Seminar über Symmetrische Kryptographie
CITS » CITS » CITS
Seminar über Symmetrische Kryptographie
Dozent Zeit Raum
Prof. G. Leander Mo, 14:00 (Vorbesprechung am 26.10.) NA 5/24

Zugewiesene Termine:

Nr.KurztitelDatumVortragenderBetreuer
1
2
4
5
6
7
8
9
10
11
12


Organisatorisches


Eine Vorbesprechung findet am 26. Oktober (Mo) im Raum NA5/24 um 14:00 Uhr statt. Vortragsthemen für Studierende der ITS werden über das allgemeine Seminarverteilungssystem vergeben. Das Seminar wird als Blockseminar am Ende des Semesters stattfinden.

Vorraussetzungen


Vorteilhaft für die Teilnahme am Seminar sind Grundkenntnisse in der symmetrischen Kryptographie.

Regeln


  • Es besteht grundsätzlich Anwesenheitspflicht für alle Teilnehmer.
  • Für die Dauer Ihres Vortrags sollten Sie etwa 45 bis 60 Minuten anpeilen.
  • Sie sollten sich spätestens 2-2,5 Wochen vor Ihrem Vortrag selbstständig bei Ihrem Betreuer melden, um das Verständnis des Inhalts zu zeigen.
  • Spätestens 1 Woche vor Ihrem Vortrag sollten Sie nochmal Ihrem Betreuer Ihr Handout und Ihre Vortragsfolien präsentieren (falls Sie welche benutzen) sowie den Vortrag bereits im Wesentlichen fertig ausgearbeitet haben.
  • Weiterhin soll zu jedem Vortrag ein kurzes Handout erstellt werden.
  • Spätestens 1 Woche vor dem Vortragstermin die Folien kurz dem Betreuer präsentieren
  • Weniger ist mehr. Versuchen Sie bei Ihrem Vortrag das Essentielle Ihres Themas zu vermitteln. Dabei ist es nicht notwendig alle Details zu präsentieren.
  • Je nach Thema eignet sich entweder ein Tafelvortrag oder ein Beamervortrag, oder eine Kombination aus beiden. Bitte mit dem Betreuer absprechen.
  • Vortragssprache ist Deutsch oder Englisch.



Mögliche Vortragsthemen


1. Slide Attacks


This paper describes a new generic known- (or sometimes chosen-) plaintext attack on
iterated block ciphers, which we call the slide attack and which in many cases is
independent of the number of rounds of a cipher.

Literature: slide attacks.pdf

2. A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro


This paper introduces a generic algorithm to detect invariant subspaces. The algorithm is applied to the CAESAR candidate iSCREAM, the closely related LS-design Robin, as well as the lightweight cipher Zorro. For all three candidates invariant subspaces are detected, and result in practical breaks of the ciphers.

Literature: http://eprint.iacr.org/2015/068

3. PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications


This paper presents a block cipher – PRINCE - that is optimized with respect to latency when implemented in hardware. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for the cipher it holds that decryption for one key corresponds to encryption with a related key.

Literature: http://eprint.iacr.org/2012/529

4. Automatic Search of Attacks on round-reduced AES and Applications


This paper describes versatile and powerful algorithms for searching guess-and-determine and meet-in-the-middle attacks on some byte-oriented symmetric primitives. To demonstrate the strength of these tools, it is shown that they allow to automatically discover new attacks on round-reduced AES with very low data complexity.

Literature: https://eprint.iacr.org/2012/069

5. Focus on the Linear Layer (feat. PRIDE)


The linear layer is a core component in any substitution-permutation network and its design significantly influences both the security and the efficiency of the resulting primitive. This paper proposes a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs.

Literature: https://eprint.iacr.org/2014/453.pdf

6. Security of the AES with a Secret S-box


How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? This paper demonstrate attacks based on integral cryptanalysis which allow to recover both the secret key and the secret S-box for respectively four, five, and six rounds of the AES.

Literature: https://eprint.iacr.org/2015/144.pdf

7. The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grostl


The rebound attack is a tool for the cryptanalysis of hash functions. The idea is to use the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail.

Literature: https://www.iacr.org/archive/fse2009/56650270/56650270.pdf

8. A Family of Trapdoor Ciphers


This paper presents several methods to construct trapdoor block ciphers. These kind of trapdoor information make the cipher susceptible to linear cryptanalysis.

Literature: http://files.rsdn.ru/1390/vr-9703.pdf

9. Open Smart Grid Protocol


This paper shows practical weaknesses in the Open Smart Grid Protocol
(OSGP) which serves as an example for a bad design process in cryptography.

Literature: https://eprint.iacr.org/2015/428.pdf

10. Division Property


The division property is a generalization of the integral property and can be used to find improved integral distinguishers for attacking block ciphers.

Literature: https://eprint.iacr.org/2015/090.pdf

11. Cryptanalysis of SASAS


Alternating layers of S-Boxes and layers of affine mapping is a common design strategy in cryptography. This paper cryptanalyzes the SASAS construction and shows that it should not be used in cryptographic designs.

Literature: https://www.iacr.org/archive/eurocrypt2001/20450392.pdf

12. Argon2


The design of Password hashing algorithms is different from the design of conventional hash algorithms. We will have a close look at Argon2, the winner of the Password Hashing Competition.

Literature: https://www.cryptolux.org/images/0/0d/Argon2.pdf