Cryptography - from A to Omega
Duration: 5 days

Back to course list Home
Synopsis This course undertakes to lay the foundations of both classic and modern-day cryptography over the span of 5 days. No mere feat!

The first day begins with the basic principles. By day II, it quickly moves on to discussion of modern ciphers such as RC4, DES and the present-day standard of AES (Rijndael). PKI methods such as Diffie-Hellman, RSA and ECC (Elliptic Curves) are explained in mathematical detail. Digital signature techniques and principles, including hash functions such as the (insecure) MD5 and SHA-1/SHA-256 are discussed as well. Finally, the course concludes by taking the algorithms discussed and showing their incorporation in protocols - both secure (TLS, IPSec, Kerberos) and insecure (NTLM, WEP). The course concludes with a deep discussion on the algorithms driving Cryptocurrency - from BTC to ETH and the myriad "alt-coins" which surface every day.

The course is highly theoretical, but laced with plentiful examples of real world applications and implementations in today's computing environments

Target Audience Developers, security analysts
  • Mathematics background - basic algebra at a minimum - vital
  • Linear Algebra/Matrix operations - highly recommended
  • Understand the principles behind public key cryptography
  • Understand symmetric algorithms, primarily AES
  • Explain the relatively simple mathemtical ideas behind PKI algorithms of DSA and Diffie Hellman
  • Define the principles of Elliptic Curve Cryptography
  • Understand hash functions, in particular SHA-1 and SHA-256
  • Analyze cryptographic foundations of common protocols
  • Explain the principles of cryptocurrency driving BitCoin
Exercises Course presents and solves mathematical problems step by step, but due to packed syllabus no time is allotted for free exercises
Day 1
1. Mission Statements
1 hours
This module deals explains the basic ideas and tenets of cryptography. Goals and mission statements
  • Principles
    • Terminology
      • Encryption
        • Authentication
          • Attestation
            2. Simple Ciphers
            3 hours
            Putting the principles and nomenclature into practice with historical ciphers that (at least at one time) were considered state of the art..
            • Monoalphabetic Ciphers (example: Caesar)
              • Polyalphabetic Ciphers (examples: Vigenere, Hill)
                • Transposition Ciphers
                  • Basic Cryptanalysis and Statistics
                    3. Information Theory basics
                    2-3 hours
                    Exploring Claude Shannon's landmarks principles of entropy and cryptanalysis
                    • Entropy
                      • Redundancy and Unicity Distance
                        • Chosen/Known Plaintext/Ciphertext attacks
                          • Complexity Theory
                            • P, NP, NP-Complete
                              Day 2
                              5. Prelude: Randomness
                              2 hours
                              Explaining the importance of random number generation in cryptography
                              • Randomness and pseudo-randomness
                                • PRNG algorithms
                                  • Phase space analysis and attractors/fractals
                                    • Case study: TCP sequence numbers
                                      • Stream Ciphers - LSFR
                                        • Case Study: RC4
                                          • Block Cipher modes (ECB, CBC, Counter)
                                            6. The (former) Data Encryption Standard
                                            2 hours
                                            Taking DES as a case study of one of the world's most popular algorithms, having survived for over two decades but now deemed entirely insecure.
                                            • DES
                                              • FIPS 46
                                                • Differential cryptanalysis attacks
                                                  • Triple DES
                                                    7. The Advanced Encryption Standard
                                                    3 hours
                                                    Taking AES as a case study of the current standard, and a modern (1990-2000) algorithm
                                                    • Rijndael
                                                      • FIPS 197
                                                        • S Boxes and P Boxes
                                                          • Hardware implementations and chip-level acceleration
                                                            • Application: Disk encryption (AES-XTS in Linux DM-Crypt and certain filesystems)
                                                              Day 3
                                                              8. Number Theory, in a nutshell
                                                              2 hours
                                                              This module deals with the basic concepts of number theory and advanced algebra which drive public key algorithms
                                                              • Modular Arithmetic
                                                                • Prime Numbers and Primality Testing
                                                                  • Sets and Fields
                                                                    • Chinese Remainder Theorem
                                                                      • Fermat's Little Theorem
                                                                        9. Diffie Hellman
                                                                        1 hours
                                                                        Explicating the principles of Diffie-Hellman Key Exchange (agreement) algorithm
                                                                        • Basic ideas of key exchange
                                                                          • Inefficient - the three way handshake
                                                                            • Diffie Hellman-Merkle
                                                                              10. RSA
                                                                              1 hours
                                                                              Rivest Shamir Adleman Algorithm
                                                                              • Algorithm
                                                                                • Attacks/Cryptanalysis
                                                                                  • PKCS
                                                                                    • Variants (elGamal, etc)
                                                                                      • Blum Blum Shub as a secure PRNG
                                                                                        11. ECC
                                                                                        2 hours
                                                                                        An introduction to Elliptic Curve Cryptosystems, which provide an alternative substrate to PKI , particularly in embedded systems
                                                                                        • Elliptic Curves
                                                                                          • Applications as fields
                                                                                            • Applying Diffie Hellman over ECC
                                                                                              Day 4
                                                                                              12. Hash Functions
                                                                                              2 hours
                                                                                              Basic theory of hash functions, with applications
                                                                                              • What makes for a good hash?
                                                                                                • Hash Collisions
                                                                                                  • Second Preimage attacks
                                                                                                    • The Birthday Paradox
                                                                                                      • Case Study (insecure): MD5
                                                                                                        • Case Study (more secure): SHA-1
                                                                                                          • Case Study (standard): SHA-256
                                                                                                            • The road ahead: SHA-ng
                                                                                                              • Application: Merkle Trees and Linux DM-Verity (used for disk authentication)
                                                                                                                • Application: FS-Verity (Filesystem authenticaiton in Android)
                                                                                                                  13. Digital Signatures and certificates
                                                                                                                  2 hours
                                                                                                                  Applying PKI + Hash functions for digital signatures and certificates
                                                                                                                  • Constructing a digital signature
                                                                                                                    • RSA, DSA and ElGamal signing
                                                                                                                      • Subliminal channels and key leaks
                                                                                                                        14. Zero Knowledge Proofs
                                                                                                                        2 hours
                                                                                                                        How do you prove you know something, without revealing what that 'something' is?
                                                                                                                        • Harnessing probability
                                                                                                                          • Guillou-Quisquater
                                                                                                                            • Zero Knowledge Proofs
                                                                                                                              • Feige-Fiat-Shamir
                                                                                                                                • Blind Signatures
                                                                                                                                  • Playing poker without a deck of cards (but with a LOT of math..)
                                                                                                                                    15. Advanced Topics
                                                                                                                                    2 hours
                                                                                                                                    A brief tour of topics at the forefront of cryptography
                                                                                                                                    • Visual Secret Sharing
                                                                                                                                      • Steganography
                                                                                                                                        • Secret Sharing
                                                                                                                                          • Anonymous Broadcasts
                                                                                                                                            • Unbreakable channels: Quantum Cryptography
                                                                                                                                              • The threat to modern day algorithms: Quantum Computing
                                                                                                                                                Day 5
                                                                                                                                                16. Real World Applications
                                                                                                                                                4 hours
                                                                                                                                                A discussion putting the four days of theory into real-world practice. Topics include:
                                                                                                                                                • Networking Protocol: SSL/TLS
                                                                                                                                                  • Networking Protocol: IPSec (AH, ESP, IKEv2)
                                                                                                                                                    • Application: PGP, S/MIME
                                                                                                                                                      17. Cryptocurrency
                                                                                                                                                      3 hours
                                                                                                                                                      A discussion of the theory and practice of cryptocurrency, inspired by Satoshi Nakamoto's seminal work
                                                                                                                                                      • The original White Paper
                                                                                                                                                        • Block Chaining
                                                                                                                                                          • Ethereum as an improvement over the original BTC
                                                                                                                                                            • Proofs of stake vs. Proofs of ownership
                                                                                                                                                              • Evaluating alt-coins