2DMI10 — Applied Cryptography — 2018
Teachers
Default Schedule
Dates and time: | | Location: |
Tuesday, 10:45 - 12:45 | | FLUX 0.01 |
Thursday, 13:30 - 15:30 | | AUD 10 |
Last lecture on Thursday, January 10th.
Lecture Videos
All lectures are recorded. The videos should be online the day after the lecture. You can find the videos at the
TU/e Mediasite (videocollege.tue.nl) under TU/e lectures → (2) Computer Science → 2DMI10 (2017-2018).
Purpose
At the end of this course:
- you understand the cryptography behind modern cryptographic system
- and how it interacts with higher protocol levels;
- you know how to choose the right crypto primitive for a situation;
- you know how to analyze the security of security systems involving cryptography.
Topics
This course deals with modern applications of cryptography. Topics covered are
- security proofs for real world primitives (the random oracle model),
- cryptographic aspects of internet protocols (TLS, IPsec),
- cryptographic aspects of anonymity networks (Mixnets, Tor),
- cryptographic aspects of private online communication (OTR, Signal),
- public-key infrastructure (PKI) including trust models and validation models for X.509 and PGP,
- real-world problems such as kleptography,
- cryptographic aspects of e-cash including Bitcoin,
- post-quantum cryptography
- identity-based cryptography, and
- other recent topics in real world cryptography (e.g., we covered DNSSEC and Password hashing in previous years).
These topics will be explained and failure cases and popular attacks will be pointed out.
Exam
This year examination consists of one written assignment and (for the first time) an exam.
The written assignment will be to discuss a research paper in one of the topics covered in the course.
The assignment accounts for 1/2 of the final grade. The other 1/2 is your exam grade.
All papers must be submitted encrypted and signed by email.
The exam is scheduled for Monday, 21 January 2019, 13:30 - 16:30 in Gemini-Zuid, rooms 3A.12 and 3A.13.
The exam will be a short quiz about the contents of the course.
The exam is closed book, however, you are allowed to bring one sheet of A4 paper, with hand-written notes on both sides.
As I was asked this several times: I will not ask you to write a proof (but I might ask about the concept of proofs).
Assignments
- Assignment description.
Deadlines: |
Publication of assignment: | Thursday, December 13th. |
Choice of topic: | before Wednesday, December 19th, 23:59. |
Assignment of topic: | till Monday, December 24th. |
Submission of paper: | before Friday, February 1st, 23:59. |
Resit
It is possible to redo the exam, the assignment, or both.
If you want to take a resit, please write me an email, specifying which part you want to redo.
The exam will most likely be replaced by an oral exam, depending on the number of people that register.
Lectures
Here you find for each lecture a note on what has been treated, the slides, and further literature for some topics.
Tuesday, November 13th
Lecture on PKI.
Slides: [pptx] [pdf]
Topics: PKI basics; X.509; PGP; Certificates; Trust Models; Direkt trust; Web of trust; Hierarchical trust; Certificate chain validation.
Further reading:
- J. Buchmann, E. Karatsiolis, and A. Wiesmaier. Introduction to Public Key Infrastructures. Springer, 2013.
Remember to set up PGP for email. Starting next week I will not accept unsigned / unencrypted emails for this class anymore.
My proposed solution is to use Thunderbird as email client together with the enigmail plugin. However, there exist workable solutions for all set-ups. Please test your set-up with fellow students (if you do not use the TB+enigmail set-up, preferably with fellow students with a different set-up to test for compatibility!). Don't forget to upload your public key on a key server.
Thursday, November 15th
Lecture on PKI.
Slides: [pptx] [pdf]
Topics: PKI; X.509 Certificates; Revocation (CRL, OCSP, Novomodo); WebPKI (Incidents and counter measures).
Further reading:
Tuesday, November 20th
Lecture on IPsec and SSL/TLS.
Slides: [pdf]
Topics: Crypto on different layers of the network stack; IPsec; SSL and TLS.
Further reading:
- RFC 8446 TLS 1.3
- For Internet protocols Wikipedia has very well written articles.
Thursday, November 22nd
Lecture on Attacks on SSL/TLS.
Slides: [pdf]
Topics: SSLstrip, BEAST, CRIME, BREACH, POODLE, FREAK, Logjam, ...
Further reading:
Tuesday, November 27th
Lecture by
Lorenz on elliptic curves.
Notes: [pdf]
Topics: Edwards curves, other curve forms, point counting, security, weak classes, projective coordinates.
Further reading:
Thursday, November 29th
Lecture by
Lorenz on elliptic curves.
Notes: [pdf]
Topics: Pairings, immediate consequences (transfer attacks, DDH solving, BLS signatures), pairings from elliptic curves (torsion subgroups, Weil pairing and modified Weil pairing), types of pairings.
Further reading:
Tuesday, December 4th
Lecture on security of in use RSA signature schemes.
Slides: [pptx] [pdf]
Topics: Attacks on textbook RSA signatures and variants; existential unforgeability under adaptive chosen message attacks; the random oracle model; full domain hash; RSA-PFDH with secruity reduction in ROM.
Further reading:
- Jonathan Katz. Digital Signatures. Springer, 2010
- J.-F. Misarsky. How (not) to design RSA signature schemes. International Workshop on Public Key Cryptography, PKC 1998, pp 14-28. Springer, 1998
- Jean-Sébastien Coron, David Naccache, Yvo Desmedt, Andrew Odlyzko, Julien P. Stern. Index Calculation Attacks on RSA Signature and Encryption. Designs, Codes and Cryptography, January 2006, Volume 38, Issue 1, pp 41-53. Springer 2006.
Thursday, December 6th
Lecture on identity-based cryptography.
Slides: [pdf]
Topics: Identity-based cryptography, models for IB signature schemes (IBS) and encryption (IBE), generic construction for (IBS), Shamir's IBS, ind-id-cca/cpa, Boneh-Franklin IBE, security reduction for BF-IBE.
Further reading:
- Notes I made for myself containing the security proof for the generic IBS scheme and the steps needed for factoring given n,e,d: [pdf]
- The original paper: Adi Shamir. Identity-based cryptosystems and signature schemes. Crypto'84, Springer, 1985.
- A nice book on the topic: Marc Joye and Gregory Neven. Identity-Based Cryptography. IOS Press, 2009.
- The proof for Shamir's and other IBS: M. Bellare, C. Namprempre, and G.Neven. Security Proofs for Identity-Based Identification and Signature Schemes. Eurocrypt'04. Springer, 2004.
Tuesday, December 11th
Lecture on electronic cash.
Slides: [pdf]
Topics: Blind Signatures, RSA Blind Signatures, Chaums eCash (online, offline), Bitcoin.
Further reading:
Thursday, December 13th
Lecture on anonymity networks.
Slides: [pdf]
Slides part 2: [pptx] [pdf]
Topics: Dining cryptographers, mix nets, Tor; Zero-knowledge proofs
Further reading:
Thursday, December 14th
Lecture on private social communication.
Slides: [pdf]
Topics: Secure chat protocols; OTR, mpOTR, SCIMP, Signal Protocol.
Further reading:
Tuesday, December 19th
Lecture on post-quantum cryptography.
Slides: [pdf] [pptx]
Topics: Quantum computation; conjectured quantum-hard problems; multivariate, code-base, lattice-based crypto; hash-based signatures.
Further reading:
Tuesday, January 8th
Lecture by
Mina Sheikh Alishahi on Secure Multi-party Computation.
Slides: [pdf]
Topics: Topics: Homomorphic encryption and application to different scenarios for MPC: love game, finding potential terrorists, face recognition, auction, distributed data clustering.
Further reading:
Thursday, January 10th
Lecture on Password Security and Password Hashing.
Slides: [pdf]
Topics: Different ways how to create passwords; dictionaries and rainbow tables; PBKDF2, bcrypt, scrypt, and Argon2.
Further reading:
Links
Latest modification: January 16, 2019.