Cryptanalysis (SS 2021)
Cryptanalytic attacks and how they guide cryptographic design
Table of Content
Cryptanalytic attacks define the security of cryptographic algorithms, and understanding them is crucial to understand cryptographic design. This lecture aims to give you some in-depth knowledge of several recent state-of-the-art topics in cryptography, with a focus on cryptanalysis:
- Classic and quantum algorithms for factoring and discrete log
- Cryptanalysis of block ciphers (differential, linear, algebraic)
- Cryptanalysis of hash functions and stream ciphers
- Lattices and continued fractions in cryptanalysis
In the exercises, you will implement some of these attacks to solve cryptanalytic challenges. In the seminar, additional selected topics may be presented by participants — see below for a list of suggested topics.
This course is equivalent to the previous course “Applied Cryptography 2” (SS 2020).
Lecture and Seminar
|04.03.2021||ME||L1 – Factoring and Continued Fractions||YouTube|
|11.03.2021||ME||L2 – Discrete Logarithm||YouTube|
|18.03.2021||MS||L3 – Quantum Cryptanalysis||YouTube|
|25.03.2021||ME||L4 – Lattices||YouTube|
|15.04.2021||MS||L5 – TLS security & Protocol Attacks||YouTube|
|22.04.2021||ME||L6 – Differential Cryptanalysis||YouTube|
|29.04.2021||MS||L7 – Advanced Differential Attacks||YouTube|
|06.05.2021||ME||L8 – Linear Cryptanalysis||YouTube|
|20.05.2021||MS||L9 – Sponges & Stream Ciphers||YouTube|
|27.05.2021||MS||L10 – Algebraic Attacks||YouTube|
|17.06.2021||T4||S1 – Code-based PQ Crypto||WebEx|
|24.06.2021||T7||S2 – Security of Password Hashing||WebEx|
|01.07.2021||VO Exam (oral, first date)||Discord|
All videos are listed in the YouTube playlist.
|18.03.2021||Team registration deadline||STicS|
|18.03.2021||T1 – Asymmetric Cryptanalysis||After L3|
|22.04.2021||T1 – Question session||After L6|
|29.04.2021||T1 – Submission deadline (23:59)||STicS|
|11.05.2021||T1 – Assignment interviews (individual slots)||Discord|
|06.05.2021||T2 – Symmetric Cryptanalysis (figures)||After L8|
|27.05.2021||T2 – Question session|
|10.06.2021||T2 – Submission deadline (23:59)||STicS|
We’re available for individual KU questions after each lecture on Discord.
In the exercises, you implement cryptanalysis techniques from the lecture in teams of 2. To get a grade, you submit your implementations for 2 assignments, which we will discuss with you in a final interview ("Abgabegespräch"). Use the Student Tick System (STicS) to register your team and upload your submissions. We usually won't need the 16:30–17:15 KU timeslots (except for question times and seminar presentations).
Lecture exams and seminar talks (VO)
There are 2 ways to get a grade for the VO:
Exam mode: Write exam at the end of the term or take an oral exam later
- You can find the exam dates and registration in TUGRAZonline.
Seminar mode: Participate actively in KU+VO and give a seminar presentation in one of the last lectures (45 minutes), for example on
- Block Ciphers: Division Property
- Block Ciphers: Zero-Correlation and Multidimensional Linear Cryptanalysis
- Block Ciphers: MitM and Biclique Attacks
- Hash Functions: Rebound Attack
- Hash Functions: Cryptanalytic Exploits (MD5 Certificates etc.)
- Authenticated Encryption: Security Proofs and Robustness
- Algebraic Attacks: Gröbner Basis, etc.
- RSA: (In)Security in Practice
- Elliptic-Curve Cryptography: Secure Curves
- Post-Quantum: Lattices and Learning with errors
- Post-Quantum: Coding-based Cryptography
- Selected Topics: Implementation Security and Masking
- Selected Topics: Statistical Ineffective Fault Attacks
- Selected Topics: Backdoors in Cryptography
- Selected Topics: Security of Password Hashing
All lectures and exercises are conducted virtually this year.
The lectures are streamed live on Youtube (URLs below and in your calendar). For most contents, recordings will be available afterwards.
Video meetings for exercise interviews and question sessions are on Discord, where you can also ask written questions at any time.
For the optional seminar talk, you will have the choice between online and live presentations if conditions permit. The alternative is a virtual oral lecture exam.
The lecture slides are reasonably self-contained, but often briefly phrased.
If you prefer full-text resources, you may find some of the following books interesting:
- The Block Cipher Companion, by L.R. Knudsen and M.J.B. Robshaw
- An Introduction to Mathematical Cryptography, by J. Hoffstein, J. Pipher, and J.H. Silverman