MAD 6478- Course Information

MAD 6478: Cryptanalysis

The course explains standard techniques used for analyzing and attacking different types of cryptographic schemes. A main focus of the course is on understanding the possibilities and limits of modern frameworks offering provable security guarantees. During the course you are supposed to learn which kind of attacks against asymmetric encryption and signature schemes can provably be excluded with available theoretical tools, and which type of attacks are not covered by commonly applied models. To this aim, you should also be able to judge the potential of side channel attacks, e.g., based on the use of timing information or on information about the power consumption of a device. Finally, after completion of the course you should be aware of problems that can arise when composing several cryptographic protocols.

The following topics that are to be discussed:

Introduction: security issues with textbook schemes
Formalizing security requirements, constructions for provably secure encryption schemes with and without idealizing assumptions
Beyond encryption: Attack models for different types of cryptographic tasks, e.g., for signature and (group) key establishment schemes
Side channel attacks, e.g., timing attacks and differential power analysis
Attacks on the protocol level, secure composition of cryptographic protocols

More information on the course is available in the syllabus, and comments are welcome.

Topics Discussed in Class

01/07/08: basic requirements on signature schemes
Literature: D. Pointcheval: Provable Security for Public Key Schemes
01/09/08: Desmedt-Odlyzko selective forgery attack
Literature: [A. Menezes: Evaluation of Security Level of Cryptography: RSA Signature Schemes (PKCS#1 v.1.5, ANSI X9.31, ISO 9796), Sec. 3]
01/11/08: attacking a sloppy ElGamal signature verification
Literature: D. Bleichenbacher: Generating ElGamal signatures without knowing the secret key
01/14/08: formalizing security requirements for signature schemes
Literature: D. Pointcheval: Provable Security for Public Key Schemes
01/16/08: formalizing security requirements for hash functions
Literature: P. Rogaway and T. Shrimpton: Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance
01/18/08: signing with a trapdoor one-way permutation in the random oracle model
Literature: M. Bellare and P. Rogaway: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols
01/23/08: RSA-PSS
Literature: PKCS #1 v2.1: RSA Cryptography Standard
01/25/08: security notions for public key encryption
Literature: D. Pointcheval: Provable Security for Public Key Schemes
01/28/08: security notions for public key encryption, Bellare-Rogaway construction for encrypting with a trapdoor-one-way permutation in the random oracle model
Literature: D. Pointcheval: Provable Security for Public Key Schemes
01/30/08: Bellare-Rogaway construction, Optimal Asymmetric Encryption Padding
Literature: D. Pointcheval: Provable Security for Public Key Schemes, PKCS #1 v2.1: RSA Cryptography Standard
02/01/08: Fujisaki-Okamoto conversion to achieve IND-CCA security in the random oracle model
Literature: E. Fujisaki and T. Okamoto: How to Enhance the Security of Public-Key Encryption at Minimum Cost
02/04/08: tightness of security reductions
Literature: D. Pointcheval: Provable Security for Public Key Schemes
02/06/08: introduction to side-channel attacks
Literature: P. Kocher, J. Jaffe, B. Jun: Differential Power Analysis
02/08/08: differential power analysis
Literature: P. Kocher, J. Jaffe, B. Jun: Differential Power Analysis, M. Aigner and E. Oswald: Power Analysis Tutorial
02/11/08: timing attacks
Literature: P. Kocher: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
02/13/08: timing attacks
Literature: D. Brumley and D. Boneh: Remote Timing Attacks are Practical, R. S., W. Geiselmann, R. Endsuleit: Attacking a polynomial-based cryptosystem: Polly Cracker
02/15/08: cryptanalysis of EnRoot
Literature: F. Bao et al.: Cryptanalysis of Two Sparse Polynomial Based Public Key Cryptosystems
02/18/08: cryptanalysis of SPIFI
Literature: F. Bao et al.: Cryptanalysis of Two Sparse Polynomial Based Public Key Cryptosystems
02/20/08: HFE
Literature: J. Patarin: Hidden Field Equations (HFE) and Isomorphisms of Polynomials (IP): two new Families of Asymmetric Algorithms
02/22/08: validating input in a one-pass Diffie-Hellman protocol
Literature: A. Antipa et al.: Validation of Elliptic Curve Public Keys
02/25/08: hidden collisions on DSS
Literature: S. Vaudenay: Hidden Collisions on DSS
02/27/08: attacks using fault induction
Literature: H. Bar-El. et al.: The Sorcerer's Apprentice Guide to Fault Attacks
02/29/08: concurrent protocol execution
Literature: G. Lowe: Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR
03/10/08: introduction to (group) key establishment
Literature: J.-M. Bohli et al.: Secure group key establishment revisited
03/12/08: modeling security of (group) key establishment protocols
Literature: J.-M. Bohli et al.: Secure group key establishment revisited
03/14/08: group key establishment: an example
Literature: J.-M. Bohli et al.: Secure group key establishment revisited
03/17/08: insider attacks in a group key establishment: an example
Literature: J.-M. Bohli et al.: Secure group key establishment revisited
03/19/08: from passively to actively secure group key establishment
Literature: J. Katz and M. Yung: Scalable Protocols for Authenticated Group Key Exchange
03/21/08: introduction to universal composability
Literature: R. Canetti: Universally Composable Security: A New Paradigm for Cryptographic Protocols
03/24/08: introduction to universal composability
Literature: R. Canetti: Universally Composable Security: A New Paradigm for Cryptographic Protocols
03/26/08: universal composition theorem, examples
Literature: R. Canetti: Universally Composable Security: A New Paradigm for Cryptographic Protocols
03/28/08: formalizing secure public key encryption in the UC framework
Literature: R. Canetti: Universally Composable Security: A New Paradigm for Cryptographic Protocols
03/31/08: an example of threshold cryptography
Literature: Distributed Cryptography
04/02/08: a chosen ciphertext attack on a standardized variant of OAEP
Literature: J. Manger: A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0
04/04/08: signcryption
Literature: J. H. An et al.: On The Security of Joint Signature and Encryption
04/07/08: a proposal for a signcryption scheme
Literature: Y. Zheng: Digital Signcryption or How to Achieve Cost(Signature & Encryption) << Cost(Signature) + Cost(Encryption)
04/09/08: defining security for identity-based signcryption
Literature: J. Malone-Lee: Identity-Based Signcryption
04/11/08: a proposal for identity-based signcryption
Literature: J. Malone-Lee: Identity-Based Signcryption
04/14/08: another example for identity-based signcryption
Literature: L. Chen and J. Malone-Lee: Improved Identity-Based Signcryption
04/16/08: presentation on MQV
04/18/08: presentation on WPA
04/21/08: presentation on IPsec
04/23/08: presentation on proactive secret sharing

For questions or comments, please feel free to contact me anytime (see my homepage for email, phone number, etc.).

Apr 23, 2008