Funded by: NCSC, UK (via University of Surrey)
Duration: started in 07/2019, duration 4 years
Contact at PACY: Prof. Dr. Mark Manulis


This project aims to design secure and privacy-friendly protocols for multi-factor web authentication, in particular focusing on the decentralised approaches such as the new WebAuthn standard.

As part of this project cooperation with Yubico has been setup to explore privacy-preserving and standards-conform approaches for backing up WebAuthn credentials and enabling account recovery without reverting to less secure and private solutions like passwords or one-time tokens. One of the outcomes is the design of Asynchronous Remote Key Generation, a new primitive which is particularly well aligned with the decentralised and unlinkable key management behind the WebAuthn standard.

The project further aims to utilise this primitive to enable privacy-preserving delegation of WebAuthn credentials amongst users with the possibility of revocation at a later stage. The project aims to develop classical as well as post-quantum secure versions of the proposed cryptographic approaches for back-up and delegation of WebAuthn credentials.