Christoph Striecks

I am a cryptographer with a professional focus on secure technologies (mainly, key exchange and encryption, secure data access control, and authentication). Moreover, I have particularly worked on hybridization techniques for defense-in-depth approaches in large quantum-safe networks and on long-term security (e.g., see talks on hybrid cryptography and blog post on forward secrecy).

Before joining the AIT Austrian Institute of Technology – Austria’s largest Research and Technology Organization (RTO) – in 2016, I held a post-doc position at the Karlsruhe Institute of Technology (KIT) in Germany.

In 2015, I received my PhD (Dr. rer. nat.) in cryptography from KIT under the supervision of Prof. Dennis Hofheinz (now at ETH Zurich) on scalable advanced cryptographic building blocks. Teaching activities included Algorithms I (lab, ST 2015) and IT security (lab, ST 2013), encompassed by several seminars and labs.

In 2010, I received my Diploma in computer science from the Technical University of Braunschweig in Germany with a major in cryptography and software engineering. From March to September 2008, I worked as a software-development intern for Siemens USA in Princeton, New Jersey.

News and activities:

Oct. 2024: Presentation of an invited webinar on hybrid key exchanges for the European Commission under the umbrella of the QSNP project.
Oct. 2024: Happy to serve as a program committee member in "Track 3: Security in the Quantum Age" of the International Conference on Quantum Communications, Networking, and Computing (QCNC 2025).
Sep. 2024: Presentation of a series of webinars on authentication in large quantum-safe networks under the umbrella of the PETRUS project.
Jul. 2024: Happy to serve as a program committee member of the Security Standardisation Research Conference 2024.
May 2024: Attended the SKECH Workshop 2024.
Jan. 2024: Talk on source authentication in quantum-safe networks at QCI Days Vienna 2024.
Oct. 2023: An extended version of our PKC'15 paper was accepted to the Journal of Cryptology.
Sep. 2023: Accepted paper on forward-secure 0-RTT key exchange at The ACM Cloud Computing Security Workshop 2023.
Aug. 2023: Accepted papers on forward security in updatable encryption at TCC 2023 and on functional encryption with updatable ciphertexts in the Journal of Cryptology.
Aug. 2023: (Virtual) presentation at PQCrypto 2023 on hybrid authenticated key exchange.
Aug. 2023: I will serve as a program committee member of ICISSP 2024 and GI Sicherheit 2024.
Jun. 2023: Accepted paper on hybrid authenticated key exchange at PQCrypto 2023.
May 2023: I will serve as a program committee member of CANS 2023.
Apr. 2023: I attended EUROCRYPT 2023 in Lyon.
Jan. 2023: Accepted paper on strongly secure messaging at EUROCRYPT 2023.
Dez. 2022: From 7 to 9 December, I visited Dominique Schröder's group at Friedrich-Alexander-Universität Erlangen-Nürnberg and gave a presentation on Forward Security.
Oct. 2022: I will serve as a program committee member of the Security Standardisation Research Conference 2023.
Sep. 2022: From 19 to 23 September, I visited Dennis Hofheinz' group at ETH Zurich and held a talk on Puncturable Encryption.
Apr. 2022: I attended Real World Crypto Symposium 2022 in Amsterdam and gave a contributed talk on Puncturable Encryption for forward security.

Selected publications (alphabetical ordering of authors):

Muckle+: End-to-End Hybrid Authenticated Key Exchanges

Sonja Bruckner, Sebastian Ramacher, and Christoph Striecks.

Post-Quantum Cryptography - 14th International Workshop, PQCrypto 2023, College Park, MD, USA, August 16-18, 2023, Proceedings

Abstract URL PDF ePrint Talk Slides

End-to-end authenticity in public networks plays a significant role. Namely, without authenticity, the adversary might be able to retrieve even confidential information straight away by impersonating others. Proposed solutions to establish an authenticated channel cover pre-shared key-based, password-based, and certificate-based techniques. To add confidentiality to an authenticated channel, authenticated key exchange (AKE) protocols usually have one of the three solutions built in. As an amplification, hybrid AKE (HAKE) approaches are getting more popular nowadays and were presented in several flavors to incorporate classical, post-quantum, or quantum-key-distribution components. The main benefit is redundancy, i.e., if some of the components fail, the primitive still yields a confidential and authenticated channel. However, current HAKE instantiations either rely on pre-shared keys (which yields inefficient end-to-end authenticity) or only support one or two of the three above components (resulting in reduced redundancy and flexibility). In this work, we present an extension of a modular HAKE framework due to Dowling, Brandt Hansen, and Paterson (PQCrypto’20) that does not suffer from the above constraints. While their instantiation, dubbed Muckle, requires pre-shared keys (and hence yields inefficient end-to-end authenticity), our extended instantiation called Muckle+ utilizes post-quantum digital signatures. While replacing pre-shared keys with digital signatures is rather straightforward in general, this turned out to be surprisingly non-trivial when applied to HAKE frameworks (resulting in a significant model change with adapted proof techniques).
Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange

David Derler, Tibor Jager, Daniel Slamanig, and Christoph Striecks.

Advances in Cryptology - EUROCRYPT 2018 - 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tel Aviv, Israel, April 29 - May 3, 2018 Proceedings, Part III

Abstract URL PDF ePrint Talk RWC Talk EC

Forward secrecy is considered an essential design goal of modern key establishment (KE) protocols, such as TLS 1.3, for example. Furthermore, efficiency considerations such as zero round-trip time (0-RTT), where a client is able to send cryptographically protected pay- load data along with the very first KE message, are motivated by the practical demand for secure low-latency communication. For a long time, it was unclear whether protocols that simultaneously achieve 0-RTT and full forward secrecy exist. Only recently, the first forward-secret 0-RTT protocol was described by Günther et al. (Euro- crypt 2017). It is based on Puncturable Encryption. Forward secrecy is achieved by “puncturing” the secret key after each decryption operation, such that a given ciphertext can only be decrypted once (cf. also Green and Miers, S&P 2015). Unfortunately, their scheme is completely impractical, since one puncturing operation takes between 30 seconds and several minutes for reasonable security and deployment parameters, such that this solution is only a first feasibility result, but not efficient enough to be deployed in practice. In this paper, we introduce a new primitive that we term Bloom Filter Encryption (BFE), which is derived from the probabilistic Bloom filter data structure. We describe different constructions of BFE schemes, and show how these yield new puncturable encryption mechanisms with extremely efficient puncturing. Most importantly, a puncturing operation only involves a small number of very efficient computations, plus the deletion of certain parts of the secret key, which outperforms previous constructions by orders of magnitude. This gives rise to the first forward-secret 0-RTT protocols that are efficient enough to be deployed in practice. We believe that BFE will find applications beyond forward- secret 0-RTT protocols.

Recent research visits:

Friedrich-Alexander-Universität Erlangen-Nürnberg (Prof. Dominique Schröder, now at TU Vienna, 12/2022)
ETH Zurich (Prof. Dennis Hofheinz, 09/2022)
Royal Holloway, University of London (Prof. Martin R. Albrecht, now at King's College London and SandboxAQ, 10/2018)
Paderborn University (Prof. Tibor Jager, now at Bergische Universität Wuppertal, 03/2017)

Program committees:

QCNC 2025, 2024
CANS 2024, 2023, 2022
Security Standardisation Research Conference 2024, 2023
IMA International Conference on Cryptography and Coding 2019
ICISSP 2025, 2024
GI SICHERHEIT 2024, 2022 & 2020
ARES Workshops 2023, 2022 & 2020
IFIP Summer School on Privacy and Identity Management 2019 & 2018

Selected external reviewing activities:

CRYPTO 2024, 2022, 2019
EUROCRYPT 2023, 2022
ASIACRYPT 2022, 2021, 2016, 2015
ACM CCS 2023, 2022, 2020
USENIX Security 2021
IEEE Symposium on Security and Privacy 2022
ICALP 2022
PKC 2023, 2020, 2018, 2017, 2016
IEEE Transactions on Information Forensics and Security 2022
IEEE Transactions on Dependable and Secure Computing 2022, 2021
Designs, Codes and Cryptography 2022

Current projects:

QCI-CAT (Digital European Program, 2022-2025)
PETRUS (Digital European Program, 2022-2025)
EDOCC (European Defence Fund, 2022-2025)
QSNP (HORIZON-RIA 2023-2026)

Completed projects:

TeamAware (EU HORIZON 2020, 2021-2024)
QKD4GOV (KIRAS, 2021-2023)
PROFET (FWF, netidee SCIENCE, 2019-2023)
COMP4DRONES (EU HORIZON 2020, ECSEL, 2019-2023)
SECREDAS (EU HORIZON 2020, ECSEL, 2018-2021)
IoT4CPS (FFG and BMK, ICT of the Future, 2017-2020)
PRISMACLOUD (EU HORIZON 2020, 2015-2018)
CREDENTIAL (EU HORIZON 2020, 2015-2018)

Selected invited talks and activities:

Invited webinar on Quantum-Secure Hybrid Key Exchanges (European Commission, 2024)
Invited talk on Hybrid Authenticated Key Exchanges (NXP, 2023)
Invited talk on Forward Security (ETH Zurich, 2022)
Invited talk on Forward Security (FAU Nürnberg-Erlangen, 2022)
Invited lecture on Redactable Blockchains (with Daniel Slamanig, TU Vienna, 2021)
Invited talk on Attribute-Based Encryption for Strong Access Control (ETSI Security Week, 2020)
Invited lectures on Advanced Public-Key Encryption (TU Vienna, 2020 & 2019)
Invited talk on Security, Safety, and Privacy-by-Design (Austrian Standards, 2020, press coverage in futurezone and Austrian Standards)
Invited talk on Attribute-Based Encryption for strong access control (Graz Security Days for Industry, 2019)
Invited talk on Forward Security (Royal Holloway, University of London, 2018)
Involvement in ETSI STF 529 on standardizing Attribute-Based Encryption (press release from ETSI)

Selected teaching & supervision:

Teaching: Redactable Blockchains (invited lecture, WT 2021 at TU Vienna), Advanced Public-Key Encryption (invited lecture, WT 2020 at TU Vienna), Advanced Public-Key Encryption (invited lecture, WT 2019 at TU Vienna), Algorithms I (TA, ST 2015 at KIT), IT security (TA, ST 2013 at KIT)
PhD visitor: Jaime S. Buruaga (Technical University of Madrid, Jul.-Oct. 2024)
Interns: Augustine Bugler (University of Vienna, Jul.-Sep. 2024), Kevin Verhaeghe (ETH Zurich, Jul.-Sep. 2024), Alexander Zikulnig (TU Vienna, Aug.-Sep. 2022), Denis Jahic (TU Vienna, Jul.-Sep. 2021)
Diploma theses: Christian Matt (KIT, 2011), Alexander Mai (KIT, 2014)