A determined and fiercely loyal little monster

Mephic stalwartly guards the home page of Thomas Kerber

directory read write execute



Pistis ("faith"), demonstrates how to securly generate updateable structured reference strings in a distributed ledger, by requiring miners to perform updates for an initial setup period.


Kachina is a research project for constructing privacy-preserving smart contracts using just zero-knowledge. Kachina is to appear in the 2021 IEEE Computer Security Foundations Symposium.

Ouroboros Crypsinous

Ouroboros Crypsinous is a privacy-preserving proof-of-stake protocol, allowing users to privaty spend coins while still participating in a proof-of-stake protocol. Crypsinous has been published in the proceedings of the 2019 IEEE Symposium on Security and Privacy.


Yggdrasil is an executable formalisations of the exeuction semantics of computably secure protocols. Yggdrasil is currently not being worked on, but may see more activity again in the future.



Hedgehog is a project for an open-source two-factor authentication token with a display. Traditional two-factor authentication token have a button, which can be used to authenticate. They do not protect against man-in-the-browser attacks however, which might authenticate to something different than the user though, to e.g. authorise a bank login instead of a github login. A screen prevents this ambiguity.


Goblin is a command-line extensible password manager with built in version control. It is built to be scriptable, prioritising a convenient front end, and a minimal "core" functionality.


A smart-card filesystem bruteforcing tool for PCSC compliant smart cards. Exhaustively finds all files on the smartcards filesystem, and extracts them.

BSc Project

A proof-of-concept implementation of an Ethereum soft-fork extension to utilise verifiable computation in contracts. The final year project for my BSc in Computer Science.

Abandoned Projects


A keyboard-driven webkit-based browser written in Go. Was abandoned due to webkit-gtk being only shakily supported, and better alternatives being available, such as qutebrowser.


A terminal-based password manager. Deprecated in favour of goblin.