These are our current projects we’re working on. Most of them are available through GitHub and have a paper or other documentation attached to it.


ByzCoin is a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds. ByzCoin achieves Byzantine consensus while preserving Bitcoin’s open membership by dynamically forming hash power-proportionate consensus groups that represent recently-successful block miners. ByzCoin employs communication trees to optimize transaction commitment and verification under normal operation while guaranteeing safety and liveness under Byzantine faults, up to a near-optimal tolerance of f faulty group members among 3 f + 2 total. ByzCoin mitigates double spending and selfish mining attacks by producing collectively signed transaction blocks within one minute of transaction submission. Tree-structured communication further reduces this latency to less than 30 seconds. Due to these optimizations, ByzCoin achieves a throughput higher than Paypal currently handles, with a confirmation latency of 15-20 seconds. It has been presented at USENIX Security 2016.

Collective Signatures (CoSi)

CoSi is a direct application of the Cothority framework which implements the idea presented in the paper “Keeping Authorities Honest or Bust with Decentralized Witness Cosigning“. CoSi provides the ability to participate collectively in a signature’s statement, enabling hundreds or thousands of nodes to sign. The whole protocol outputs a single signature, mimicking Ed25519’s signatures.


Cothority is framework written in Golang that enables us to build cryptographic distributed applications. The framework is mainly focused towards using a Tree as an overlay communication layer, but is flexible enough to provide the user with its own overlay communication. The main use of the framework is to give the PhDs students the ability to concentrate on coding their ideas and not all the nitty-gritty details.

It is the base for most of our ongoing work and is also used by The source code is at and is actively being worked on.

Padded Uniform Random Blobs (PURBs)

The goal of the PURBs-project is to remove unencrypted metadata and to reduce side-channel leakage from encrypted communication- and storage-protocols. To achieve these goals, PURBs provide a data format that efficiently hides metadata for message decryption. For that it uses public key cryptography based on elliptic curves with point representations that are indistinguishable from random bit strings.

Moreover, PURBs use an efficient padding scheme to reduce the amount of information leaked through side-channel like encrypted message lengths and communication timings.


RandHound is a client/server protocol for producing public verifiable randomness. RandHound enables a client to “scavenge” public randomness from an arbitrary collection of servers, combine the random strings, and present this collective randomness to any third party, together with a protocol transcript to proof that the randomness is good and unbiased provided a given threshold of servers are honest.

Software Update Transparency

This project aims at designing a framework for the transparent and secure software update process. The core principles of the framework are decentralising trust by involving software developers into validation of update releases, eliminating a single point of failure by using CoSi for ensuring authenticity and integrity, and ensuring build transparency by verifying source origins of update binaries. The latter principle turns around the work on reproducible builds and automatic verification.

Transparent and hardened PGP-Keyserver

Despite providing end-to-end encryption to anyone PGP suffers of many usability and security short-comings. Recently for instance keys of the so called PGP strong set have been faked using collisions in the widespread 32bit key ids and uploaded them to the public key servers, documented here. Goal of this project is to create a more secure PGP key server where attacks like the above and others aren’t possible anymore by

  1. not allowing (lookups and displaying of) short key-ids
  2. letting the user prove that he is in control of the email accounts related to uploaded keys, and
  3. writing keys to a transparent (potentially collectively signed) CONIKS-like log.

In collaboration


CONIKS is an end-user key management system for end-to-end secure communication services with an emphasis on usability, transparency and security (see the original paper for more details). As we are currently exploring ways to manage keys (and online identities) in a secure and decentralized way, we are also exploring if and how CONIKS-like systems could help achieving this. As a result of these efforts we helped out in a Golang implementation of a CONIKS server and library that will be used for a key-directory for TorMessenger (and which was part of a GSoC project).