TUM Logo

Hierarchical Deterministic Key Derivation Schemes

Hierarchical Deterministic Key Derivation Schemes

Supervisor(s): Dr. Martin Schanzenbach
Status: open
Topic: Others
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Ausschreibung in Kooperation mit Fraunhofer AISEC, Garching

Masterarbeit zum Thema:
Hierarchical Deterministic Key Revocation Schemes

Motivation and topic

This topic deals with with public-key cryptography schemes. In particular, elliptic curve cryprography (ECC).

For some use cases, it is necessary to derive temporary keys from the original key pair. Such use cases include wallets of digital ledgers or zone key blinding in name systems [2]. Signatures are only created with the derived private keys and can be verified with the corresponding derived public keys [3]. This allows us to blind signatures and keep the original key pair “cold” (i.e. not in memory on the system, possibly offline).

The derivation in such cases must be deterministic and hierarchical. This means that given a signature from a derived private key, the public key can be derived in a similar fashion and the signature verified. This class of derivations is called “Hierarchical Deterministic Key Derivation” (HDKD).

In our self-sovereign identity system re:claimID [4], we use HDKD in order to hide identities in a decentralized directory. Other use cases include Tor [5] and Blockchain [6].

The task is to investigate alternative schemes for our use case. This will include, but is not limited to, the following tasks:

  1. Understand the concepts of HDKD and read up on state of the art schemes.

  2. Extend the GNU Name System with another scheme based on Schnorr signatures or a post quantum scheme.

  3. Implementation and performance testing of the scheme(s).


While the tasks appear straight-forward, implementation of cryptographic schemes requires careful research and implementation. It is also exptected that you interact with experts in the field. It is advantageous if you have experience with one or more of the following:

Elliptic curve cryprography

Software development in C

Performance evaluations


Fraunhofer Research Institution for Applied and Integrated Security (AISEC)

Dr. Martin Schanzenbach
E-Mail: martin.schanzenbach@aisec.fraunhofer.de Telefon: +49 89 322-9986-193


(1) https://en.wikipedia.org/wiki/Elliptic-curve_cryptography

(2) https://lsd.gnunet.org/lsd0001/
(3) https://lsd.gnunet.org/lsd0001/#name-key-derivations
(4) https://reclaim-identity.io

(5) https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.txt#n2135

(6) https://ieeexplore.ieee.org/document/7966967

Date: 1. März 2021