Introduction to cryptography
I teach Introduction to cryptography [NDMI100] in the winter semester of 2019/2020. The lecture will cover the basics of both theoretical and practical cryptography, focusing on protocols currently used in the Internet.
Lectures are scheduled on Wednesdays from 14:00 in S8.
If you want to contact me and consult anything, you are welcome to visit me in room S322 or to write me an e-mail to mares+kry@kam.mff.cuni.cz.
date | topics |
---|---|
9. 10. | Cryptographic primitives: symmetric and asymmetric ciphers, hash functions, random generators. Protocols and roles. Kerckhoffs principle. Simple protocols: multi-party communication, signatures, message authentication codes, hybrid ciphers, challenge-response authentication. Designing an auction protocol: padding, nonces, sequence numbers, session IDs, signatures. Know your enemy. Basic types of cryptographic attacks. Security level. Puzzle: How to toss a coin over a phone call? |
16. 10. | Different kinds of "Birthday attacks". One-time pad and Vernam's cipher. Perfect security and its limits. Secret sharing and threshold schemes (construction with polynomials). Commitment using hash functions. |
23. 10. | Introduction to symmetric ciphers. Block ciphers: trivial examples, an attempt to define security, ideal block ciphers. General constructions: iterated ciphers, substitution-permutation networks, Feistel networks. DES: history, structure, key schedule, critique, work-arounds (3-DES). Similarly for AES a.k.a. Rijndael. Puzzle: Why is the security level of 2-DES only 57 bits? |
30. 10. | How to (mis)use a block cipher: padding, modes ECB, CBC, OFB, and CTR; ciphertext stealing. Information leaks in CBC and OFB/CTR. Padding oracle attacks on CBC. Stream ciphers: LFSR-based constructions, Trivium. |
6. 11. | Stream ciphers: RC4, ChaCha20. Hash functions: requirements, Merkle-Damgård construction by iterating compression function. How to obtain a compression function: Davies-Meyer construction from a block cipher, MD5, SHA-1, SHA-2. Sponge functions: principle and analysis for random permutations. |
13. 11. | Plan: Sponge functions: Keccak, SHA-3, SHAKE-n and others. Birthday attacks on hash functions. Parallel hashing: Merkle trees, Sakura. Symmetric signatures (MACs): construction from hash functions (HMAC), different ways of combining a MAC with a cipher. Information-theoretic MAC from 2-independent linear functions or from polynomials; practical applications: GCM mode, Poly1305. Generating random bits: pseudo-random generators from symmetric ciphers, physical randomness (LavaRand, circular oscillators, …), combining both – Fortuna, RDRAND, /dev/random. |
Sources
- Web page of the previous run of this lecture (in Czech).
- Niels Ferguson, Bruce Schneier: Practical Cryptography. Wiley Publishing, 2003.
- Jonathan Katz, Yehuda Lindell: Introduction to Modern Cryptography, 2nd Edition. CRC Press, 2015.
- Douglas Stinson, Maura Paterson: Cryptography – Theory and Practice. CRC Press, 2018.
- Dan Boneh, Victor Shoup: A Graduate Course in Applied Cryptography.
- Mike Rosulek: The Joy of Cryptography.
- Ross Anderson: Security Engineering, Wiley Publishing, 2008.
- Martin Mareš: Algoritmy okolo teorie čísel (in Czech).
- Ivan Ristić: Bulletproof SSL and TLS, Feisty Duck Publishing, 2017.