Teaching: Cryptographic Engineering
Course Introduction
Cryptography provides algorithms that are crucial for the security (e.g., confidentiality, integrity, and authenticity) of our modern communication. However, these algorithms themselves are only one pillar for security; it is also important to implement these algorithms efficiently and securely. This course explains how to achieve high performance even for small embedded devices when implementing cryptographic (i.e., mathematical) algorithms and how to protect an implementation against side-channel attacks that are not looking for weaknesses in the algorithm or the implementation but in the physical properties of the computing platform. The course is accompanied by hands-on tutorials on efficient implementation, side-channel analysis, and countermeasures.
The course has a focus on:
- developing skills in low-level programming in C and assembly language,
- developing skills in analyzing the performance and the bottlenecks of an implementation,
- developing skills in optimizing software implementations with a focus on embedded devices,
- developing skills in side-channel analysis of cryptographic implementations, and
- developing skills in hardening cryptographic implementations.
Expected Learning Outcome
The student will be able to:
- detect and evaluate the performance and bottlenecks of an implementation,
- develop optimizations for cryptographic applications, and
- analyze and protect cryptographic applications in regards to side-channel security.
Content
Slides are based on content by Peter Schwabe, Norman Lahr, and Richard Petri.
Introduction to Cryptography
Description:Introduction to cryptography with a discussion of important terminology and principles.
Further reading:- Understanding Cryptography by Christof Paar and Jan Pelzl, Springer.
Implementation and Optimization
Description:Implementation and optimization of cryptographic schemes for embedded devices.
Further reading:- Cryptographic Engineering edited by Çetin Kaya Koç, Springer,
- Handbook of Elliptic and Hyperelliptic Curve Cryptography edited by Henri Cohen, Gerhard Frey, Roberto Avanzi, Christophe Doche, Tanja Lange, Kim Nguyen, and Frederik Vercauteren, CRC Press.
- Optimization Basics: Architectures, vectorization, and bitslicing. [slides]
- Symmetric Cryptography: Implementing and optimizing AES. [slides]
- Timing Side Channels: Causes and exploitation of side channels. [slides]
- Multiprecision Arithemtic I: Addition and multiplication of large integers. [slides]
- Multiprecision Arithmetic II: Redundant representation, reduction, and inversion. [slides]
- Elliptic Curve Arithmetic: Background on ECC arithmetic. [slides]
- Optimizing ECC: Optimization of scalar multiplication. [slides]
- Excursus: Dual EC - A Standardized Back Door? [slides]
Side-Channel Analysis
Description:Performing and preventing side-channel based implementation attacks.
Further reading:- Power Analysis Attacks by Stefan Mangard, Elisabeth Oswald, and Thomas Popp, Springer.
- Fault Analysis in Cryptography edited by Marc Joye and Michael Tunstall, Springer.
- Introduction to SCA: Background and basics of side-channel analysis and fault attacks.[slides]
- Power Analysis: Simple, differential, and correlation power analysis. [slides]
- SCA Countermeasures: Countermeasures against power attacks. [slides]
- Fault Attacks: Introduction to fault attacks and examples of fault attacks on AES, RSA, and DSA. [slides]
More Cryptography
Description:Further topics in applied cryptography, cryptographic engineering, and cryptography in general.
Further reading:- Post-Quantum Cryptography edited by Daniel J. Bernstein, Johannes Buchmann, and Erik Dahmen, Springer.
- Excursus: Introduction to Post-Quantum Cryptography. [slides]