Cryptanalysis (SS 2022)
Cryptanalytic attacks and how they guide cryptographic design
Table of Content
Cryptanalytic attacks define the security of cryptographic algorithms, and understanding them is crucial to understand cryptographic design. This lecture aims to give you some in-depth knowledge of several recent state-of-the-art topics in cryptography, with a focus on cryptanalysis:
- Classic and quantum algorithms for factoring and discrete log
- Cryptanalysis of block ciphers (differential, linear, algebraic)
- Cryptanalysis of hash functions and stream ciphers
- Lattices and continued fractions in cryptanalysis
In the exercises, you will implement some of these attacks to solve cryptanalytic challenges. In the seminar, additional selected topics may be presented by participants — see below for a list of suggested topics.
Lecture and Seminar
|Date||Who||Lecture (16:00-17:30 in HS i1)||Video (2021)|
|03.03.2022||ME||L1 – Factoring and Continued Fractions||YouTube|
|10.03.2022||ME||L2 – Discrete Logarithm||YouTube|
|17.03.2022||MS||L3 – Quantum Cryptanalysis||YouTube|
|24.03.2022||RW||L4 – Lattices||YouTube|
|31.03.2022||MS||L5 – TLS security & Protocol Attacks||YouTube|
|07.04.2022||MN||L6 – Differential Cryptanalysis||YouTube|
|28.04.2022||ME||L7 – Linear Cryptanalysis||YouTube|
|05.05.2022||ME||L8 – Advanced Differential Attacks||YouTube|
|12.05.2022||MS||L9 – Sponges & Stream Ciphers||YouTube|
|19.05.2022||MS||LA – Algebraic Attacks||YouTube|
|02.06.2022||you||Seminars (T1, T2, T6)|
|09.06.2022||you||Seminars (T7, T8)|
We have two guest talks this year by Roman Walch (L4) and Marcel Nageler (L6).
All videos from SS 2021 are listed in the YouTube playlist.
|17.03.2022||Team registration deadline||TeachCenter|
|17.03.2022||T1 – Asymmetric Cryptanalysis||After L3 in HS i1|
|28.04.2022||T1 – Submission deadline (23:59)||git|
|05.05.2022||T1 – Assignment interviews (individual slots)||Office|
|05.05.2022||T2 – Symmetric Cryptanalysis||After L8 in HS i1|
|09.06.2022||T2 – Submission deadline (23:59)||git|
|23.06.2022||T2 – Assignment interviews (individual slots)||Office|
In the exercises, you implement cryptanalysis techniques from the lecture in teams of 2. To get a grade, you submit your implementations for 2 assignments, which we will discuss with you in a final interview (“Abgabegespräch”). Use TeachCenter to register your team and git for your submissions. We usually won’t need the 16:30–17:15 KU timeslots (except for question times and seminar presentations).
Lecture exams and seminar talks (VO)
There are 2 ways to get a grade for the VO:
- Exam mode: Write exam at the end of the term or take an oral exam later. Register for an exam date in TUGRAZonline or contact us if none is available.
- Seminar mode: Participate actively in KU+VO and give a seminar presentation in one of the last lectures (30 minutes) accompanied by a short report (10 pages) in your team, for example on
- Block Ciphers: Division Property | MitM and Biclique Attacks | Boomerang Attacks | …
- Hash Functions: Rebound Attack | Cryptanalytic Exploits (MD5 Certificates etc.) | …
- Authenticated Encryption: Security Proofs and Robustness | …
- RSA: (In)Security in Practice | Secure Key Generation | …
- Post-Quantum: Coding-based Cryptography | Lattices and Learning with errors | …
- Implementation Security: Secure Masking | Statistical Ineffective Fault Attacks | …
All lectures and exercises are conducted in presence this year.
From the virtual lecture in SS 2021, recordings are available on Youtube.
Exercise interviews and question hours will be conducted either in presence or on Discord, where you can also ask written questions at any time.
For the optional seminar talk, you will have the choice between online and live presentations if conditions permit. The alternative is a written on-campus lecture exam.
The lecture slides are reasonably self-contained, but often briefly phrased.
If you prefer full-text resources, you may find some of the following books interesting:
- The Block Cipher Companion, by L.R. Knudsen and M.J.B. Robshaw
- An Introduction to Mathematical Cryptography, by J. Hoffstein, J. Pipher, and J.H. Silverman