Profile picture

Markus Schiffermüller

About Me

Hi, I am a Computer Science student pursuing a Master’s degree at TU-Graz with a major in Software Security. I am currently working on my Master’s thesis in privacy and censorship circumvention in the context of messaging applications at Spring @ EPFL. My last internship was in the cryptography team at Trail of Bits, where I worked on the security of open-source cryptography libraries. Before that, I worked in the cryptography research group at IAIK @ TUGraz under the supervision of Maria Eichlseder on secure design for symmetric cryptographic primitives. I am interested in everything security-related and have a special interest in cryptography.

When I am not studying, I sometimes participate in Capture the Flag (CTF) competitions with my friends at LosFuzzys, of which I was the team Captain (from Jul 2022 - Oct 2023) and had the pleasure of participating in and organizing workshops, talks, and CTFs.

The opinions and views expressed on this blog are solely mine and do not represent those of any organization or individual. All information provided on this blog is for educational and informational purposes only.

Recent Posts

Glacierctf 2024 - AES Overdrive

I had the pleasure of providing a challenge for the third iteration of the Glacier 2024 event in the crypto category. It is a symmetric encryption challenge that is split into an easier first stage and a more challenging second stage, which revolves around symmetric cryptanalysis to recover a round key of AES.

Google CTF 2023 - myTLS

During the Google CTF 2023, my college and I encountered a fascinating challenge which was TLS themed. The task at hand involved exploiting files writes, hashes and signatures.

Introduction to Censorship Resistance Systems

I recently had the opportunity to educate myself a bit about Censorship Resistance Systems (CRS) and wanted to share my understanding to make it easier for those who are interested in this topic. In this blog post, I will summarize the SoK: Making Sense of Censorship Resistance Systems paper and the corresponding 15-minute talk at the Privacy Enhancing Technologies Symposium, both of which greatly helped me grasp this subject. I highly recommend reading the paper or watching the talk for a more in-depth understanding.

News

I am going to attend Real World Crypto 2025. See you there.
During my internship at Trail of Bits, I wrote a guide to shed some light on how to test cryptographic implementations to ensure correctness against common mistakes and timing attacks, which was published in the Trail of Bits testing handbook
During my internship at Trail of Bits, I found multiple vulnerabilities in elliptic, one of the most popular elliptic curve libraries for javascript CVE-2024-48949, CVE-2024-42461