Contents | Announcements | Exams | Literature | Pictures and slides |
Tanja Lange
Coding Theory and Cryptology
Eindhoven Institute for the Protection of Information
Department of Mathematics and Computer Science
Room HG 9.92
Technische Universiteit Eindhoven
P.O. Box 513
5600 MB Eindhoven
Netherlands
Phone: +31 (0) 40 247 4764
Fax.: +31 (0)40 243 5810
The easiest ways to reach me wherever I am:
e-mail:tanja@hyperelliptic.org
This page belongs to course 2WC12 - Cryptography I. This course is offered at TU/e and is also part of the Kerckhoff study program. The official page is here.
Contents
It is not necessary to purchase a book to follow the course.
For the past years this course used
Henk van Tilborg, "Fundamentals of Cryptology", Kluwer academic
Publishers, Boston, 2000, as basis.
You can find the pdf here
and the book as a mathematica worksheet here.
Other books you might find useful
You can earn up to 1P for the final mark through the homework. You may
hand in your solutions in groups of 2. Please make sure to register
for the exam in time. Students from other universities need to have a
TU/e student ID in order to register.
Sebastiaan de Hoogh will take care of correcting the first rounds of
homework. Starting October also Ruben Niederhagen is in charge of this class; in December Sebastiaan takes over again.
Do not send me your homework but contact the correcting student. At the moment this is
Sebastiaan S.J.A.d.Hoogh@tue.nl.
The first exam took place January 27, 2012, 14:00 - 17:00.
Exercise sheet from the first exam.
The second exam will take place April 13, 2012, 14:00 - 17:00, Auditorium 12.
Please make sure to register on time!
09 Sep 2011
General introduction to cryptography; concepts public key and
symmetric key cryptography.
We took pictures of all black boards
before erasing them. They are here.
If you want to try your skills at some cryptosystems visit http://www.mysterytwisterc3.org/.
As an example we attacked the
"Perfect Code Public Key System" by Fellows and Koblitz. Attention,
this was never proposed for cryptography but only as a teaching tool.
Here are the slides in pdf for the perfect code
system.
No homework for this week.
16 Sep 2011
Summary of background material on groups,
cyclic groups, lots of examples, Diffie-Hellman (DH) key exchange.
We took pictures of all black boards
before erasing them. They are here.
Homework is due next Friday 10:45. The exercise sheet is here.
23 Sep 2011
Lecture given by Michael
Naehrig.
Lots of examples of easily breakable Diffie-Hellman (DH) key exchange,
modular reduction, one more secure group, discrete logarithm problem,
and Diffie-Hellman problem, m-RSA. We took pictures of all black
boards before erasing them. They are here.
Homework is due next Friday 10:45. The exercise sheet is here.
30 Sep 2011
Extended Euclidean algorithm, computation of
modular inverses, gcd(a,b) divides any linear combination of
a and b; order of an element divides group order,
integers mod n form a group with respect to addition for any
n; multiplication tables modulo 5 and modulo 6,
multiplicative group modulo n
Pictures are here.
Homework is due next Friday (07 Oct) 10:45. The exercise sheet is here. At the moment Ruben
corrects the homeworks.
07 Oct 2011
Lecture given by Michael
Naehrig.
Rings, examples of rings, Z/nZ,
Euler
phi-function and computation, Fermat's little theorem, Euler's
theorem, RSA cryptosystem (schoolbook version),
square-&-multiply, example and analysis of costs.
Pictures are here.
Homework is due next Friday (14 Oct) 10:45. The exercise sheet is here.
14 Oct 2011
RSA: homomorphic property, small public keys
for efficient encryption,problems with small public exponents if the
same message is sent to multiple users or if there is a linear (or
more general) dependence between messages, CRT-RSA for efficient
decryption, attacks using homomorphic properties of RSA, RSA-OAEP to
avoid these problems and others.
Pictures are here.
Attention, there was a typo in the definition of vectorspace; this
has been fixed in the linked pdf file.
Homework is due next Friday (21 Oct) 10:45. The exercise sheet is here. At the moment Ruben
corrects the homeworks.
21 Oct 2011
Lecture given by Michael
Naehrig.
Zero-divisors in rings; domains; fields; subfield as a vector space,
with extension degree = dimension; characteristic of a field, it is 0
or prime; finite fields; characteristic of finite field is prime
p; definition of prime field; finite field has
p^{n} elements: addition and multiplication;
a^{(pn-1)} = 1 for all a in
K^{*}.
Pictures are here.
Homework is due in 4 weeks on Friday, November 18 at 10:45.
The exercise sheet
is here.
Note that F_{p}^{*} denotes the
multiplicative group of F_{p}, so the operation
used in exercise 2 is multiplication.
At the moment Ruben corrects the homeworks.
18 Nov 2011
Lecture given by Michael
Naehrig.
Recap on finite field: characteristic, prime field, order;
K^{*} is cyclic; primitive element;
examples: fields with 4 and 8 elements;
polynomial ring over a field, irreducible polynomial, examples;
polynomial ring over finite field modulo monic irreducible polynomial.
Pictures are here.
Homework is due Friday, November 25 at 10:45.
The exercise sheet
is here.
At the moment Ruben corrects the homeworks.
25 Nov 2011
Construction of
F_{pn} using an irreducible
polynomial of degree n over F_{p}; number
of irreducible polynomials of degree n over
F_{p}; Rabin irreduciblity test; irreducible
binomials of degreee n over F_{q} exist
if and only if n divides q-1.
Pictures are here.
Homework is due Friday, December 02 at 10:45.
The exercise sheet
is here.
At the moment Sebastiaan corrects the homeworks.
02 Dec 2011
Lecture given by Ruben Niederhagen.
Background on block ciphers and modes of operaton; details of the
Advanced Encryption Standard (AES).
Ruben's slides are here.
Homework is due Friday, December 09 at 10:45.
The exercise sheet
is here.
Links:
09 Dec 2011
ElGamal encryption, embedding of messages
into finite fields, ElGamal signatures, important properties of hash
functions used in signatures, pitfalls in using nonces, breaking DLP
by breaking it in subgroups (Pohlig-Hellman attack).
Pictures are here.
Homework is due Friday, December 16 at 10:45.
The exercise sheet
is here.
At the moment Sebastiaan corrects the homeworks.
16 Dec 2011
DSA signatures, Pollard's rho method
(incl. parallel version), distinguished points. The slides I used
for Pollard rho are available here.
L to express
complexities between exponential and polynomial; index calculus
attacks on finite fields.
The page with keysize recommendations is http://www.keylength.com/.
Pictures are here.
Homework is due Friday, December 23 at 10:45.
The exercise sheet
is here.
At the moment Sebastiaan corrects the homeworks.
If you run into problems inverting modulo the group order, find the
result modulo 253 first and then find the result. Make sure to
verify your result. Why does this work?
23 Dec 2011
The clock group, Edwards curves and twisted
Edwards curves, arithmetic, projective coordinates, explicit formulas
for doubling, Weierstrass curves, addition law, exceptional cases.
Blackboard pictures are posted
here.
Many more (computer verified) formulas are available at the Explicit Formulas
Database.
For more material on elliptic curves check out the tutorial at Indocrypt 2011 that I just gave.
Homework is due Friday, January 13 at 10:45.
The exercise sheet
is here.
Attention, a 2 was missing in the formula for A, that's fixed now on the current version of the exercise sheet.
At the moment Sebastiaan corrects the homeworks.
13 Jan 2012
Lecture given by
Sebastiaan de Hoogh.
Hash functions are used in message
authentication codes in symmetric-key cryptography and in signatures
to map to fixed length and to protect against builing new signatures
from a given one. Desired properties of hash functions are preimage
resistance, 2nd preimage resistance, and collision
resistance. Classification of hash functions (provably secure ones
based on public key primitives or block ciphers and dedicated
constructions). Merkle-Damgaard construction. MACs and HMACs.
Sebastiaan was so friendly to make his notes available
Old exams by me:
Henk van Tilborg has agreed that I put up his old exams for you to practice: