Hi, my name is Elena Andreeva
I am an Associate Professor in the Security and Privacy Research Unit at TU Wien, Austria. Previously, I was an Assistant Prof. at DTU, Denmark, a Lecturer at the University of Klagenfurt, Austria and a Research Expert at COSIC, KU Leuven, Belgium. My postdoc. and doc. research was funded by grants from the Flemish Research Foundation. My PhD was supervised by Prof. Bart Preneel. I hold a Master’s degree in CS from the University of Saarland, Germany.
My research focuses on theory and applications of cryptography related to symmetric authenticated encryption, block ciphers and forkciphers, hash functions, privacy-friendly protocols, and blockchains. I am interested in theoretical foundations and practical cryptographic algorithms for secure data communications, storage and private computation.
News
Our paper, Power Analysis and Countermeasures on the MiMC Block Cipher, is accepted at the annual Conference on Cryptographic Hardware and Embedded Systems CHES 2026. Our work demonstrates powerful SC attacks exploiting carry propagation, reducing key entropy and enabling full key recovery with 100 traces in the profiled setting. It introduces shuffled Redundant Number Representation (RNR) as a lightweight countermeasure for large-field block ciphers, an approach previously used mainly in RSA and ECC and contains experimental validation showing resistance against leakage while incurring only ~50% overhead, significantly outperforming traditional first-order masking in terms of efficiency.
Our paper, Boosting Efficiency and Security in Arithmetization-Oriented Hashing for Zero-Knowledge Proof Systems is accepted to USENIX Security Symposium 2026! We propose PA and PAX hash designs with provably optimal collision and preimage resistance.PAX is proven indifferentiable from a random oracle, providing strong composability guarantees for cryptographic protocols. Our designs are up to 2× faster than Sponge-based constructions in SW implementations, up to 60% faster in proof generation in the Plonky2 framework, and up to 10% less costly in proving costs for Groth16/R1CS circuits.
Our paper PUE Schemes: Efficient Updatable Encryption With Robust Security From Symmetric Primitives was presented in AsiaCCS'26.
Our Sonikku MACs demonstrate superior speed and state size compared to SotA MACs and provide beyond birthday bound security: to be presented at CANS 2025 and part of the program at ArcticCrypt 2025.
The first and most efficient attacks on the XCBv1 and XCBv2 IEEE 1619.2 standard (as a consequence the standard was withdrawn) for encryption of sector-oriented storage media was presented to CRYPTO 2025.
Our paper on efficient algebraic hash functions is accepted at IEEE CSF 2024. Our Poseidon-DM is up to 3× faster than Poseidon and 2× faster than Poseidon2 in native x86 execution, and up to 1.5× faster in the Groth16 framework and up to 1.9× faster in Plonky2.
Our new Skye KDF and its application to Signal (like) protocol(s) was presented at ACM ASIACCS 2024.
n-to-8n-bit expanding PRF Butterknife and encryption, MAC and deterministic authenticated encryption applications of it are presented at ACNS 2024.
Professional Activities
Program co-chair: SECITC 2026
Program committees 2027, 2026, 2025, 2024: ACNS'25-27, IACR Communications in Cryptology 25/26, ISC'26, ProvSec'24/26, SCN'26, Indocrypt'26 ACISP'26, Africacrypt'24-26, ASIACRYPT'24-25, CT-RSA'25, USENIX'24, ToSC tool evaluation 2024, ProvSec'24, Africacrypt'24
Cryptographic designs
GEM: n-bit (beyond birthday bound) secure tweakable enciphering mode with efficient AES-based instances KohiNoor and DaryaiNoor.
Skye: efficient and secure key derivation function, well suited for Signal-style KDF applications.
ABR tree hashing: optimally efficient collision secure tree hash function.
Forkcipher: input expanding symmetric primitive. The ForkSkinny (n-to-2n) forkcipher in authenticated encryption modes is selected to Round 2 in the NIST lightweight AEAD competition.
ButterKnife: n-to-8n-bit expanding function based on AES and used in SAFE and ZAFE n-bit secure and highly efficient deterministic AE.
COLM: the development of AES-COPA AEAD and a one of the winners in the defense-in-depth category of the CAESAR AEAD competition.
PRIMATEs: lightweight AEAD family {APE, Hanuman, Gibbon} and selected to Round 2 in the CAESAR AEAD competition.
Interviews/Magazines
BTA (Bulgarian Telegraph Agency) България все по-често присъства на картата на световната криптографска общност, read full interview from here. (in bulgarian)
Alumni-Magazin der TU Wien, Cryptographic Standards: the Good, the Bad and The Ugly, TU Wien onto breaking and making, typo GCM is a typo of GSM, (in english)
Puls4 documentary «Attack from within the Internet» (in german)
The Digital Shield: How Cryptography is Turning the Tide in Cybercrime (in english)
#HUSpotlight: In Conversation with ... (in english)
Women in CS & Engineering, A Session with ... (in english)