• Programme
• Writing talks and theses
• Theses topics
• Teaching
  • Winter 2017
  • Summer 2017
  • IPEC Winter 2017
  • Winter 2016/2017
  • IPEC Summer 2016
  • Summer 2016
  • IPEC Winter 2016
  • Winter 2015/2016
  • IPEC Summer 2015
  • Summer 2015
  • IPEC Winter 2015
  • Winter 2014/2015
  • Cryptography
  • Topics in Applied Cryptography/Advanced cryptography: symmetric primitives
  • Lab Cryptography
  • IPEC Summer 2014
  • Summer 2014
  • IPEC Winter 2014
  • Winter 2013/2014
  • IPEC Summer 2013
  • Summer 2013
  • IPEC Winter 2013
  • Winter 2012/2013
  • IPEC Summer 2012
  • Summer 2012
  • IPEC Winter 2012
  • Winter 2011/2012
  • IPEC Summer 2011
  • Summer 2011
  • IPEC Winter 2011
  • Winter 2010/2011
  • IPEC Summer 2010
  • Summer 2010
  • IPEC Winter 2010
  • Winter 2009/2010
  • IPEC Summer 2009
  • Summer 2009
  • IPEC Winter 2009
  • Winter 2008/2009
  • IPEC Summer 2008
  • Summer 2008
  • IPEC Winter 2008
  • Winter 2007/2008
  • IPEC Summer 2007
  • Summer 2007
  • IPEC Winter 2007
  • Winter 2006/2007
  • IPEC Summer 2006
  • Summer 2006
  • IPEC Winter 2006
  • Winter 2005/2006
• Special events
• crypt@b-it
• Schüler-Krypto

Topics in Applied Cryptography/Advanced cryptography: symmetric primitives

This course is listed in Aachen Campus as Advanced cryptography: symmetric primitives, in Bonn Basis as MA-INF 3311 - Topics in Applied Cryptography: symmetric primitives.

Responsible

Prof. Dr. Joachim von zur Gathen

Lecture

Michael Nüsken

Tutorial

Michael Nüsken

Time & Place

• Tuesday 13³⁰-15⁰⁰, b-it 1.25 (cosec meeting room).
• Wednesday 13³⁰-15⁰⁰, b-it 1.25 (cosec meeting room).
• Tutorial: Tuesday 15¹⁵-16⁴⁵, b-it 1.25 (cosec meeting room).

First meeting: Tuesday, 21 October 2013.

Contents

The most prominent cryptography in the last decades dealt with public key cryptography. However, also many new symmetric ciphers and other primitives were created. They are at the center of this course:

Which symmetric primitives are used? And what can we say about their security?

Most of you have probably heard of the AES or the SHA3. They are important cornerstones of modern systems but there are many further systems at various scales. Encryption schemes for blocks or streams, hash functions, message authentication codes, pseudorandom functions. Each of them has its own enemies, like differential and linear cryptanalysis, and security notions, like one-wayness and IND-CCA security.

How are they used? And what do we need to know about their security?

Moreover, these primitives are part of a variety of higher protocols, like IPsec, TLS or SSH. Recently, some of them have been proved secure in an appropriate security notion and, of course, based on the security of the used primitives.

Exam

Pre-exam meeting: 17 March 2015, 11⁰⁰, b-it 1.25.
Exam: 20 March 2015, between 13⁰⁰ and 16⁰⁰, b-it Rheinsaal.
Post-exam meeting: 25 March 2015, 14⁰⁰-15⁰⁰, b-it 1.25.
Second exam (repetitions only): according to prior agreement (possibly 13 April 2015, between 14⁰⁰ and 17⁰⁰).
Post-exam meeting 2: according to prior agreement (possibly 29 April 2015, 12³⁰-13⁰⁰).

Notes

The screen notes (PDF) contain all handwritten stuff (last updated 28 January 2015, 15:59).

Exercises

• Exercise 1 (PDF, last updated 24 October 2014, 13:06).
• Exercise 2 (PDF, last updated 30 October 2014, 14:32).
• Exercise 3 (PDF, last updated 07 November 2014, 12:34).
• Exercise 4 (PDF, last updated 14 November 2014, 16:10).
• Exercise 5 (PDF, last updated 21 November 2014, 14:39).
• Exercise 6 (PDF, last updated 28 November 2014, 11:33).
• Exercise 7 (PDF, last updated 04 December 2014, 13:06).
• Exercise 8 (PDF, last updated 12 December 2014, 16:44).
• Exercise 9 (PDF, last updated 08 January 2015, 14:10).
• Exercise 10 (PDF, last updated 15 January 2015, 12:58).
• Exercise 11 (PDF, last updated 22 January 2015, 14:28).
• Exercise 12 (PDF, last updated 29 January 2015, 18:49).

Literature

• Tibor Jager, Florian Kohlar, Sven Schäge & Jörg Schwenk (2011/2013). On the Security of TLS-DHE in the Standard Model. Preprint, ePrint 2011/219.
• Hugo Krawczyk, Kenny Paterson & Hoeteck Wee (2013). On the Security of TLS-DHE in the Standard Model. CRYPTO 2013, ePrint 2013/339.
• Hugo Krawczyk (2003). The SIGMA Family of Key-Exchange Protocols. Abstract with PDF.
• Howard M. Heys (2001). A Tutorial on Linear and Differential Cryptanalysis. TR CORR 2001-17, University of Waterloo (PDF). Also: Cryptologia XXVI(3), 189-221.
• Mitsuru Matsui (1994). Linear Cryptanalysis Method for DES Cipher. EUROCRYPT'93, LNCS 765, 386-397, DOI 10.1007/3-540-48285-7_33.
• Mihir Bellare and Chanathip Namprempre (2000). Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm.
• Kenneth G. Paterson, Thomas Ristenpart & Thomas Shrimpton (2011). Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol. PDF, DOI:10.1007/978-3-642-25385-0_20. (sLHAE)

Prerequisites

Basic knowledge in cryptography is required.

Allocation

4+2 SWS.

• Master in Media Informatics: Computer and Communication Technology.
  8 ECTS credits.
  Optionally, 3+2 SWS, 6 ECTS credits. On request a breakpoint at about 3/4 of the teaching time will be defined, and only the course material up to that point will be relevant for their exams and grades.
• Master in Computer Science at University of Bonn: MA-INF 3311.
  9 CP.
  Students have to register this course with POS/BASIS.

Mailinglist

We will put each member on the mailing list