Quantification of Security


Classical cryptographic security proofs provide, relative to a model and assumptions, yes-or-no statements about the security of a cryptographic protocol.


Often, there are several protocols for a given task, all of which are provably secure. The respective proofs generally do not say which of the protocols is the 'most secure' (in a certain sense). The protocols may differ in important properties, for example with regard to

- the achieved security concept,

- the complexity assumptions used and, for example

- the existence of a single point of failure.


This is where the research direction of quantifiable security comes in, moving from all-or-nothing statements about security to a quantitative evaluation of security. For example, a quantitative security analysis might include a statement about the cost of the attacker or the scalability of attacks. Such quantitative statements help to choose the "best" procedure in terms of security.

Our research

The Cryptography and Security Group conducts research on measures of security as well as on corresponding proof techniques. Besides (quantitative) cryptographic security proofs, which can be performed with the help of mathematical models, the security of systems which, due to their complexity or lack of specification, cannot be analyzed with a mathematical model is of interest. A promising approach that is being investigated by the working group is analysis using attack trees and related structures.


The research of the working group contributes to the Quantification Research in KASTEL-ESS.

Our teaching

Unfortunately, we do not offer any teaching courses at the moment. Theses in this new and exciting field are welcome!