# Master Education

## Hovedinnhold

## Master Program in Secure and Reliable Communications (2 Years)

**Summary - **The program comprises courses in the fields of coding theory, information theory, symmetric cryptography, public-key cryptography, network information theory, quantum information theory, and selected topics in the aforementioned fields. Each student also undertakes a masters thesis in conjunction with a supervisor on a relevant topic.

Master projects will be of theoretical or practical nature. Projects are selected to give candidates an insight into problems of interest at the frontier of international research in the design of cryptographic primitives, state-of-art cryptanalysis, post quantum cryptography, quantum computing and information theory, coding theory, etc.

The master program aims to both prepare students for future in industrial careers in computer science or mathematics or security, and/or to prepare students for future academic careers.

Check more information at the Secure and Reliable Communication and Study Plan

## Courses

### Compulsory units

**Spring Semester**

INF240 Basic Tools of Coding theory and Cryptography (10 ECTS)

**Fall Semester**

INF234 Algorithms (10 ECTS)

### Recommended Electives

**Spring Semester**

INF241Quantum Information, Quantum Computing, and Quantum Cryptography (10 ECTS)

INF247 Introduction to Cryptanalysis of Symmetric Ciphers (10 ECTS)

**Fall Semester**

INF242 Information Theory (10 ECTS)

INF243 Algebraic Coding (10 ECTS)

INF244 Graph-based Inference, Networks and Coding Theory (10 ECTS)

INF245 Computational Number Theory and Asymmetric Cryptography (10 ECTS)

## Master Projects

Are you interested in doing master projects on topics of

cryptography/cryptanalysis,

coding theory

sequences/signals design for wireless communication

cryptographically optimal functions,

quantum computing,

other security-related topics?

Below are some master projects we provide to you. You can also get in contact with us for other topics that you might be interested in.

### Igor Semaev: Cryptanalysis of symmetric and asymmetric primitives

**1. Practical post-quantum cryptography algorithms.**

Analysis of submissions for NIST(USA) competition in post-quantum cryptography.

**2. Algorithms for solving Learning With Errors(LWE) problem.**

LWE is a natural basis for modern cryptography protocols. The goal is to study and implement some of those algorithms.

**3. Algorithms for solving algebraic equation systems over finite fields.**

Comparisons of Groebner basis algorithms, satisfiability(SAT)-solvers and methods based on using Multiple Right Hand Side(MRHS) linear equations. The topic requires a good knowledge of Linear and Polynomial Algebra.

**4. Statistical cryptanalysis of symmetric ciphers.**

Multidimensional linear cryptanalysis applications to light-weight block ciphers. The topic requires some rudiments of Mathematical Statistics.

**5. Number theory problems in cryptanalysis.**

Factoring of integers and the Discrete Logarithm problem in finite fields and elliptic curves. Requires a good knowledge in Number Theory and Algebra.

**Lilya Budaghyan: **Cryptographic Boolean Functions

Developing Boolean functions webpage and/or computer search and investigation of cryptographically significant Boolean functions.

**Chunlei Li: Signal Design and Error-Correcting Codes in Wireless Communications**

Investigation and design of signals for air interface and error-correcting codes for reliability in wireless communications.

**Erik Mårtesson/****Alessandro Budroni: Post Quantum Cryptography**

**Background**

Modern cryptography relies on the assumption that it is hard to factor large integers or to find discrete logarithms. Despite decades of intense research, no efficient algorithm for solving either problem on a classical computer has been found.

However, in 1994 Peter Shor showed how both problems can be solved efficiently using a quantum computer. Due to the threat of quantum computers, cryptographers are investigating alternative, quantum-resistant mathematical problems to base cryptography on. This area of research is called post-quantum cryptography.

The threat from quantum computers is not just an academic curiosity. The National Institute of Standards and Technology (NIST) is famous for holding competitions leading to new cryptographic standards, such as the Advanced Encryption Standard (AES). NIST is currently organizing a competition for developing post-quantum cryptographic protocols. In the competition, the most promising underlying mathematical problem is the Learning with Errors problem (LWE). It is therefore important to carefully study algorithms for solving the LWE problem.

**Three master projects**

The most successful practical attacks against LWE so far are based on lattice reduction techniques. The projects below aim to investigate an alternative attack, based on the so-called BKW algorithm, which is very promising theoretically but has not been efficiently implemented yet. An implementation exists, but many potential improvements of the algorithm remain.

The candidate student would need to implement a parallelized and efficient version of the BKW algorithm in C. There might be a chance to get to use a supercomputer with hundreds of cores to run the experiments. A good mathematical background is a bonus, but not a necessity. It would be preferable that the student has taken the course INF236.

The BKW algorithm suffers from high use of memory, which in practice is often a limiting factor. Different methods for how to reduce this cost exist. This project would investigate how well these tricks can be implemented without sacrificing too much in terms of runtime. Also for this project, a good mathematical background is a bonus, but not necessary.

Techniques from lattice reduction have been combined with BKW to achieve asymptotic improvements of the algorithm. How to do this efficiently in practical implementation remains to be investigated. This project is likely to be more mathematically and algorithm-design oriented than the other two projects.

**Topic: Implementation of fundamental algorithms for rank-metric codes**

Independent of specific applications, some fundamental operations for rank-metric codes, such as searching for low-complexity normal basis, implementing the rank-metric Euclidean and extended Euclidean algorithms, etc. significantly affects the performance of the encoding and decoding process. This master project will be about the implementation of those fundamental operations and algorithms in rank-metric codes, which will contribute to both applications of rank-metric codes in network coding, post-quantum cryptography and theoretical research on rank-metric codes in general.

### George Petrides: Shift Registers, Data Privacy and Cryptanalysis

**1. Shift Registers and de Bruijn Sequences for Stream Ciphers.**

Stream ciphers aim at achieving an acceptable tradeoff between the perfect secrecy offered by the "one time pad" and its unmanageable requirement for single-use random keys of the same size as the message to be encrypted. The idea is that keys of manageable size are used to generate long keystreams for encrypting messages. Ideally, these keystreams should be unpredictable, and not start repeating too soon, if at all (that is, they should have long periods).

Popular components in modern stream ciphers that help to achieve the above-mentioned aim are Feedback Shift Registers (FSRs), which given some initial input produce periodic sequences based on their feedback function. Sequences with the longest possible periods are called de Bruijn sequences, but unfortunately not too much is known about how to construct them or their unpredictability.

The aim of this project would be to study de Bruijn sequences and more specifically

- existing methods for their construction and the efficiency of their implementations,

- criteria for their usability in stream ciphers,

- possible extensions of construction methods, with emphasis on the "joining and splitting of FSR cycles" approach.

**2. Assurance of Data Privacy in the Cloud.**

Outsourcing data to the cloud is a common practice nowadays, be it simply for storage or for resource-demanding computations. Privacy-aware users want the content of their data to remain hidden from third parties, and to address this, cloud servers promise to store data only in encrypted form.

The aim of this project is to investigate the current state of affairs with respect to secure cloud storage, including how users can obtain assurance their data is indeed (a) stored encrypted and (b) properly deleted upon request.

**3. Cryptanalysis of the McEliece Public-Key Cryptosystem**

The security of modern communication channels, including the Internet, depends partly on Public Key Cryptography, which enables the exchange of symmetric keys remotely. One such cryptosystem is the one based on coding theory proposed by McEliece, which unlike those widely in use today, is believed to remain safe even when quantum computers become a practical reality. It is also one of the candidates in an ongoing standardization competition by NIST in the US.

The aim of this project is to look into known attacks on the McEliece cryptosystem and investigate some new ideas.

### Sondre Rønjom: Joint projects between Selmer Center and NSM

#### 1. Intermediate solutions for quantum resistant key exchange

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with the quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. The goal of this project is to investigate candidate hybrid solutions for key exchange for the intermediate period between pre and post-quantum era. In hybrid solutions for key exchange, one combines classical key exchange algorithms with quantum resistant algorithms that has not been analyzed that well. The idea is that one gets classical security and at least some post-quantum security. Examples of hybrid schemes include ECDH+pre-placed key, ECDH+lattice key exchange(New Nope, Chrome browser) and so on. The goal of the project is to investigate the limitations of the different hybrid solutions proposed in the literature, in particular when implemented in current protocols and systems.

#### 2. The usability of NIST post-quantum competition candidates as replacements in existing systems and protocols

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with a quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (>15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post-quantum replacement at hand. This goal of this project is to investigate the practical limitations of the post quantum NIST candidates as replacements in real world systems and protocols. In particular, the goal of the project is to rank candidates in terms of how easy they are to deploy in existing protocols and systems. Relevant metrics include implementation costs, key-sizes, and speed. One suggestion is to use deployment into TLS as a benchmark.

#### 3. Implementation of key-exchange based on McEliece cryptosystem

Post quantum key exchange algorithms based on hard problems from coding theory are believed to be secure post quantum candidates. The McEliece cryptosystem was introduced in the 70s and has been surprisingly stable against cryptanalysis up until this day. However, it has practical limitations with regards to implementation. In particular, key generation can be slow which can make it unsuitable for forward secrecy. Thus, in this project the aim is to implement McEliece (or Niederreiter) for secure parameter choices and investigate how the various parts (particularly key generation) can be optimized. It is recommended that implementations for simulations are done in C/C++ (Alternatively, optimization for FPGAs).

#### 4. Cryptanalysis of AES

The aim of this project is to survey the techniques used in modern cryptanalysis of block ciphers. There exist many different types of attacks, each attack assuming a slightly different attack model. The two typical types of attacks we are interested in are distinguishers and key-recovery attacks. The aim of key-recovery attacks is obvious. The aim of distinguishing attacks is to find non-random properties of a block cipher that can be used to distinguish it from a random permutation. Thus, a distinugisher is typically used to identify whether a black box oracle is actually AES or is further extended to a key recovery attack. The practicality of an attack depends on the adversarial model used in the attack. For instance, an adversary that can ask for encryptions of arbitrary plaintexts is more powerful than adversaries that can only observe ciphertexts. There are also models where the adversary knows that the secret key stems from a class of related keys. Thus, it is not always easy to compare the efficiency (time and data complexity) of attacks that work in slightly different models. It may be a good idea to focus on AES, which is the most important block cipher in use today. With a focus on AES, the aim should be to survey the various attacks on AES and try to make a meaningful comparison. Examples of relevant cryptanalysis against AES are integral(”Square attack”) and subspace cryptanalysis, (impossible) differential cryptanalysis, biclique attacks, algebraic attakcs and Boomerang attacks. In particular, an important contribution of this project would be to provide a meaningful comparison of attacks on AES in terms of practically meaningful parameters such as attack model, time complexity and data complexity. A complete and meaningful comparison is currently lacking in the literature. Such a comparison may very-well become a standard reference for further comparisons in the literature.

#### 5. Computing on encrypted data

There are many scenarios where different data-owners want to compare information without revealing their actual data. For instance, government wants to search network traffic for malicious activity without revealing what it looks for, while the network operator does not want to give access to its network to the government. Maybe two companies want to compute common statistics between their data without revealing the actual data. Computation on encrypted data can solve many of the issues we have today when it comes to ”fact based” information sharing. Different parties do not want to share confidential data, but they want to be able to share information about the data. Secure multiparty computation is a branch of cryptography that enables parties to compute a function on their joint data without each party having to reveal their respectively input.

The aim of this project is to survey the current state of the art in multiparty computation and its applications. The candidate should look into real world implementations to get an understanding of efficiency and limitations.

#### 6. White-Box AES (in Norwegian)

En White-Box (WB) implementering av AES (Advanced Crypto Standard) er en program-binary som implementerer AES kryptering eller dekryptering med en hemmelig nøkkel på en slik måte at det er praktisk umulig å gjøre det motsatte (dekryptere eller kryptere) selv om man har tilgang til program-binarien. Dette er typisk brukt i DRM (Digital Rights Management) og lignende scenarioer hvor man har behov for å kryptere eller dekryptere uten at brukeren eller noen andre skal finne nøkkelen.

Dette Master-prosjektet går ut på å studere teknikker for beskyttelse av AES program-binary basert på WB-implementering av AES-algoritmen. Dette er teknikker som gjør det vanskelig å angripe WB-implementasjonen med hjelp av f.eks. gray-box teknikker. Denne teknikken for beskyttelse av programvare ligner på teknikker man bruker for å beskytte seg mot sidekanalsangrep i hardware. Dette krever i hvert fall en viss grad av forståelse for hvordan en WB-AES programkode fungerer. Eksempler på WB-beskyttelsesteknikker er randomiserte execution paths / control flow randomisering, integritetsbeskyttelse, anti-debugging teknikker osv.

## On-going Master Projects

Kristian Wøhlk Jensen | Polar codes for 5G communications |

Kristofer Nilsen | Searchable encryption for secure cloud storage |

Alise Haukenes | Construction and analysis of cryptographically significant functions |

Marie Heggebakk | Computationally testing EA-equivalence |

Ivana Ivkovic | Efficient implementation of algorithms for cryptographic Boolean functions |

Maren Hestad Aleksandersen | Experimental construction of optimal cryptographic functions by expansion |

Kjetil Amundsen Nesheim | Searching for new monomial APN functions |

## Completed Master Projects

Erlend Bøhler Nærbø | Penetration Testing on Web Applications |

Halvard Barstad | Deanonymizing Communications on The Onion Router (TOR) Network |

Ola Andreas Storstein | On decoding rank-metric codes |

Sivanja Naguleswaran | Experimental Study on One-Time Passwords used in Authentication within Norwegian Banking |

Kjell-Erik Marstein | Improving auditing and privacy of electronic health records by using blockchain technology |

Joakim Grahl Knudsen | Randomised construction and dynamic decoding of LDPC codes |

Svein Bjarte Aasestøl | On the structure of low autocorrelation binary sequences |

Yong Cuo | Secure routing in ad-hoc networks |

Eirik Alvær | Brukervennlige kryptosystemer |

Jørgen Mjaaseth | Attacking web applications |

Hallvar Helleseth | Wi-fi security – How to break and exploit |

Kent Inge F. Simonsen | J2ME Security |

Johannes Hoff | Error side channel attacks on SSL/TLS |

Raymond Hilseth | Algorithms for implementing a known plaintext attack on A5/2 |

Aina Johansen | An implementation of the Gong-Harn cryptosystem |

Arnt-Henning Moberg | A comparison of the security features in the Java Runtime and the .NET framework |

Tor Røneid | Collusion-Secure Fingerprinting |

Dag Kjetil Storøy | On Boolean functions |

Øystein Hodnekvam Nyheim | A security of MQV over elliptic curves |

Olaf S. Garnaas | Implementing the ECDLP |

Trond-Egil Hegerstrøm | The construction of a stream cipher |

Sondre Rønjom | New results in algebraic cryptanalysis |

Espen Kvalheim | Arrangementssystem for friidrettstevner |

Qingshu Xu | New construction of separating codes |

Lars Eirik | Danielsen On self-dual quantum codes |

Odd Einar Aamot-Skeidsvoll | Introduksjon til datavirus og bruk av kryptografiske hjelpemiddel i virusverden |

Haji Mrisho Rubibi | Anti-Spamming Techniques |

Klaus Hauge | Error control for multimedia over a wireless channel |

Thomas Tjøstheim | A critical view on Public Key Infrastructures |

Geir Røsland | Remote electronic voting |

Raymond Kristiansen | On the aperiodic autocorrelation of binary sequences |

Dag Arne Osvik | Efficient implementation of the data encryption standard |

Bodil Stakkestad Kristensen | Differential properties of some functions over a finite field |

Gunn-H. Gripsgård | Cryptanalysis of block ciphers |

Vebjørn Moen | Integral cryptoanalysis |

Terje Bremnes | Protocols for wireless communication |

Gunner Alendal | A differential/correlation attack on RC5 |

Per Arve Strømstad | Kryptografiske hash funksjoner |

Martin Aune Hellesø | Message authentication |

Kjetil Handeland | Error correcting codes |

John Erik Mathiassen | Linær kryptoanalyse av blokksiffer |