Master Training

Cryptanalysis of symmetric and asymmetric primitives

Contact Person: Igor Semaev 

1.  Practical post-quantum cryptography algorithms. 

Analysis of submissions for NIST(USA) competition in post-quantum cryptography.

2.  Algorithms for solving Learning With Errors(LWE) problem.

LWE is a natural basis for modern-cryptography protocols. The goal is to study and implement some of those algorithms.

3.  Algorithms for solving algebraic equation systems over finite fields.

Comparisons of  Groebner basis algorithms, satisfiability(SAT)-solvers and methods based on using  Multiple Right Hand Side(MRHS) linear equations. The topic requires a good knowledge of Linear and Polynomial Algebra.

4.  Statistical cryptanalysis of symmetric ciphers.

Multidimensional linear cryptanalysis applications to light-weight block ciphers.  The topic requires some rudiments of Mathematical Statistics.

5.  Number Theory problems in cryptanalysis.

Factoring of integers and the Discrete Logarithm problem in finite fields and elliptic curves. Requires a good knowledge in Number Theory and Algebra.

Cryptographic Boolean Functions

Contact person: Lilya Budaghyan

Developing Boolean functions webpage and/or computer search and investigation of cryptographically significant Boolean functions.

Implementations for rank-metric codes in post-quantum cryptography

Contact person: Chunlei Li

Background

In recent year there has been a burst of activities regarding post-quantum cryptography (PQC), the interest of such a field has become even more obvious since the recent attacks on the discrete logarithm problem in small characteristic. Moreover, NIST’s call for standard PQC schemes in Nov. 2017 attracted tremendous research attention from the whole cryptographic community. Among potential candidate for alternative cryptography, rank-based cryptography is one of those strong candidates.

In rank-metric codes, each codeword is a matrix over a finite field and the distance between two codewords is defined as the rank of their difference. Rank-based cryptography relies on the difficulty of decoding error-correcting codes embedded with the rank metric. Besides their important application in post-quantum cryptography, rank-metric codes have found applications in network coding, space-time coding, magnetic recording, etc.

Topics

1. Implementation of fundamental algorithms for rank-metric codes

Independent of specific applications, some fundamental operations for rank-metric codes, such as searching for low-complexity normal basis,  implementing the rank-metric Euclidean and extended Euclidean algorithms, etc. significantly affects the performance of the encoding and decoding process. This master project will be about the implementation of those fundamental operations and algorithms in rank-metric codes, which will contribute to both applications of rank-metric codes in network coding, post-quantum cryptography and theoretical research on rank-metric codes in general.

Contact Person: Sondre.Ronjom@uib.no (Chief Cryptologist at NSM) 

1. Intermediate solutions for quantum resistant key exchange

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with the quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. The goal of this project is to investigate candidate hybrid solutions for key exchange for the intermediate period between pre and post-quantum era. In hybrid solutions for key exchange, one combines classical key exchange algorithms with quantum resistant algorithms that has not been analyzed that well. The idea is that one gets classical security and at least some post-quantum security. Examples of hybrid schemes include ECDH+pre-placed key, ECDH+lattice key exchange(New Nope, Chrome browser) and so on. The goal of the project is to investigate the limitations of the different hybrid solutions proposed in the literature, in particular when implemented in current protocols and systems.

2. The usability of NIST post-quantum competition candidates as replacements in existing systems and protocols

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with a quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (>15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. This goal of this project is to investigate the practical limitations of the post quantum NIST candidates as replacements in real world systems and protocols. In particular, the goal of the project is to rank candidates in terms of how easy they are to deploy in existing protocols and systems. Relevant metrics include implementation costs, key-sizes, and speed. One suggestion is to use deployment into TLS as a benchmark.

3. Implementation of key-exchange based on McEliece cryptosystem

Post quantum key exchange algorithms based on hard problems from coding theory are believed to be secure post quantum candidates. The McEliece cryptosystem was introduced in the 70s and has been surprisingly stable against cryptanalysis up until this day. However, it has practical limitations with regards to implementation. In particular, key generation can be slow which can make it unsuitable for forward secrecy. Thus, in this project the aim is to implement McEliece (or Niederreiter) for secure parameter choices and investigate how the various parts (particularly key generation) can be optimized. It is recommended that implementations for simulations are done in C/C++ (Alternatively, optimization for FPGAs).

4. Cryptanalysis of AES

The aim of this project is to survey the techniques used in modern cryptanalysis of block ciphers. There exist many different types of attacks, each attack assuming a slightly different attack model. The two typical types of attacks we are interested in are distinguishers and key-recovery attacks. The aim of key-recovery attacks is obvious. The aim of distinguishing attacks is to find non-random properties of a block cipher that can be used to distinguish it from a random permutation. Thus, a distinugisher is typically used to identify whether a black box oracle is actually AES or is further extended to a key recovery attack. The practicality of an attack depends on the adversarial model used in the attack. For instance, an adversary that can ask for encryptions of arbitrary plaintexts is more powerful than adversaries that can only observe ciphertexts. There are also models where the adversary knows that the secret key stems from a class of related keys. Thus, it is not always easy to compare the efficiency (time and data complexity) of attacks that work in slightly different models. It may be a good idea to focus on AES, which is the most important block cipher in use today. With a focus on AES, the aim should be to survey the various attacks on AES and try to make a meaningful comparison. Examples of relevant cryptanalysis against AES are integral(”Square attack”) and subspace cryptanalysis, (impossible) differential cryptanalysis, biclique attacks, algebraic attakcs and Boomerang attacks. In particular, an important contribution of this project would be to provide a meaningful comparison of attacks on AES in terms of practically meaningful parameters such as attack model, time complexity and data complexity. A complete and meaningful comparison is currently lacking in the literature. Such a comparison may very-well become a standard reference for further comparisons in the literature.

5. Computing on encrypted data

There are many scenarios where different data-owners want to compare information without revealing their actual data. For instance, government wants to search network traffic for malicious activity without revealing what it looks for, while the network operator does not want to give access to its network to the government. Maybe two companies want to compute common statistics between their data without revealing the actual data. Computation on encrypted data can solve many of the issues we have today when it comes to ”fact based” information sharing. Different parties do not want to share confidential data, but they want to be able to share information about the data. Secure multiparty computation is a branch of cryptography that enables parties to compute a function on their joint data without each party having to reveal their respectively input.

The aim of this project is to survey the current state of the art in multiparty computation and its applications. The candidate should look into real world implementations to get an understanding of efficiency and limitations.

6. White-Box AES (in Norwegian)

En White-Box (WB) implementering av AES (Advanced Crypto Standard) er en program-binary som implementerer AES kryptering eller dekryptering med en hemmelig nøkkel på en slik måte at det er praktisk umulig å gjøre det motsatte (dekryptere eller kryptere) selv om man har tilgang til program-binarien. Dette er typisk brukt i DRM (Digital Rights Management) og lignende scenarioer hvor man har behov for å kryptere eller dekryptere uten at brukeren eller noen andre skal finne nøkkelen.

Dette Master-prosjektet går ut på å studere teknikker for beskyttelse av AES program-binary basert på WB-implementering av AES-algoritmen. Dette er teknikker som gjør det vanskelig å angripe WB-implementasjonen med hjelp av f.eks. gray-box teknikker. Denne teknikken for beskyttelse av programvare ligner på teknikker man bruker for å beskytte seg mot sidekanalsangrep i hardware. Dette krever i hvert fall en viss grad av forståelse for hvordan en WB-AES programkode fungerer. Eksempler på WB-beskyttelsesteknikker er randomiserte execution paths / control flow randomisering, integritetsbeskyttelse, anti-debugging teknikker osv.

Contact Person: okazymyrov@gmail.com (Information Security Manager at G2 Ocean)

Background: Present-day corporations cannot survive without information technologies. Several decades ago IT infrastructure was a supporting system offering an increased performance of daily routines. Today cybernetwork is a major part of any business tightly connected with all other branches. Corporations need to plan information security strategies globally since they are under cybercriminal risk 24/7. The modern approach to securing corporations consists of 3 major parts: information security operation centers (ISOC), incident response and red teams. While the first two measures are defensive (proactive and reactive), the last one is offensive with the goal on testing existing defensive components, find new weaknesses and analyze IT infrastructure in a scale (either local or global). The need for security triage is not always clear for senior management. A complete overview and recommendations based on practical experience in each direction with the focus on benefits as well as the minimum toolset portfolio is a valuable asset for any organization.

Resource investments in an attack depend on the motivation of adversaries. IT corporations, like EVRY, have hundreds of customers with tremendous and complex network infrastructure. Therefore, protection of own assets from cybercriminals is the priority No. 1. Performing periodical penetration tests for limited components does not provide enough evidence to judge whether an organization is secure. Organizations need a general approach to cybersecurity issues based on a necessary and sufficient toolset. The University of Bergen in collaboration with the NFT team in EVRY offers the following research topics within information security:

1. Security vs compliance in corporations

• Development strategies for shared compliance: ISO 2700X, PCI DSS , GDPR , SWIFT, etc.
• Modern information security operation centers (ISOC)
• Prerequisite to a red team aiding the whole organization
• State-of-the-art approaches to building valuable IRT with focus on automation

2. AI in SOCs: automation for removing the human factor

3. Digital forensics: development of new methods and a smart use of general approaches based on company’s tool portfolio

Contact Person: Chunlei Li, Martin Knutli (Email: martin@blockchangers.com)

Zero-Knowledge Proof in the Blockchain Technology

Background

Zero-Knowledge Proof (ZKP) is a fundamental tool of cryptography, which enables a party to prove an assertion without revealing anything to the verifier. The theory of ZKP has beautiful connections to the complexity and is used to prove many basic theoretical results of cryptography; in practice, efficient ZKPs have applications in efficient secure computation and advanced authentication schemes. Lately ZKPs are generating excitement due to their potential to increase privacy and security in blockchain applications. More information on the blockchain technology particularly the Ethereum can be found at https://www.ethereum.org/learn/ and recent research topics on the ZKP and its application in blockchain can be found at https://github.com/matter-labs/awesome-zero-knowledge-proofs. 

The Selmer Center, in collaboration with the company Blockchangers (https://www.blockchangers.com/), has proposed the following projects in this area:

Project #1: Blockchain transactions. Hiding sensitive information transferred on an open blockchain. One key challenge of open blockchains (like the public blockchain Ethereum) is that transactions are open and should therefore not contain sensitive information (e.g. health data, confidential prices in business deals, order quantities and so on...). How can you hide the contents (e.g. balances, text strings, JSON web tokens) of a transaction while simultaneously proving the legitimacy of said transaction, using zero knowledge cryptography? This is an area of active research by many actors, e.g. Starkware.

Project #2: Overview of the current landscape. Map the current zero-knowledge landscape. What are zero knowledge proofs? zk-SNARK? zk-STARK? Where is the technology applicable? When is it most effective? When can/should it be used, and when can/should it not? Right now, ZKPs are incredibly technical and hard to understand, so contextualizing it and finding relevant use cases is hard. List and explain ways where zero-knowledge proofs can be useful. In finance, health, retail, industry, shipping, logistics, law, military, telecom, media, advertising etc. How would you practically implement your proposed use case?

Project #3: Identity and voting. In theory, using blockchain as a secure ledger to record the votes of a populace is regarded as an improvement over current methods. However, if using a public blockchain, your vote will be visible to everyone. How could zero knowledge cryptography be used to solve this problem? Furthermore, can you prove that you have a right to vote, but without revealing your identity? Can you vote without publicly revealing who you vote for? Can a program count all the votes cast and verify the new composition of e.g. a political party? Can you check that your own vote was included in the total counted votes, even if no one else can? Can a third party check that all cast votes have been correctly counted, without seeing anyone specific vote?

Kristoffer Z Rye

Anna Fossen-Helle

Fady Omar Alfaruk Ghrer

Alise Haukenes

Martin Tverråen

Sivanja Naguleswaran

Kjell-Erik Marstein Improving auditing and privacy of electronic health records by using blockchain technology

Joakim Grahl Knudsen Randomised construction and dynamic decoding of LDPC codes

Svein Bjarte Aasestøl On the structure of low autocorrelation binary sequences

Yong Cuo Secure routing in ad-hoc networks

Eirik Alvær Brukervennlige kryptosystemer

Jørgen Mjaaseth Attacking web applications

Hallvar Helleseth Wi-fi security – How to break and exploit

Øystein Hodnekvam Nyheim A security of MQV over elliptic curves

Olaf S. Garnaas Implementing the ECDLP

Trond-Egil Hegerstrøm The construction of a stream cipher

Sondre Rønjom New results in algebraic cryptanalysis

Espen Kvalheim Arrangementssystem for friidrettstevner

Qingshu Xu New construction of separating codes

Lars Eirik Danielsen On self-dual quantum codes

Odd Einar Aamot-Skeidsvoll Introduksjon til datavirus og bruk av kryptografiske hjelpemiddel i virusverden

Haji Mrisho Rubibi Anti-Spamming Techniques

Kent Inge F. Simonsen J2ME Security

Johannes Hoff Error side channel attacks on SSL/TLS

Raymond Hilseth Algorithms for implementing a known plaintext attack on A5/2

Aina Johansen An implementation of the Gong-Harn cryptosystem

Arnt-Henning Moberg A comparison of the security features in the Java Runtime and the .NET framework

Tor Røneid Collusion-Secure Fingerprinting

Dag Kjetil Storøy On Boolean functions

Klaus Hauge Error control for multimedia over a wireless channel

Trond R. Bjørstad Nye øvre skranker på ytelsen til adaptiv koding og modulasjon i OFDM-baserte trådløse nett

Thomas Tjøstheim A critical view on Public Key Infrastructures

Jostein Lund Sekvensiell dekoding av trelliskoder

Geir Røsland Remote electronic voting

Dinh Anh Tuan Tran Sikkerhetsaspekter ved Bluetooth – Er sikkerheten bra nok

Raymond Kristiansen On the aperiodic autocorrelation of binary sequences

Dag Arne Osvik Efficient implementation of the data encryption standard

Bodil Stakkestad Kristensen Differential properties of some functions over a finite field

Christian S. Knudtsen Rotasjonsinvariante turbokoder

Gunn-H. Gripsgård Cryptanalysis of block ciphers

Terje Bremnes Protocols for wireless communication

Vebjørn Moen Integral cryptoanalysis

Håkon Magne Gjelsvik Krysskorrelasjon mellom maksimal sekvenser

Julia Orekhova Route optimization for mobile IP

Martin Aune Hellesø Message authentication

Athar Akram Millisecond-convergence in OSPF

Per Arve Strømstad Kryptografiske hash funksjoner

Kjetil Handeland Error correcting codes

John Erik Mathiassen Linær kryptoanalyse av blokksiffer

Gunner Alendal A differential/correlation attack on RC5

Håvard Molland Korrelasjonsangrep på strømchiffer

Torbjørn Ovnerud Linær kompleksitet til produkter av maksimalsekvenser