# Master Training

Are you interested in doing master projects on topics of

cryptography/cryptoanalysis,

coding theory,

cryptographically optimal functions,

quantum computing,

other security-related topics?

Below is a short list of master projects we provide to you. For other options, contact Lilya Budaghyan, Chunlei Li, Matthew Parker, Igor Semaev and Sondre Rønjom.

## Master Projects (Selmer Center)

### Cryptanalysis of symmetric and asymmetric primitives

**Contact Person: **Igor Semaev

**1. Practical post-quantum cryptography algorithms.**

Analysis of submissions for NIST(USA) competition in post-quantum cryptography.

**2. Algorithms for solving Learning With Errors(LWE) problem.**

LWE is a natural basis for modern-cryptography protocols. The goal is to study and implement some of those algorithms.

**3. Algorithms for solving algebraic equation systems over finite fields.**

Comparisons of Groebner basis algorithms, satisfiability(SAT)-solvers and methods based on using Multiple Right Hand Side(MRHS) linear equations. The topic requires a good knowledge of Linear and Polynomial Algebra.

**4. Statistical cryptanalysis of symmetric ciphers.**

Multidimensional linear cryptanalysis applications to light-weight block ciphers. The topic requires some rudiments of Mathematical Statistics.

**5. Number Theory problems in cryptanalysis.**

Factoring of integers and the Discrete Logarithm problem in finite fields and elliptic curves. Requires a good knowledge in Number Theory and Algebra.

### Code-Based cryptography from QC-MDPC codes.

#### Contact Person: Qian Guo

**Background**

Post-quantum cryptography is a hot topic recently, providing quantum-safe solutions to replace cryptosystems based on factoring and discrete log if a large quantum computer is available. Among all the candidates, QC-MDPC-based primitives belong to a promising code-based branch that uses so-called moderate density parity check codes (MDPC codes) in quasi-cyclic (QC) form. Compared with the other code-base proposals, QC-MDPC-based primitives can provide much smaller key-size, very good security arguments, and easy implementations. The latter further make this type of cryptosystems suitable for lightweight cryptography in resource-constraint devices.

**Topics**

**1. Analyze the two proposals using QC-MDPC in the NIST post-quantum cryptography standardization project.**

The goal of this project is to analyze the security and efficiency of two very recent Key Exchange proposals, BIKE [1] and QC-MDPC KEM [2], submitted to the NIST post-quantum cryptography standardization project [3]. The student should run the implementations submitted to NIST and change them according to his/her own demands. Possible research outputs include more efficient systems/implementations or some unknown security flaws.

If possible, the student is encouraged to further investigate comparisons to the counterparts of QC-MDPC using different metrics, e.g., NTRU, p-ary MDPC, and Ouroboros-E. Comparisons to the LDPC-based proposals like LEDAkem and LEDApkc can also strengthen the thesis.

**2****. Analyze**** and improve the QC-MDPC decoders.**

The goal of this project is to have a better understanding of the decoding error probability of MDPC codes. At the starting stage, the student will collect the stopping error patterns for some specific inputs, using existing implementations of QC-MDPC. Then the theoretical understanding can be enhanced based on these empirical data.

The student can start with some un-optimized simple decoders, like Gallager B with a fixed threshold. He/she finally needs to improve the knowledge on the decoding performance of more generic decoders or to invent better decoding algorithms.

**Reference**

[1] Aragon, N., Barreto, P.S.L.M., Bettaieb, S., Bidoux, L., Blazy, O., Deneuville, J.C., Gaborit, P., Gueron, S., Güneysu, T., Melchor, C.A., Misoczki, R., Persichetti, E., Sendrier, N., Tillich, J.P., Zémor, G.: BIKE–bit flipping key encapsulation (2017). http://bikesuite.org

[2] Yamada, A., Eaton, E., Kalach, K., Lafrance, P., Parent, A.: QC-MDPC KEM (2018) https://www.isara.com/qc-mdpc-kem/

[3] NIST.: Round 1 submissions for post-quantum cryptography standardization. https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submiss....

### Cryptographic Boolean Functions

**Contact person: Lilya Budaghyan**

Developing Boolean functions webpage and/or computer search and investigation of cryptographically significant Boolean functions.

**Implementations for rank-metric codes in post-quantum cryptography**

**Contact person**: **Chunlei Li**

**Background**

In recent year there has been a burst of activities regarding post-quantum cryptography (PQC), the interest of such a field has become even more obvious since the recent attacks on the discrete logarithm problem in small characteristic. Moreover, NIST’s call for standard PQC schemes in Nov. 2017 attracted tremendous research attention from the whole cryptographic community. Among potential candidate for alternative cryptography, rank-based cryptography is one of those strong candidates.

In rank-metric codes, each codeword is a matrix over a finite field and the distance between two codewords is defined as the rank of their difference. Rank-based cryptography relies on the difficulty of decoding error-correcting codes embedded with the rank metric. Besides their important application in post-quantum cryptography, rank-metric codes have found applications in network coding, space-time coding, magnetic recording, etc.

**Topics**

**1. Implementation of fundamental algorithms for rank-metric codes**

Independent of specific applications, some fundamental operations for rank-metric codes, such as searching for low-complexity normal basis, implementing the rank-metric Euclidean and extended Euclidean algorithms, etc. significantly affects the performance of the encoding and decoding process. This master project will be about the implementation of those fundamental operations and algorithms in rank-metric codes, which will contribute to both applications of rank-metric codes in network coding, post-quantum cryptography and theoretical research on rank-metric codes in general.

## Joint project (Selmer Center and NSM)

**Contact Person**: Sondre.Ronjom@uib.no (Chief Cryptologist at NSM)

#### 1. Intermediate solutions for quantum resistant key exchange

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with the quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. The goal of this project is to investigate candidate hybrid solutions for key exchange for the intermediate period between pre and post-quantum era. In hybrid solutions for key exchange, one combines classical key exchange algorithms with quantum resistant algorithms that has not been analyzed that well. The idea is that one gets classical security and at least some post-quantum security. Examples of hybrid schemes include ECDH+pre-placed key, ECDH+lattice key exchange(New Nope, Chrome browser) and so on. The goal of the project is to investigate the limitations of the different hybrid solutions proposed in the literature, in particular when implemented in current protocols and systems.

#### 2. The usability of NIST post-quantum competition candidates as replacements in existing systems and protocols

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with a quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (>15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. This goal of this project is to investigate the practical limitations of the post quantum NIST candidates as replacements in real world systems and protocols. In particular, the goal of the project is to rank candidates in terms of how easy they are to deploy in existing protocols and systems. Relevant metrics include implementation costs, key-sizes, and speed. One suggestion is to use deployment into TLS as a benchmark.

#### 3. Implementation of key-exchange based on McEliece cryptosystem

Post quantum key exchange algorithms based on hard problems from coding theory are believed to be secure post quantum candidates. The McEliece cryptosystem was introduced in the 70s and has been surprisingly stable against cryptanalysis up until this day. However, it has practical limitations with regards to implementation. In particular, key generation can be slow which can make it unsuitable for forward secrecy. Thus, in this project the aim is to implement McEliece (or Niederreiter) for secure parameter choices and investigate how the various parts (particularly key generation) can be optimized. It is recommended that implementations for simulations are done in C/C++ (Alternatively, optimization for FPGAs).

#### 4. Cryptanalysis of AES

The aim of this project is to survey the techniques used in modern cryptanalysis of block ciphers. There exist many different types of attacks, each attack assuming a slightly different attack model. The two typical types of attacks we are interested in are distinguishers and key-recovery attacks. The aim of key-recovery attacks is obvious. The aim of distinguishing attacks is to find non-random properties of a block cipher that can be used to distinguish it from a random permutation. Thus, a distinugisher is typically used to identify whether a black box oracle is actually AES or is further extended to a key recovery attack. The practicality of an attack depends on the adversarial model used in the attack. For instance, an adversary that can ask for encryptions of arbitrary plaintexts is more powerful than adversaries that can only observe ciphertexts. There are also models where the adversary knows that the secret key stems from a class of related keys. Thus, it is not always easy to compare the efficiency (time and data complexity) of attacks that work in slightly different models. It may be a good idea to focus on AES, which is the most important block cipher in use today. With a focus on AES, the aim should be to survey the various attacks on AES and try to make a meaningful comparison. Examples of relevant cryptanalysis against AES are integral(”Square attack”) and subspace cryptanalysis, (impossible) differential cryptanalysis, biclique attacks, algebraic attakcs and Boomerang attacks. In particular, an important contribution of this project would be to provide a meaningful comparison of attacks on AES in terms of practically meaningful parameters such as attack model, time complexity and data complexity. A complete and meaningful comparison is currently lacking in the literature. Such a comparison may very-well become a standard reference for further comparisons in the literature.

#### 5. Computing on encrypted data

There are many scenarios where different data-owners want to compare information without revealing their actual data. For instance, government wants to search network traffic for malicious activity without revealing what it looks for, while the network operator does not want to give access to its network to the government. Maybe two companies want to compute common statistics between their data without revealing the actual data. Computation on encrypted data can solve many of the issues we have today when it comes to ”fact based” information sharing. Different parties do not want to share confidential data, but they want to be able to share information about the data. Secure multiparty computation is a branch of cryptography that enables parties to compute a function on their joint data without each party having to reveal their respectively input.

The aim of this project is to survey the current state of the art in multiparty computation and its applications. The candidate should look into real world implementations to get an understanding of efficiency and limitations.

#### 6. White-Box AES (in Norwegian)

En White-Box (WB) implementering av AES (Advanced Crypto Standard) er en program-binary som implementerer AES kryptering eller dekryptering med en hemmelig nøkkel på en slik måte at det er praktisk umulig å gjøre det motsatte (dekryptere eller kryptere) selv om man har tilgang til program-binarien. Dette er typisk brukt i DRM (Digital Rights Management) og lignende scenarioer hvor man har behov for å kryptere eller dekryptere uten at brukeren eller noen andre skal finne nøkkelen.

Dette Master-prosjektet går ut på å studere teknikker for beskyttelse av AES program-binary basert på WB-implementering av AES-algoritmen. Dette er teknikker som gjør det vanskelig å angripe WB-implementasjonen med hjelp av f.eks. gray-box teknikker. Denne teknikken for beskyttelse av programvare ligner på teknikker man bruker for å beskytte seg mot sidekanalsangrep i hardware. Dette krever i hvert fall en viss grad av forståelse for hvordan en WB-AES programkode fungerer. Eksempler på WB-beskyttelsesteknikker er randomiserte execution paths / control flow randomisering, integritetsbeskyttelse, anti-debugging teknikker osv.

## Joint project (Selmer Center and IT company EVRY)

**Contact Person**: okazymyrov@gmail.com (Technical Test Analyst at EVRY)

**Background**: Present-day corporations cannot survive without information technologies. Several decades ago IT infrastructure was a supporting system offering an increased performance of daily routines. Today cybernetwork is a major part of any business tightly connected with all other branches. Corporations need to plan information security strategies globally since they are under cybercriminal risk 24/7. The modern approach to securing corporations consists of 3 major parts: information security operation centers (ISOC), incident response and red teams. While the first two measures are defensive (proactive and reactive), the last one is offensive with the goal on testing existing defensive components, find new weaknesses and analyze IT infrastructure in a scale (either local or global). The need for security triage is not always clear for senior management. A complete overview and recommendations based on practical experience in each direction with the focus on benefits as well as the minimum toolset portfolio is a valuable asset for any organization.

Resource investments in an attack depend on the motivation of adversaries. *IT corporations, like EVRY, have hundreds of customers with tremendous and complex network infrastructure.* Therefore, protection of own assets from cybercriminals is the priority No. 1. Performing periodical penetration tests for limited components does not provide enough evidence to judge whether an organization is secure. Organizations need a general approach to cybersecurity issues based on a necessary and sufficient toolset. The University of Bergen in collaboration with the NFT team in EVRY offers the following research topics within information security:

#### 1. Security vs compliance in corporations

- Development strategies for shared compliance: ISO 2700X, PCI DSS , GDPR , SWIFT, etc.
- Modern information security operation centers (ISOC)
- Prerequisite to a red team aiding the whole organization
- State-of-the-art approaches to building valuable IRT with focus on automation

#### 2. AI in SOCs: automation for removing the human factor

#### 3. Digital forensics: development of new methods and a smart use of general approaches based on company’s tool portfolio

## Joint Project (Selmer Center and Blockchangers)

#### Contact Person: Chunlei Li, Martin Knutli (Email: martin@blockchangers.com)

### Zero-Knowledge Proof in the Blockchain Technology

#### Background

Zero-Knowledge Proof (ZKP) is a fundamental tool of cryptography, which enables a party to prove an assertion without revealing anything to the verifier. The theory of ZKP has beautiful connections to the complexity and is used to prove many basic theoretical results of cryptography; in practice, efficient ZKPs have applications in efficient secure computation and advanced authentication schemes. Lately ZKPs are generating excitement due to their potential to increase privacy and security in blockchain applications. More information on the blockchain technology particularly the Ethereum can be found at https://www.ethereum.org/learn/ and recent research topics on the ZKP and its application in blockchain can be found at https://github.com/matter-labs/awesome-zero-knowledge-proofs.

The Selmer Center, in collaboration with the company Blockchangers (https://www.blockchangers.com/), has proposed the following projects in this area:

Project #1: Blockchain transactions. Hiding sensitive information transferred on an open blockchain. One key challenge of open blockchains (like the public blockchain Ethereum) is that transactions are open and should therefore not contain sensitive information (e.g. health data, confidential prices in business deals, order quantities and so on...). How can you hide the contents (e.g. balances, text strings, JSON web tokens) of a transaction while simultaneously proving the legitimacy of said transaction, using zero knowledge cryptography? This is an area of active research by many actors, e.g. Starkware.

Project #2: Overview of the current landscape. Map the current zero-knowledge landscape. What are zero knowledge proofs? zk-SNARK? zk-STARK? Where is the technology applicable? When is it most effective? When can/should it be used, and when can/should it not? Right now, ZKPs are incredibly technical and hard to understand, so contextualizing it and finding relevant use cases is hard. List and explain ways where zero-knowledge proofs can be useful. In finance, health, retail, industry, shipping, logistics, law, military, telecom, media, advertising etc. How would you practically implement your proposed use case?

Project #3: Identity and voting. In theory, using blockchain as a secure ledger to record the votes of a populace is regarded as an improvement over current methods. However, if using a public blockchain, your vote will be visible to everyone. How could zero knowledge cryptography be used to solve this problem? Furthermore, can you prove that you have a right to vote, but without revealing your identity? Can you vote without publicly revealing who you vote for? Can a program count all the votes cast and verify the new composition of e.g. a political party? Can you check that your own vote was included in the total counted votes, even if no one else can? Can a third party check that all cast votes have been correctly counted, without seeing anyone specific vote?

## Current Master Students (2018 - )

Kristoffer Z Rye

Anna Fossen-Helle

Fady Omar Alfaruk Ghrer

Alise Haukenes

Martin Tverråen

Sivanja Naguleswaran

## Completed Master Projects

Kjell-Erik Marstein **Improving auditing and privacy of electronic health records by using blockchain technology**

Joakim Grahl Knudsen* Randomised construction and dynamic decoding of LDPC codes*

Svein Bjarte Aasestøl* On the structure of low autocorrelation binary sequences*

Yong Cuo* Secure routing in ad-hoc networks*

Eirik Alvær* Brukervennlige kryptosystemer*

Jørgen Mjaaseth* Attacking web applications*

Hallvar Helleseth* Wi-fi security – How to break and exploit*

Øystein Hodnekvam Nyheim* A security of MQV over elliptic curves*

Olaf S. Garnaas* Implementing the ECDLP*

Trond-Egil Hegerstrøm* The construction of a stream cipher*

Sondre Rønjom* New results in algebraic cryptanalysis*

Espen Kvalheim* Arrangementssystem for friidrettstevner*

Qingshu Xu* New construction of separating codes*

Lars Eirik **Danielsen On self-dual quantum codes**

Odd Einar Aamot-Skeidsvoll* Introduksjon til datavirus og bruk av kryptografiske hjelpemiddel i virusverden*

Haji Mrisho Rubibi* Anti-Spamming Techniques*

Kent Inge F. Simonsen* J2ME Security*

Johannes Hoff* Error side channel attacks on SSL/TLS*

Raymond Hilseth* Algorithms for implementing a known plaintext attack on A5/2*

Aina Johansen* An implementation of the Gong-Harn cryptosystem*

Arnt-Henning Moberg* A comparison of the security features in the Java Runtime and the .NET framework*

Tor Røneid* Collusion-Secure Fingerprinting*

Dag Kjetil Storøy* On Boolean functions*

Klaus Hauge* Error control for multimedia over a wireless channel*

Trond R. Bjørstad* Nye øvre skranker på ytelsen til adaptiv koding og modulasjon i OFDM-baserte trådløse nett*

Thomas Tjøstheim* A critical view on Public Key Infrastructures*

Jostein Lund* Sekvensiell dekoding av trelliskoder*

Geir Røsland* Remote electronic voting*

Dinh Anh Tuan Tran* Sikkerhetsaspekter ved Bluetooth – Er sikkerheten bra nok*

Raymond Kristiansen* On the aperiodic autocorrelation of binary sequences*

Dag Arne Osvik* Efficient implementation of the data encryption standard*

Bodil Stakkestad Kristensen* Differential properties of some functions over a finite field*

Christian S. Knudtsen* Rotasjonsinvariante turbokoder*

Gunn-H. Gripsgård* Cryptanalysis of block ciphers*

Terje Bremnes* Protocols for wireless communication*

Vebjørn Moen* Integral cryptoanalysis*

Håkon Magne Gjelsvik* Krysskorrelasjon mellom maksimal sekvenser*

Julia Orekhova* Route optimization for mobile IP*

Martin Aune Hellesø* Message authentication*

Athar Akram* Millisecond-convergence in OSPF*

Per Arve Strømstad* Kryptografiske hash funksjoner*

Kjetil Handeland* Error correcting codes*

John Erik Mathiassen* Linær kryptoanalyse av blokksiffer*

Gunner Alendal* A differential/correlation attack on RC5*

Håvard Molland* Korrelasjonsangrep på strømchiffer*

Torbjørn Ovnerud* Linær kompleksitet til produkter av maksimalsekvenser*