Stanford

CS359
Topics in Cryptanalysis

Administrative

Lectures: Th, 3:15 - 5:05, Gates 159
Instructor: Ilya Mironov
Prerequisite: CS255
Grading: CR/NC or letter
Work load: Project

Topics

Advanced topics class on cryptanalysis of symmetric and public-key primitives and protocols. We will cover recent collision-finding attacks on hash functions, differential and linear cryptanalysis of block ciphers, number-theoretic and lattice-based methods of attacking public-key cryptosystems. CS255 is a prerequisite, although most of the lectures will be self-contained.

Here is a tentative plan of the course. It will be updated as the quarter progresses:

Sep 29:   Hash functions. Attacks exploiting the Merkle-Damgard structure (poisoned block, Joux's attack), review of recent collision-finding attacks on MD4,MD5,SHA-0,1. Dobbertin's attack on MD4.
Survey:   Hash functions: Theory, attacks, and applications.
Demo:   Example of two .ps files colliding under MD5 (based on M. Daum and S. Lucks files): taxes.ps and broccoli.ps. MD5 calculator is here.
Oct 6:   Birthday paradox: non-uniform case, memoryless algorithms (Floyd, Brent cycle-finding algorithms), parallelization. Random mapping statistics. Time-memory tradeoffs: permutation, Hellman's, distinguished points, stream ciphers, Fiat-Naor analysis.
Oct 13:   Differential & linear cryptanalyses of DES. Differentials, characteristics, Matsui's piling-up lemma, structures.
Oct 20:   Perfectly non-linear functions. Decorrelation module. Boomerang attack. Non-linearity of inversion.
Oct 27:   AES. BES. XSL.
Nov 3:   Stream ciphers. LFSRs. Berlekamp-Massey algorithm. Correlation attack. Combiners: Geffe's, summation. Shrinking generator.
Reading:   James L. Massey, "Shift-register synthesis and BCH decoding," IEEE Trans. on Information Theory, vol. 15(1), pp. 122-127, Jan 1969.
Nov 10:   Dlog and factoring: generic algorithms (baby-step giant-step, Pollard's rho and lambda), index calculus, quardratic sieve. TWINKLE and mesh-based algebraic step.
Nov 17:   Cryptanalysis of public-key cryptosystems: lattices, Bleichenbacher's attack, short RSA exponent.
Nov 24:   Thanksgiving!
Dec 1:   Side-channel attacks: timing attacks against RSA, AES; acoustic attack). Fault attacks: RSA, LFSR.
Dec 8:   Project presentations.