Cryptanalysis (SS 2023)
Cryptanalytic attacks and how they guide cryptographic design
Table of Content
Cryptanalytic attacks define the security of cryptographic algorithms, and understanding them is crucial to understand cryptographic design. This lecture aims to give you some in-depth knowledge of several recent state-of-the-art topics in cryptography, with a focus on cryptanalysis:
- Classic and quantum algorithms for factoring and discrete log
- Cryptanalysis of block ciphers (differential, linear, algebraic)
- Cryptanalysis of hash functions and stream ciphers
- Lattices and continued fractions in cryptanalysis
In the exercises, you will implement some of these attacks to solve cryptanalytic challenges. In the seminar, additional selected topics may be presented by participants — see below for a list of suggested topics.
Lecture and Seminar
|02.03.2023||ME||L1 – Discrete Logarithm||YouTube|
|09.03.2023||ME||L2 – Factoring and Continued Fractions||YouTube|
|16.03.2023||MN||L3 – Quantum Cryptanalysis||YouTube|
|23.03.2023||RW||L4 – Lattices||YouTube|
|30.03.2023||ME||L5 – Linear Cryptanalysis||YouTube|
|20.04.2023||MN||L6 – Differential Cryptanalysis||YouTube|
|27.04.2023||ME||L7 – Advanced Differential Attacks||YouTube|
|04.05.2023||ME||L8 – Sponges & Stream Ciphers||YouTube|
|11.05.2023||HH||L9 – Algebraic Attacks||YouTube|
|25.05.2023||MN||LA – TLS security & Protocol Attacks||YouTube|
|15.06.2023||you||Seminars (T2, T9)|
|22.06.2023||you||Seminars (TC, T3)|
|16.03.2023||Team registration deadline||TeachCenter|
|16.03.2023||T1 – Asymmetric Cryptanalysis||After L3 in HS i1|
|20.04.2023||T1 – Submission deadline (23:59)||git|
|28.04.2023||T1 – Assignment interviews (individual slots)||Office|
|27.04.2023||T2 – Symmetric Cryptanalysis||After L7 in HS i1|
|01.06.2023||T2 – Submission deadline (23:59)||git|
|tbd||T2 – Assignment interviews (individual slots)||Office|
For questions outside lecture times, contact us via the
#cryptanalysis Discord channel or by email.
In the exercises, you implement cryptanalysis techniques from the lecture in teams of 2. To get a grade, you submit your implementations for 2 assignments, which we will discuss with you in a final interview (“Abgabegespräch”). Use TeachCenter to register your team and git for your submissions. We usually won’t need the 16:30–17:15 KU timeslots (except for question times and seminar presentations).
Lecture exams and seminar talks (VO)
There are 2 ways to get a grade for the VO:
- Exam mode: Write exam at the end of the term or take an oral exam later. Register for an exam date in TUGRAZonline or contact us if none is available.
- Seminar mode: Participate actively in KU+VO and give a seminar presentation in one of the last lectures (30 minutes) accompanied by a short report (8 pages) in your team, for example on
- Block Ciphers: Division Property | MitM and Biclique Attacks | Boomerang Attacks | …
- Hash Functions: Rebound Attack | Cryptanalytic Exploits (MD5 Certificates etc.) | …
- Authenticated Encryption: Security Proofs and Robustness | …
- RSA: (In)Security in Practice | Secure Key Generation | …
- Post-Quantum: Coding-based Cryptography | Lattices and Learning with errors | …
- Implementation Security: Secure Masking | Statistical Ineffective Fault Attacks | …
We treat the involvement of ChatGPT and similar tools the same way as the involvement of another natural person. That is, for involvement that qualifies as plagiarism or an impermissible level of assistance, the consequences will be the same in both cases to the strictest extent possible.
The lecture slides are reasonably self-contained, but often briefly phrased.
If you prefer full-text resources, you may find some of the following books interesting:
- The Block Cipher Companion, by L.R. Knudsen and M.J.B. Robshaw
- An Introduction to Mathematical Cryptography, by J. Hoffstein, J. Pipher, and J.H. Silverman