slide from the presentation is displayed on the screen behind her
Barbara Gigerl is giving a presentation at the seminar. On the screen, Krzysztof Pietrzak is displayed asking a question

December 2023

2023-12-13 Distinguished Lecture

Invited talk by Frank Leymann (Universität Stuttgart) and discussion on Post-Quantum Security.

Photo of Frank Leymann

2023-12-04 Research Seminar
Efficient Multi-tuple Leakage Detection Testing in Side-channel

The first slide of Aakash Chowdhury's presentation, and he as the speaker in the Zoom meeting

2023-12-01 Networking

Invited talk by Michele Orrù (Sorbonne Université) and discussion on elastic SNARKs.

Photo of Michele Orrù

November 2023

2023-11-28 Presentation
SPyCoDe researchers participate in ACM CCS 2023.

Five representatives from SpyCoDe actively contributed to the ACM Conference on Computer and Communications Security (CCS) held in Copenhagen, Denmark, from November 26 to 30, 2023. This conference serves as the annual flagship event of the Special Interest Group on Security, Audit, and Control (SIGSAC) within the Association for Computing Machinery (ACM), attracting information security researchers, practitioners, developers, and users worldwide to explore cutting-edge ideas and results.

During November 27-29, the conference featured the presentation of the following research contributions:

These insightful presentations showcase SpyCoDe’s commitment to advancing knowledge and innovation in the realm of computer and communications security.

Sophie Rain  is giving a presentation at the conference. A slide from the presentation is displayed on the screen, showing the workflow diagram of CheckMate
Photo of the group of TUW researchers in front of the banner of the ACM Conference on Computer and Communications Security featuring Martina Lindorfer, Elena Andreeva, Carlotta Tagliaro, Sophie Rain, and David Schmidt from left to right

2023-11-26 Public Lecture
Martina Lindorfer joined as a speaker for the iMentor Workshop.

Individualized Cybersecurity Research Mentoring (iMentor ) Workshop co-located with the ACM Conference on Computer and Communications Security (ACM CCS) virtually. It is dedicated to attracting, mentoring, and providing career guidance to early-stage graduate students from underrepresented communities who aspire to pursue a career in computer security.

Martina gave a talk titled “IoTFlow the Making-Of: Inferring IoT Device Behavior at Scale through Static Mobile Companion App Analysis.” Using the preparation of her article presented at ACM CCS 2023 as an example, she shared with the iMentor cohort the behind-the-scenes journey of the IoTFlow paper — from its initial conception to the different iterations and revisions it underwent.

Abstract. The number of “smart” devices, that is, devices making up the Internet of Things (IoT), is steadily growing. They suffer from vulnerabilities just as other software and hardware. Automated analysis techniques can detect and address weaknesses before attackers can misuse them. Applying existing techniques or developing new approaches that are sufficiently general is challenging though. Contrary to other platforms, the IoT ecosystem features various software and hardware architectures. We introduce IoTFlow, a new static analysis approach for IoT devices that leverages their mobile companion apps to address the diversity and scalability challenges. IoTFlow combines Value Set Analysis (VSA) with more general data-flow analysis to automatically reconstruct and derive how companion apps communicate with IoT devices and remote cloud-based backends, what data they receive or send, and with whom they share it. We analyzed 9,889 manually verified companion apps with IoT-Flow to understand and characterize the current state of security and privacy in the IoT ecosystem. We discovered various IoT security and privacy issues, such as abandoned domains, hard-coded credentials, expired certificates, and sensitive personal information being shared.

Photo of the iMentor Workshop panelists sitting in chairs on a stage, with Martina Lindorfer in the center of the group

2023-11-24 Achievement
Maria Eichlseder received the Hedy Lamarr Prize from the City of Vienna.

Prof. Eichlseder was honored for her contributions to the development of new methods for cryptanalysis. She is one of the designers who developed the Ascon algorithm, which earlier this year was selected by the US National Institute of Standards and Technology (NIST) as the standard for lightweight cryptography. It also won the 2019 CAESAR competition for authenticated encryption in the lightweight applications category.

Lightweight cryptography deals with cryptographic methods that are particularly suitable for use in resource-constrained environments, such as RFID tags or sensors, due to their low resource requirements. This applies in particular to the Internet of Things with its numerous small sensors and actuators, as only little energy and power are available here. Ascon is also suitable for miniature technologies such as medical implants or keyless car openers.

Hedy Lamarr Prize recognizes female researchers in Austria for their outstanding achievements in the field of information technology. The prize is named after the Vienna-born Hollywood actress and scientist Hedy Lamarr. The award winners serve as role models for the next generation and motivate young women to pursue a career in the IT industry.

Photo of Maria Eichlseder standing in front of a whiteboard with formulas and schematics

2023-11-24 Networking

Invited talk by Christof Ferreira Torres (ETH Zurich) and discussion on the privacy aspects of Web3 wallets

Photo of Christof Ferreira Torres

2023-11-15 Achievement
Maria Eichlseder has been awarded a prize for excellence in teaching

Maria Eichlseder, an assistant professor at IAIK, was one of the four recipients honored with a prize for excellence in teaching 2022/23 at Graz University of Technology. She received the accolade for her outstanding lecture in Cryptography.

Maria Eichlseder standing before a whiteboard, holding an award

2023-11-13 Public Lecture
Krzysztof Pietrzak gave a talk on “Sustainable Blockchains“

Tha talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria .

Abstract. The Bitcoin blockchain achieves consensus in an open setting, i.e., where everyone can participate. This was believed to be impossible, the key idea to make this possible was to use computing power rather than some kind of identities for voting through “proofs of work”. Unfortunately, this approach is not sustainable: the Bitcoin blockchain burns roughly as much electricity as a country like Austria. We will outline sustainable alternatives for achieving a Bitcoin-like blockchain, with a focus on using disk-space instead of computation and how this is realized in the Chia Network blockchain."

Photo of Krzysztof Pietrzak

2023-11-06 Research Seminar
Software-based Microarchitectural CPU Attacks

The first slide of the presentation and Stefan Gast as a speaker

2023-11-02 Presentation
Jonas Juffinger presented “CSI:Rowhammer“ at the Hardwear.io Security Trainings and Conference 2023 .

The research addresses Rowhammer, a severe security problem in DRAM that allows an unprivileged adversary to gain kernel privileges by inducing electrical disturbance errors. CSI:Rowhammer is a hardware-software co-designed Rowhammer mitigation with principled cryptographic security and integrity guarantees, intentionally avoiding a focus on specific Rowhammer properties. Due to its generic design, the system provides protection against all Rowhammer attacks.

The presentation delved into the comprehensive details of designing a system like CSI:Rowhammer, covering aspects such as implementing low-latency hardware correction, maximizing software correction potential, securing correction routines in software against bit flips, managing possible race conditions, ensuring compatibility with virtual machines, evaluating the entire system, and more.

Slides Video

October 2023

2023-10-25 Outreach to society
Engaging school children and young people in STEM activities.

In two articles featured in the release of doIT 2/2023 in “Der Standard,” SpyCoDe members explore the significance of involving children in STEM activities and investigate the opportunities available in IT for the younger generation.

Sophie Rain introduces the “Abenteuer Informatik für Volksschule” initiative, where elementary school children visit the university to playfully delve into the world of algorithms. While programming education is now accessible to 8-year-old children, adapting content and delivery methods to align with their developmental needs and capabilities is essential. The TU Wien team is dedicated to creating an educational playground for primary and secondary school classes, fostering their interest in STEM. Sophie underscores the initiative’s crucial role in empowering girls to overcome stereotypes suggesting that technology is not for them.

Professor Maria Eichlseder shares her journey in establishing a successful career in IT. A small holiday project involving an encryption algorithm revealed to her the truly exciting nature of cryptography. Despite having limited prior knowledge in informatics from school, her fascination with cryptoanalysis led her to co-author Ascon, an authenticated encryption and hashing algorithm that has become an international standard. Today, Maria characterizes IT as an inspiring environment where individuals can initiate diverse projects, collaborate in dynamic teams, and contribute to their unique interests. The job landscape is expansive, featuring numerous companies and startups in Austria with promising earning potential. Addressing young people, she encourages them by stating, “Getting involved is fun and helps you develop personally!”

Two pages of the magazine doIT feature the text of the interview with Sophie Rain and her portrait
Two pages of the magazine doIT feature the text of the interview with Maria Eichlseder and her portrait

2023-10-12 Networking

Invited talk by Chrysoula Stathakopoulou (Chainlink Labs) and discussion on BBCA

Photo of Chrysoula Stathakopoulou

2023-10-12 Achievement
Giulia Scaffino listed amongst Top 30 @ TU Wien Under 30.

In 2023, Giulia Scaffino (27) is listed amongst the “TUW Under 30”, a list of selected TU Wien students and employees. Similar to the” Forbes Under 30”, this list features young and extraordinary researchers and entrepreneurs from the TUW, being able to present exceptional achievements in their area of research. Giulia graduated in nuclear physics and is doing her PhD at the Security& Privacy Research Group of Matteo Maffei. She specializes on Blockchain-protocols and is currently working on a blockchain bridge called “Glimpse”, enabling cross-currency transaction between Krypto-currencies. Giulia presented her results at the renowned IT conference USENIX Security Symposium. For more details see the article featured in the current print issue of the TUW Magazine #02-2023 “Schwerpunkt: Under 30” (pages 26-28) and also her bio online .

Photo of Giulia Scaffino

2023-10-12 Achievement
Sophie Rain listed amongst Top 30 @ TU Wien Under 30.

Sophie Rain (28) is amongst the “TUW Under 30” in 2023, a list of selected TU Wien students and employees. Similar to the “Forbes Under 30”, this list features young and extraordinary researchers and entrepreneurs from the TUW, being able to present exceptional achievements in their area of research. Sophie is a PhD student in Laura Kovacs’ Research Unit of Formal Methods in Systems Engineering. Her work focuses on the security verification of Blockchain applications by applying mathematical concepts such as game theory, logic and most importantly automated reasoning. Her work was presented at major security conferences such as CAV 2021 and CSF 2023. Furthermore, she is leading the TU Wien initiative “Abenteuer Informatik für Volksschule”, organizing workshops for pupils. For more details see the article featured in the current print issue of the TUW Magazine #02-2023 “Schwerpunkt: Under 30” and also her bio online .

Photo of Sophie Rain

2023-10-09 Research Seminar
Information-Flow Interfaces

The first slide of Ana Oliveira da Costa's presentation, and she as the speaker in the Zoom meeting

2023-10-09 Public Lecture
Daniel Gruss gave a talk on “Sustainable Security.“

The talk is a part of the Public Lecture Series ‘Sustainability in Computer Science’ under the auspices of Informatik Austria . This lecture series, a pioneering initiative in Austria, unites all Austrian CS departments and faculties to emphasize the vital role of sustainability in computer science. It showcases research solutions for real-world challenges and inspires progress towards a sustainable future.

Abstract. Global ICT electricity consumption is already beyond 11 percent of the worldwide electricity production and still increasing. By 2030 it may reach around 25 percent. Previous approaches to improve efficiency and performance have often sacrificed security, leading to disastrous security issues like Meltdown and Spectre. Patching just these two vulnerabilities increases power consumption on affected computers by a seemingly harmless 5 percent. By 2030, this may be more than 1 percent of the global electricity production by just a single out of thousands of patches. This development is not sustainable, and in this talk, we will discuss both the problem and potential revolutionary solutions."

Slides

Photo of Daniel Gruss.

September 2023

2023-09-25 Research Seminar
Computationally Sound Cryptographic Protocol Automated Verification

The first slide of Simon Jeanteur's presentation, and he as the speaker in the Zoom meeting

2023-09-14 Outreach to society

The TU Wien cryptography expert Prof. Elena Andreeva was featured in the Puls4 documentary Angriff aus dem Internet (Attack from the Internet).

Prof. Andreeva opens the doors to her research space and group at TU Wien, explaining the role of cryptography in today’s digital world. She also discusses how everyday devices like mobile phones can be vulnerable to cyber attacks.

The documentary sheds light on the importance of preventing cyber attacks, given their ubiquitous growth worldwide, and more specifically, in Austria. As the attackers range from criminals to state-run organizations, the targets vary from public administration and states to critical infrastructure and, not least, private individuals. The documentary presents several cyber attacks and discusses directions for prevention.

The interview with Elena Andreeva is available for reading in TU Wien Informatics News.

Elena Andreeva is discussing with a group of students

2023-09-11 Research Seminar
A Forkcipher-based Pseudo-Random Number Generator

The first slide of Andreas Weninger's presentation

2023-09-04 Summer School

Graz Security Week 2023 , organized by the Institute of Applied Information Processing and Communication (IAIK) at Graz University of Technology, is set to take place. This event is specifically tailored for graduate students who are enthusiastic about delving into the intricacies of security and correctness in computing devices. The school will cover a diverse range of topics, including Runtime Security, Side-Channels, Privacy, Secure Cryptographic Implementations, and Security Verification. It offers a unique opportunity for participants to deepen their knowledge and engage in discussions surrounding these critical aspects of computer security.

Announcement of Graz Security Week 2023
Topics and speakers of Graz Security Week 2023

June 2023

2023-06-26 Presentation
Giulia Scaffino presented “Glimpse“ at the the prestigious “USENIX Security Symposium“

Glimpse stands out as an innovative protocol, facilitating secure cross-chain token transfers in a fully decentralized manner, eliminating the need for large commercial crypto-depots. This accomplishment is the result of collaborative efforts by Giulia Scaffino, Lukas Aumayr, Zeta Avarikioti, and Matteo Maffei.

Notably, the Glimpse protocol is compatible with blockchains that have limited scripting languages. The authors provide a specific implementation of Glimpse for the Liquid Network, a Bitcoin pegged sidechain. The protocol’s security is proven within the Universal Composability (UC) framework, instilling a high level of confidence in its security guarantees. The researchers conducted an economic analysis of the Glimpse protocol, revealing that verifying a simple transaction on Bitcoin-like chains using Glimpse incurs a maximum of 700 bytes of on-chain overhead, resulting in a one-time fee of $3. This fee is only twice as much as a standard Bitcoin transaction, highlighting the cost efficiency of Glimpse. Overall, the presented advancements unlock exciting possibilities for the world of cryptocurrencies.

Slides Video

Giulia Scaffino on the stage at the USENIX Security Symposium.

2023-06-19 Research Seminar
Verification of Game-Theoretic Security Properties for Blockchain Protocols

The first slide of Sophie Rain's presentation

2023-06-05 Research Seminar
SMT or a Shelter for Theory and Logics

The first slide of Clemens Eisenhofer's presentation, and he as the speaker in the Zoom meeting

May 2023

2023-05-22 Research Seminar
PYTHIA: Supercharging Parallel Smart Contract Execution with the help of Optimistic Predictions

The first slide of Ray Neiheiser's presentation, and he as the speaker in the Zoom meeting

April 2023

2023-04-18 Kick-off event

On April 18, the Technical University of Vienna (TUW) hosted the highly anticipated kick-off event of SPyCoDe, a groundbreaking research program focused on the Semantic and Cryptographic Foundations of Security and Privacy through Composite Design. Generously funded by the Austrian Science Fund (FWF), this initiative aims to delve into the complexities of security and privacy in the digital landscape. The event successfully brought together a diverse group of project participants, fostering an atmosphere of collaboration and innovation.

The presentation of the SPyCoDe program covered its purpose, methodology, research plans, 14 projects, and expected results. It captivated not only the students but also garnered approval from esteemed members of the Advisory Board, including Prof. Véronique Cortier (French National Scientific Research Center (CNRS)), Prof. Bart Preneel (Research group COSIC, KU Leuven), and Prof. Christoph Paar (Ruhr-Universität Bochum). The ensuing discussion proved fruitful, providing invaluable insights and advice crucial to the program’s success in achieving its goals.

Throughout the day, participants seized the opportunity to connect with one another, engaging in informal conversations, knowledge exchange, and thought-provoking discussions. These interactions delved into the complex topics underlying the research activities of the program. A series of cross-cutting sessions facilitated collaborative efforts between the PIs and students, fostering interdisciplinary cooperation and kick-starting joint research. These sessions focused on studying various aspects of security analysis, compositionality, reasoning, and other pertinent subjects, fostering intensive and illuminating dialogue.

The Kickoff event marked a promising beginning for the SPyCoDe research program, which aims to shed light on the intricate world of security and privacy in the digital realm. With a diverse array of projects and a dedicated team of researchers, the program is poised to make significant strides in advancing our understanding and addressing the challenges of this ever-evolving field.

Group photo of participants

September 2022

2022-09-06 Start of the 1st Call for 14 PhD positions