# Master Education

## Master Program in Secure and Reliable Communications (2 Years)

**Summary - **The program comprises courses in the fields of coding theory, information theory, symmetric cryptography, public-key cryptography, network information theory, quantum information theory, and selected topics in the aforementioned fields. Each student also undertakes a masters thesis in conjunction with a supervisor on a relevant topic.

Master projects will be of theoretical or practical nature. Projects are selected to give candidates an insight into problems of interest at the frontier of international research in the design of cryptographic primitives, state-of-art cryptanalysis, post quantum cryptography, quantum computing and information theory, coding theory, etc.

The master program aims to both prepare students for future in industrial careers in computer science or mathematics or security, and/or to prepare students for future academic careers.

Check more information at the Secure and Reliable Communication and Study Plan

## Courses

### Compulsory units

**Spring Semester**

INF240 Basic Tools of Coding theory and Cryptography (10 ECTS)

**Fall Semester**

INF234 Algorithms (10 ECTS)

### Recommended Electives

**Spring Semester**

INF241Quantum Information, Quantum Computing, and Quantum Cryptography (10 ECTS)

INF247 Introduction to Cryptanalysis of Symmetric Ciphers (10 ECTS)

**Fall Semester**

INF242 Information Theory (10 ECTS)

INF243 Algebraic Coding (10 ECTS)

INF244 Graph-based Inference, Networks and Coding Theory (10 ECTS)

INF245 Computational Number Theory and Asymmetric Cryptography (10 ECTS)

## Master Projects

Are you interested in doing master projects on topics of

cryptography/cryptanalysis,

coding theory

sequences/signals design for wireless communication

cryptographically optimal functions,

quantum computing,

other security-related topics?

Below are some master projects we provide to you. You can also contact Andrey Bogdanov, Lilya Budaghyan, Chunlei Li, Matthew Parker, Igor Semaev and Sondre Rønjom for other topics that you might be interested in.

### Cryptanalysis of symmetric and asymmetric primitives

**Contact Person: **Igor Semaev

**1. Practical post-quantum cryptography algorithms.**

Analysis of submissions for NIST(USA) competition in post-quantum cryptography.

**2. Algorithms for solving Learning With Errors(LWE) problem.**

LWE is a natural basis for modern-cryptography protocols. The goal is to study and implement some of those algorithms.

**3. Algorithms for solving algebraic equation systems over finite fields.**

Comparisons of Groebner basis algorithms, satisfiability(SAT)-solvers and methods based on using Multiple Right Hand Side(MRHS) linear equations. The topic requires a good knowledge of Linear and Polynomial Algebra.

**4. Statistical cryptanalysis of symmetric ciphers.**

Multidimensional linear cryptanalysis applications to light-weight block ciphers. The topic requires some rudiments of Mathematical Statistics.

**5. Number Theory problems in cryptanalysis.**

Factoring of integers and the Discrete Logarithm problem in finite fields and elliptic curves. Requires a good knowledge in Number Theory and Algebra.

### Cryptographic Boolean Functions

**Contact person: Lilya Budaghyan**

Developing Boolean functions webpage and/or computer search and investigation of cryptographically significant Boolean functions.

**Implementations for rank-metric codes in post-quantum cryptography**

**Contact person**: **Chunlei Li**

**Background**

In recent year there has been a burst of activities regarding post-quantum cryptography (PQC), the interest of such a field has become even more obvious since the recent attacks on the discrete logarithm problem in small characteristic. Moreover, NIST’s call for standard PQC schemes in Nov. 2017 attracted tremendous research attention from the whole cryptographic community. Among potential candidate for alternative cryptography, rank-based cryptography is one of those strong candidates.

In rank-metric codes, each codeword is a matrix over a finite field and the distance between two codewords is defined as the rank of their difference. Rank-based cryptography relies on the difficulty of decoding error-correcting codes embedded with the rank metric. Besides their important application in post-quantum cryptography, rank-metric codes have found applications in network coding, space-time coding, magnetic recording, etc.

**Topic: Implementation of fundamental algorithms for rank-metric codes**

Independent of specific applications, some fundamental operations for rank-metric codes, such as searching for low-complexity normal basis, implementing the rank-metric Euclidean and extended Euclidean algorithms, etc. significantly affects the performance of the encoding and decoding process. This master project will be about the implementation of those fundamental operations and algorithms in rank-metric codes, which will contribute to both applications of rank-metric codes in network coding, post-quantum cryptography and theoretical research on rank-metric codes in general.

### Shift Registers and de Bruijn Sequences for Stream Ciphers.

#### Contact Person: Dr. George Petrides

Stream ciphers aim at achieving an acceptable tradeoff between the perfect secrecy offered by the the "One time pad" and its unmanageable requirement for single-use random keys of the same size as the message to be encrypted. The idea is that keys of manageable size are used to generate long key-streams for encrypting messages. Ideally, these key-streams should be unpredictable, and not start repeating too soon, if at all (that is, they should have long periods).

Popular components in modern stream ciphers that help to achieve the above-mentioned aim are Feedback Shift Registers (FSR), which given some initial input produce periodic sequences based on their feedback function. Sequences with the longest possible periods are called de Bruijn sequences, but unfortunately not too much is known about how to construct them or their unpredictability.

The aim of this project would be to study de Bruijn sequences and more specifically

- existing methods for their construction and the efficiency of their implementations,

- criteria for their usability in stream ciphers,

- possible extensions of construction methods, with emphasis on the "joining and splitting of FSR cycles" approach.

### Joint project (Selmer Center and NSM)

#### Contact Person: Adjunct Associate Professor Sondre Rønjom

#### 1. Intermediate solutions for quantum resistant key exchange

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with the quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. The goal of this project is to investigate candidate hybrid solutions for key exchange for the intermediate period between pre and post-quantum era. In hybrid solutions for key exchange, one combines classical key exchange algorithms with quantum resistant algorithms that has not been analyzed that well. The idea is that one gets classical security and at least some post-quantum security. Examples of hybrid schemes include ECDH+pre-placed key, ECDH+lattice key exchange(New Nope, Chrome browser) and so on. The goal of the project is to investigate the limitations of the different hybrid solutions proposed in the literature, in particular when implemented in current protocols and systems.

#### 2. The usability of NIST post-quantum competition candidates as replacements in existing systems and protocols

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with a quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (>15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. This goal of this project is to investigate the practical limitations of the post quantum NIST candidates as replacements in real world systems and protocols. In particular, the goal of the project is to rank candidates in terms of how easy they are to deploy in existing protocols and systems. Relevant metrics include implementation costs, key-sizes, and speed. One suggestion is to use deployment into TLS as a benchmark.

#### 3. Implementation of key-exchange based on McEliece cryptosystem

Post quantum key exchange algorithms based on hard problems from coding theory are believed to be secure post quantum candidates. The McEliece cryptosystem was introduced in the 70s and has been surprisingly stable against cryptanalysis up until this day. However, it has practical limitations with regards to implementation. In particular, key generation can be slow which can make it unsuitable for forward secrecy. Thus, in this project the aim is to implement McEliece (or Niederreiter) for secure parameter choices and investigate how the various parts (particularly key generation) can be optimized. It is recommended that implementations for simulations are done in C/C++ (Alternatively, optimization for FPGAs).

#### 4. Cryptanalysis of AES

The aim of this project is to survey the techniques used in modern cryptanalysis of block ciphers. There exist many different types of attacks, each attack assuming a slightly different attack model. The two typical types of attacks we are interested in are distinguishers and key-recovery attacks. The aim of key-recovery attacks is obvious. The aim of distinguishing attacks is to find non-random properties of a block cipher that can be used to distinguish it from a random permutation. Thus, a distinugisher is typically used to identify whether a black box oracle is actually AES or is further extended to a key recovery attack. The practicality of an attack depends on the adversarial model used in the attack. For instance, an adversary that can ask for encryptions of arbitrary plaintexts is more powerful than adversaries that can only observe ciphertexts. There are also models where the adversary knows that the secret key stems from a class of related keys. Thus, it is not always easy to compare the efficiency (time and data complexity) of attacks that work in slightly different models. It may be a good idea to focus on AES, which is the most important block cipher in use today. With a focus on AES, the aim should be to survey the various attacks on AES and try to make a meaningful comparison. Examples of relevant cryptanalysis against AES are integral(”Square attack”) and subspace cryptanalysis, (impossible) differential cryptanalysis, biclique attacks, algebraic attakcs and Boomerang attacks. In particular, an important contribution of this project would be to provide a meaningful comparison of attacks on AES in terms of practically meaningful parameters such as attack model, time complexity and data complexity. A complete and meaningful comparison is currently lacking in the literature. Such a comparison may very-well become a standard reference for further comparisons in the literature.

#### 5. Computing on encrypted data

There are many scenarios where different data-owners want to compare information without revealing their actual data. For instance, government wants to search network traffic for malicious activity without revealing what it looks for, while the network operator does not want to give access to its network to the government. Maybe two companies want to compute common statistics between their data without revealing the actual data. Computation on encrypted data can solve many of the issues we have today when it comes to ”fact based” information sharing. Different parties do not want to share confidential data, but they want to be able to share information about the data. Secure multiparty computation is a branch of cryptography that enables parties to compute a function on their joint data without each party having to reveal their respectively input.

The aim of this project is to survey the current state of the art in multiparty computation and its applications. The candidate should look into real world implementations to get an understanding of efficiency and limitations.

#### 6. White-Box AES (in Norwegian)

En White-Box (WB) implementering av AES (Advanced Crypto Standard) er en program-binary som implementerer AES kryptering eller dekryptering med en hemmelig nøkkel på en slik måte at det er praktisk umulig å gjøre det motsatte (dekryptere eller kryptere) selv om man har tilgang til program-binarien. Dette er typisk brukt i DRM (Digital Rights Management) og lignende scenarioer hvor man har behov for å kryptere eller dekryptere uten at brukeren eller noen andre skal finne nøkkelen.

Dette Master-prosjektet går ut på å studere teknikker for beskyttelse av AES program-binary basert på WB-implementering av AES-algoritmen. Dette er teknikker som gjør det vanskelig å angripe WB-implementasjonen med hjelp av f.eks. gray-box teknikker. Denne teknikken for beskyttelse av programvare ligner på teknikker man bruker for å beskytte seg mot sidekanalsangrep i hardware. Dette krever i hvert fall en viss grad av forståelse for hvordan en WB-AES programkode fungerer. Eksempler på WB-beskyttelsesteknikker er randomiserte execution paths / control flow randomisering, integritetsbeskyttelse, anti-debugging teknikker osv.

## On-going Master Projects

Erlend Bøhler Nærbø

Halvard Barstad

Ola Andreas Storstein

Kristoffer Z Rye

Anna Fossen-Helle

Fady Omar Alfaruk Ghrer

Alise Haukenes

Martin Tverråen

## Completed Master Projects

Sivanja Naguleswaran | Experimental Study on One-Time Passwords used in Authentication within Norwegian Banking |

Kjell-Erik Marstein | Improving auditing and privacy of electronic health records by using blockchain technology |

Joakim Grahl Knudsen | Randomised construction and dynamic decoding of LDPC codes |

Svein Bjarte Aasestøl | On the structure of low autocorrelation binary sequences |

Yong Cuo | Secure routing in ad-hoc networks |

Eirik Alvær | Brukervennlige kryptosystemer |

Jørgen Mjaaseth | Attacking web applications |

Hallvar Helleseth | Wi-fi security – How to break and exploit |

Kent Inge F. Simonsen | J2ME Security |

Johannes Hoff | Error side channel attacks on SSL/TLS |

Raymond Hilseth | Algorithms for implementing a known plaintext attack on A5/2 |

Aina Johansen | An implementation of the Gong-Harn cryptosystem |

Arnt-Henning Moberg | A comparison of the security features in the Java Runtime and the .NET framework |

Tor Røneid | Collusion-Secure Fingerprinting |

Dag Kjetil Storøy | On Boolean functions |

Øystein Hodnekvam Nyheim | A security of MQV over elliptic curves |

Olaf S. Garnaas | Implementing the ECDLP |

Trond-Egil Hegerstrøm | The construction of a stream cipher |

Sondre Rønjom | New results in algebraic cryptanalysis |

Espen Kvalheim | Arrangementssystem for friidrettstevner |

Qingshu Xu | New construction of separating codes |

Lars Eirik | Danielsen On self-dual quantum codes |

Odd Einar Aamot-Skeidsvoll | Introduksjon til datavirus og bruk av kryptografiske hjelpemiddel i virusverden |

Haji Mrisho Rubibi | Anti-Spamming Techniques |

Klaus Hauge | Error control for multimedia over a wireless channel |

Thomas Tjøstheim | A critical view on Public Key Infrastructures |

Geir Røsland | Remote electronic voting |

Raymond Kristiansen | On the aperiodic autocorrelation of binary sequences |

Dag Arne Osvik | Efficient implementation of the data encryption standard |

Bodil Stakkestad Kristensen | Differential properties of some functions over a finite field |

Gunn-H. Gripsgård | Cryptanalysis of block ciphers |

Vebjørn Moen | Integral cryptoanalysis |

Terje Bremnes | Protocols for wireless communication |

Gunner Alendal | A differential/correlation attack on RC5 |

Per Arve Strømstad | Kryptografiske hash funksjoner |

Martin Aune Hellesø | Message authentication |

Kjetil Handeland | Error correcting codes |

John Erik Mathiassen | Linær kryptoanalyse av blokksiffer |