| Dozent | Zeit | Raum |
|---|---|---|
| Prof. G. Leander | Mo, 14:00 (Vorbesprechung am 26.10.) | NA 5/24 |
Zugewiesene Termine:
| Nr. | Kurztitel | Datum | Vortragender | Betreuer |
| 1 | ||||
| 2 | ||||
| 4 | ||||
| 5 | ||||
| 6 | ||||
| 7 | ||||
| 8 | ||||
| 9 | ||||
| 10 | ||||
| 11 | ||||
| 12 |
Organisatorisches
Eine Vorbesprechung findet am 26. Oktober (Mo) im Raum NA5/24 um 14:00 Uhr statt. Vortragsthemen für Studierende der ITS werden über das allgemeine Seminarverteilungssystem vergeben. Das Seminar wird als Blockseminar am Ende des Semesters stattfinden.
Vorraussetzungen
Vorteilhaft für die Teilnahme am Seminar sind Grundkenntnisse in der symmetrischen Kryptographie.
Regeln
- Es besteht grundsätzlich Anwesenheitspflicht für alle Teilnehmer.
- Für die Dauer Ihres Vortrags sollten Sie etwa 45 bis 60 Minuten anpeilen.
- Sie sollten sich spätestens 2-2,5 Wochen vor Ihrem Vortrag selbstständig bei Ihrem Betreuer melden, um das Verständnis des Inhalts zu zeigen.
- Spätestens 1 Woche vor Ihrem Vortrag sollten Sie nochmal Ihrem Betreuer Ihr Handout und Ihre Vortragsfolien präsentieren (falls Sie welche benutzen) sowie den Vortrag bereits im Wesentlichen fertig ausgearbeitet haben.
- Weiterhin soll zu jedem Vortrag ein kurzes Handout erstellt werden.
- Spätestens 1 Woche vor dem Vortragstermin die Folien kurz dem Betreuer präsentieren
- Weniger ist mehr. Versuchen Sie bei Ihrem Vortrag das Essentielle Ihres Themas zu vermitteln. Dabei ist es nicht notwendig alle Details zu präsentieren.
- Je nach Thema eignet sich entweder ein Tafelvortrag oder ein Beamervortrag, oder eine Kombination aus beiden. Bitte mit dem Betreuer absprechen.
- Vortragssprache ist Deutsch oder Englisch.
Mögliche Vortragsthemen
1. Slide Attacks
This paper describes a new generic known- (or sometimes chosen-) plaintext attack on
iterated block ciphers, which we call the slide attack and which in many cases is
independent of the number of rounds of a cipher.
Literature: slide attacks.pdf
2. A Generic Approach to Invariant Subspace Attacks: Cryptanalysis of Robin, iSCREAM and Zorro
This paper introduces a generic algorithm to detect invariant subspaces. The algorithm is applied to the CAESAR candidate iSCREAM, the closely related LS-design Robin, as well as the lightweight cipher Zorro. For all three candidates invariant subspaces are detected, and result in practical breaks of the ciphers.
Literature: http://eprint.iacr.org/2015/068
3. PRINCE - A Low-latency Block Cipher for Pervasive Computing Applications
This paper presents a block cipher – PRINCE - that is optimized with respect to latency when implemented in hardware. PRINCE is designed in such a way that the overhead for decryption on top of encryption is negligible. More precisely for the cipher it holds that decryption for one key corresponds to encryption with a related key.
Literature: http://eprint.iacr.org/2012/529
4. Automatic Search of Attacks on round-reduced AES and Applications
This paper describes versatile and powerful algorithms for searching guess-and-determine and meet-in-the-middle attacks on some byte-oriented symmetric primitives. To demonstrate the strength of these tools, it is shown that they allow to automatically discover new attacks on round-reduced AES with very low data complexity.
Literature: https://eprint.iacr.org/2012/069
5. Focus on the Linear Layer (feat. PRIDE)
The linear layer is a core component in any substitution-permutation network and its design significantly influences both the security and the efficiency of the resulting primitive. This paper proposes a general methodology to construct good, sometimes optimal, linear layers allowing for a large variety of trade-offs.
Literature: https://eprint.iacr.org/2014/453.pdf
6. Security of the AES with a Secret S-box
How does the security of the AES change when the S-box is replaced by a secret S-box, about which the adversary has no knowledge? This paper demonstrate attacks based on integral cryptanalysis which allow to recover both the secret key and the secret S-box for respectively four, five, and six rounds of the AES.
Literature: https://eprint.iacr.org/2015/144.pdf
7. The Rebound Attack: Cryptanalysis of Reduced Whirlpool and Grostl
The rebound attack is a tool for the cryptanalysis of hash functions. The idea is to use the available degrees of freedom in a collision attack to efficiently bypass the low probability parts of a differential trail.
Literature: https://www.iacr.org/archive/fse2009/56650270/56650270.pdf
8. A Family of Trapdoor Ciphers
This paper presents several methods to construct trapdoor block ciphers. These kind of trapdoor information make the cipher susceptible to linear cryptanalysis.
Literature: http://files.rsdn.ru/1390/vr-9703.pdf
9. Open Smart Grid Protocol
This paper shows practical weaknesses in the Open Smart Grid Protocol
(OSGP) which serves as an example for a bad design process in cryptography.
Literature: https://eprint.iacr.org/2015/428.pdf
10. Division Property
The division property is a generalization of the integral property and can be used to find improved integral distinguishers for attacking block ciphers.
Literature: https://eprint.iacr.org/2015/090.pdf
11. Cryptanalysis of SASAS
Alternating layers of S-Boxes and layers of affine mapping is a common design strategy in cryptography. This paper cryptanalyzes the SASAS construction and shows that it should not be used in cryptographic designs.
Literature: https://www.iacr.org/archive/eurocrypt2001/20450392.pdf
12. Argon2
The design of Password hashing algorithms is different from the design of conventional hash algorithms. We will have a close look at Argon2, the winner of the Password Hashing Competition.
Literature: https://www.cryptolux.org/images/0/0d/Argon2.pdf