
I'm an Assistant Professor at FAU Erlangen-Nürnberg where I lead the Real-World Cryptography Group.
Before that, I was a postdoc at Cryptography Group, New York University, hosted by Yevgeniy Dodis and at Cryptoplexity Group, TU Darmstadt, hosted by Marc Fischlin.
I received my Ph.D. at the Chair for Network and Data Security, Ruhr University Bochum, where I was fortunate to have Jörg Schwenk as my first advisor and Eike Kiltz as my second advisor.
My research covers applied cryptography, especially the provable security of messaging protocols. You can find my published articles at Google Scholar, DBLP, or below.

Mailpaul.roesler [at] fau.de
PGP key

All details are listed in my full CV.
Since 12/22
Assistant Professor
at FAU Erlangen-Nürnberg
01/22 - 11/22
hosted by Yevgeniy Dodis, New York University
03/21 - 09/21
hosted by Marc Fischlin, TU Darmstadt
10/16 - 02/21
Ph.D. in Applied Cryptography
supervised by Jörg Schwenk and second advisor Eike Kiltz, Ruhr University Bochum
Research visit
with Krzysztof Pietrzak, ISTA Vienna
Research visit
with Mihir Bellare, UC San Diego
Research visit
with Yevgeniy Dodis, New York University
Research visit
with Kenny Paterson, ETH Zürich
Research visit
with Serge Vaudenay, EPF Lausanne
Research visit
with Bertram Poettering, Royal Holloway, University of London
10/15 - 12/18
M.Sc. IT Security
, Ruhr University Bochum
10/12 - 09/15
B.Sc. IT Security
, Ruhr University Bochum

Cryptographic Communication Protocols:
Key Exchange and Channels (Spring 2024,2023)
Introduction to Modern Cryptography
(Fall 2024)
Cryptography in Secure Messaging:
Understanding and Enhancing Signal (Seminar; Fall 2024,2023,2022)

PhD Student:
Lea Thiemt (starting end of 2024)

PC Member:
CRYPTO (2024,2023,2022), EUROCRYPT (2023), RWC (2024,2023), Communications in Cryptography (2024), PKC (2025), PETS (2023,2022)
CRYPTO (2021,2020,2019), EUROCRYPT (2022,2021,2020), ASIACRYPT (2024,2023,2022,2021,2018), Journal of Cryptology (2021,2020,2018,2017), TOPS (2019), S&P (2021,2020), USENIX Security (2019), CCS (2018), TCC (2020,2019,2018), PKC (2021,2019), CT-RSA (2022,2020), CANS (2021)

Interval Key-Encapsulation Mechanism
Alexander Bienstock, Yevgeniy Dodis, Paul Rösler, Daniel Wichs
IACR Asiacrypt 2024: [PDF full version]
Interoperability between Messaging Services – Secure Implementation of Encryption
Paul Rösler, Jörg Schwenk
Technical Report: [PDF full version], [Talk]
Interoperability in End-to-End Encrypted Messaging
Julia Len, Esha Ghosh, Paul Grubbs, Paul Rösler
Preprint: [PDF full version]
ASMesh: Secure Messaging in Mesh Networks Using Stronger, Anonymous Double Ratchet
Alexander Bienstock, Paul Rösler, Yi Tang
ACM CCS 2023: [PDF full version], [Talk 1], [Talk 2]
Implementation by Yi Tang: [Github Repo]
LAVA: Log Authentication and Verification Algorithm
Edita Bajramovic, Christofer Fein, Marius Frinken, Paul Rösler, Felix Freiling
IEEE IMF 2023: [Proceedings]
Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging
Paul Rösler, Daniel Slamanig, Christoph Striecks
IACR Eurocrypt 2023: [PDF full version], [Talk]
On the Worst-Case Inefficiency of CGKA
Alexander Bienstock, Yevgeniy Dodis, Sanjam Garg, Garrison Grogan, Mohammad Hajiabadi, Paul Rösler
IACR TCC 2022: [PDF full version]
Strongly Anonymous Ratcheted Key Exchange
Benjamin Dowling, Eduard Hauck, Doreen Riepel, Paul Rösler
IACR Asiacrypt 2022: [PDF full version], [Talk]
SoK: Game-based Security Models for Group Key Exchange
Bertram Poettering, Paul Rösler, Jörg Schwenk, Douglas Stebila
CT-RSA 2021: [PDF full version], [Talk]
On the Price of Concurrency in Group Ratcheting Protocols
Alexander Bienstock, Yevgeniy Dodis, Paul Rösler
IACR TCC 2020: [PDF full version], [Talk 1], [Talk 2], [Talk 3]
Determining the Core Primitive for Optimally Secure Ratcheting
Fatih Balli, Paul Rösler, Serge Vaudenay
IACR Asiacrypt 2020: [PDF full version], [Talk]
Combiners for AEAD
Bertram Poettering, Paul Rösler
IACR FSE 2020: [Talk]
IACR ToSC Volume 2020, Issue 1: [Journal], [PDF full version]
Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework
Benjamin Dowling, Paul Rösler, Jörg Schwenk
IACR PKC 2020: [PDF full version], [Talk]
Towards Bidirectional Ratcheted Key Exchange
Bertram Poettering, Paul Rösler
IACR CRYPTO 2018: [Proceedings], [Talk]
Extended version: Asynchronous ratcheted key exchange [PDF]
Java implementation by Marco Smeets: [Github Repo]
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
Paul Rösler, Christian Mainka, Jörg Schwenk
IEEE EuroS&P 2018: [PDF full version], [Talk 1], [Talk 2], [Talk 3], [Blog 1], [Blog 2]
Attacking Deterministic Signature Schemes using Fault Attacks
Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, Paul Rösler
IEEE EuroS&P 2018: [PDF]
Your cloud in my company: Modern rights management services revisited
Martin Grothe, Paul Rösler, Johanna Jupke, Jan Kaiser, Christian Mainka, Jörg Schwenk
ARES 2016: [PDF full version]
How to Break Microsoft Rights Management Services
Martin Grothe, Christian Mainka, Paul Rösler, Jörg Schwenk
Cryptographic Foundations of Modern Stateful and Continuous Key Exchange Primitives
Doctoral Thesis 2021: [PDF]
On the End-to-End Security of Group Chats in Instant Messaging Protocols
Master Thesis 2018: [PDF]
Architektur- und Sicherheitsanalyse von Tresorit und Tresorit DRM
Bachelor Thesis 2015: [PDF]
Blog Posts
Why Receipt Notifications increase Security in Signal (05/19): [Link]
Group Instant Messaging: Why blaming developers is not fair but enhancing the protocols would be appropriate (01/18): [Link]
Insecurities of WhatsApp's, Signal's, and Threema's Group Chats (07/17): [Link]

Automatically Invalidating Game-Based Security Definitions
Secure Key Exchange and Channel Protocols (SKECH) Workshop 2024: [PDF slides]
Unidirectional Group Messaging: Simple, Secure, and Efficient Solutions
Cryptographic Applications Workshop at Eurocrypt 2024: [PDF slides]
Security of Modern Messengers
Inaugural Lecture at FAU Erlangen-Nürnberg: [PDF slides]
ASMesh: Anonymous and Secure Messaging in Mesh Networks Using Stronger, Anonymous Double Ratchet
ACM CCS 2023: [PDF slides]
ASMesh: Anonymous and Secure Messaging in Mesh Networks Using Stronger, Anonymous Double Ratchet
ISTA Mathematics and CS Seminar: [PDF slides]
Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging
NYU Crypto Reading Group: [PDF slides]
Interoperability between Messaging Services – Secure Implementation of Encryption
Bundesnetzagentur 2023: [PDF slides], [Video]
Unique-Path Identity Based Encryption With Applications to Strongly Secure Messaging
IACR Eurocrypt 2023: [PDF slides], [Video]
Interoperable Messaging (Invited)
DMA Stakeholder Workshop at European Commission: [PDF slides], [Video]
Strongly Anonymous Ratcheted Key Exchange
IACR Asiacrypt 2022: [PDF slides], [Video]
SoK: Game-based Security Models for Group Key Exchange
CT-RSA 2021: [PDF slides], [Video]
Resolving Concurrency in Group Ratcheting Protocols
IACR RWC 2021: [PDF slides], [Video]
Determining the Core Primitive for Optimally Secure Ratcheting
IACR Asiacrypt 2020: [PDF slides], [Summary Video]
On the Price of Concurrency in Group Ratcheting Protocols
IACR TCC 2020: [PDF slides], [Video]
Combiners for AEAD
IACR FSE 2020: [PDF slides], [Video]
Resolving Concurrency in Group Ratcheting Protocols
Secure Messaging Summit 2020: [PDF slides], [Video]
Guest lecture on the Signal Protocol (Invited)
Real World Crypto Engineering Course 2020, Paderborn University
Flexible Authenticated and Confidential Channel Establishment (fACCE): Analyzing the Noise Protocol Framework
IACR PKC 2020: [PDF slides], [Video], [Summary Video]
Taming Complexity of Messaging to understand its Security
ZISC Lunch Seminar, ETH Zürich: [PDF slides]
Definitional Foundations of Ratcheting and their Impact on Practice (invited)
Workshop on Secure Messaging, IACR Eurocrypt 2019: [PDF slides]
Towards Bidirectional Ratcheted Key Exchange
IACR CRYPTO 2018: [PDF slides], [Video]
Generalization and Modularization of the ACCE Model
SKECH Workshop 2018: [PDF slides]
Consequences of Complexity in Group Instant Messaging using the Example of WhatsApp and Signal
RuhrSec 2018: [PDF slides], [Video]
More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema
IEEE EuroS&P 2018: [PDF slides]
Complexity of Group Communication in Instant Messaging
CryptoAction Symposium 2018: [PDF slides]
Instant Messaging in Gruppen: Schwachstellen trotz sicherer Verschlüsselung (invited)
Paderborner Tag der IT-Sicherheit 2018: [PDF slides]
On the end-to-end security of group chats
IACR RWC 2018: [PDF slides], [Video]
Datenschutz und Sicherheit von Instant-Messaging-Protokollen
a-i3/BSI-Symposium 2017: [PDF slides]

Paul Rösler + 2023-03-29