Cryptography for Privacy

We work on the foundations of zero-knowledge proofs, both in terms of advanced security guarantees, e.g., subversion resistance, and frameworks to analyze schemes. We develop cryptographic tools for blockchains, such as subversion-resistant zero-knowledge proofs and compatible blind signatures. In terms of blockchain protocols proper, we have given formal analyses of the Mimblewimble cryptocurrency protocol and co-designed variants thereof, which are now implemented in Litecoin.

One broad research area of our group is the design and analysis of cryptographic schemes that protect user privacy and their foundations. These typically find their first applications in the context of blockchains, which serve currently as test bed for cutting-edge technology.

Zero-Knowledge Proofs

One topic are zero-knowledge (ZK) proofs, which allow for certifying statements in a privacy-friendly manner. They are now used in cryptocurrencies such as Monero to prove that transferred amounts, which are only provided in encrypted from, are below a certain threshold; and they are at the core of anonymous currencies such as Zcash. We have been investigating stronger security properties of ZK proofs, such as “subversion-resistance” (PKC'18, CCS'19), and on the other hand developed frameworks for the analysis of their security, in particular the “algebraic group model” (Crypto'18). Our model has been the basis for the analysis of many of the recent “zk-SNARK” constructions, which are very efficient ZK proofs.

Blind Signatures

Another topic are blind signatures, which allow for obtaining signatures on documents, which are (partially) hidden to the signer. These also have privacy-preserving applications in blockchains, and of particular interest are schemes that issue “Schnorr signatures”, which are now supported by Bitcoin. After previous protocols were successfully attacked, we have proposed new variants (Eurocrypt'20) and are currently researching on improvements.

Foundations of Cryptographic Schemes

In addition to cryptographic schemes, we are working on their foundations, analyzing necessary mathematical hardness assumptions. One example is our analysis of the “OMDL” assumption (Asiacrypt'21), which underlies schemes such as blind Schnorr signatures, and classifications of assumptions that are widely used in cryptography (Crypto'20).

Blockchain Protocols

Blockchain protocols proper are another of our areas. After giving the first formal analysis of the Mimblewimble cryptocurrency system (Eurocrypt'19), we have recently proposed a variant of Mimblewimble that allows for non-interactive transactions (Asiacrypt'22). Our scheme is the basis for the MWEB protocol, which is now implemented by Litecoin. We have also proposed a framework for the construction of protocols for light clients, which are devices that do not store the entire blockchain data and need to rely on so-called “full nodes”. Our protocols let them do so without needing to trust the full nodes (Asiacrypt'22).


  • Principal investigator is Assoc. Prof. Georg Fuchsbauer
  • Hamza Abusalah worked on the light client topic
  • Mathias Wolf is working on blind signatures and zero-knowledge proofs
  • Marek Sefranek is working on zero-knowledge proofs