×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security

Master Thesis Project | Securing Yivi’s EUDI Wallet Transition HSM- Architecture

Job in 3500, Utrecht, Utrecht, Netherlands
Listing for: Caesar Experts
Apprenticeship/Internship position
Listed on 2025-12-14
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 EUR Yearly EUR 60000.00 80000.00 YEAR
Job Description & How to Apply Below
Position: Master Thesis Project | Securing Yivi’s EUDI Wallet Transition with an HSM-Based Architecture

Master Thesis project proposal

“Designing and implementing a HSM-Based Architecture for Yivi's Transition to an EUDI Wallet with enhanced security against high-potential attackers”

Context and motivation Background

Yivi is a privacy-preserving digital identity platform that has successfully launched passport credentials in production using IRMA/Idemix protocols based on zero-knowledge proof (ZKP) schemes. With the introduction of the EU Digital Identity (EUDI) Wallet regulation (eIDAS 2.0), Yivi aims to evolve into a compliant EUDI wallet while maintaining its strong privacy guarantees.

Strategic challenge

Yivi faces a fundamental architectural challenge: transitioning from a ZKP-focused architecture to a cryptographically agile system that supports multiple credential formats (SD-JWT VC, ISO 18013-5 mDL, IRMA) and protocols (OpenID4VP, ISO 18013-5) while significantly strengthening security against high-potential attackers as required by eIDAS regulation.

The Keyshare Protocol Problem

Yivi's current keyshare protocol ((Use the "Apply for this Job" box below).) requires fundamental renewal to:

  • Support multiple credential formats beyond IRMA/Idemix
  • Provide hardware-backed key security using HSMs
  • Meet eIDAS assurance level High requirements
  • Protect against nation-state level attackers
  • Maintain Yivi's privacy-first principles
Research objectives

Primary objective

Prototype a renewed keyshare protocol architecture for Yivi that enables cryptographic agility, HSM-based security, and EUDI wallet compliance while preserving privacy guarantees, based on the Split-ECDSA (SECDSA, Verheul (2024) approach.

Specific research questions RQ1:
Architecture design

How can Yivi's keyshare protocol be redesigned to support multiple cryptographic schemes (IRMA/Idemix, ECDSA, EdDSA, ECDH-MAC) while maintaining a unified security model?

RQ2: HSM Integration

What HSM-based architecture patterns can provide hardware-bound key security for Yivi while remaining implementable on standard PKCS#11 HSMs without vendor lock-in?

RQ3:
Security enhancement
  • Verifiable sole control under high attack potential
  • Protection against PIN brute-force even with compromised devices
  • Publicly verifiable transaction transparency
RQ4:
Protocol compatibility
  • IRMA credentials and protocols
  • EUDI wallet protocols (OpenID4VP, ISO 18013-5)
RQ5:
Privacy Preservation
  • How can cryptographic agility be achieved without compromising Yivi's unique privacy properties, particularly unlinkability across credential presentations?
Student profile

We are looking for a motivated university-level student in Computer Science, Cyber Security or a closely related discipline. You have a strong affinity with cryptography, digital identity, and privacy-preserving technologies, and you are eager to apply academic knowledge to a real-world, high-impact use case. You work independently, think analytically, and are comfortable exploring complex technical concepts.

Thesis benefits
  • Professional supervision from specialists in cryptography, identity management, and EUDI Wallet technologies
  • Regular feedback and technical sparring sessions throughout the thesis process
  • Access to technical documentation, development environments, and research materials relevant to the assignment
  • A monthly thesis compensation of €500 (based on a 40-hour commitment; exceptions possible)
  • Flexible working arrangements, including hybrid work options
  • Opportunities to publish or present your research within the organization
  • Real-world impact: your work may directly contribute to the integration of Yivi as an EUDI Wallet
References Academic
  • SECDSA:
    Mobile signing and authentication under classical “sole control” /910
  • Privacy-Preserving Credentials:
    Camenisch et al .pdf
Other
  • What is Yivi -yivi
  • IRMAGO
  • EUDI Wallet ARF: EU Commission - Regulatory framework /
Contact Primary contact person

Dibran Mulder, CTO Caesar Groep & Yivi

d.mulder

Address:

Janssoniuslaan 80

3528 AJ Utrecht

Websites:

.app

.nl

#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search