Examination arrangement

Course content

The course covers how to implement, analyse, attack, protect and securely compose cryptographic algorithms in practice. It goes in depth on how to implement computer arithmetic, attacking implementations using side-channel attacks and fault injection, exploit padding oracles and low-entropy randomness, utilise techniques to defend against these attacks, and how to securely design misuse-resistant APIs.

This course involves security of cryptographic software used in critical digital infrastructure across all of society, building up under the UN Sustainability Development Goals, by enabling financial services (8.10), facilitate resilient infrastructure (9.a), enhance scientific research and upgrade technological capabilities (9.5), ensure public access to information and protect fundamental freedoms (16.10), and enhance the use of enabling technology (17.8).

Learning outcome

A. Knowledge: Advanced knowledge about the mathematical building blocks underlying modern cryptography, properties of and applications of cryptographic primitives, challenges and common mistakes when implementing cryptography, side-channel attacks and countermeasures, and high level design principles for secure use of cryptography in practice.

B. Skills: Able to implement the underlying mathematics and high-level protocols used in symmetric key and public key cryptosystems, perform simple side-channel attacks and implement countermeasures, analyse side-channel countermeasures and design misuse resistant APIs for cryptography.

C. General competence: Experience on how to organise projects in small groups, conduct experiments, and write academic reports.

Learning methods and activities

Lectures, invited lectures, group projects and laboratory exercises.

Further on evaluation

Portfolio assessment is the basis for the grade in this course. The portfolio consists of one or more projects covering implementation, analysis, attacks and protection of cryptographic primitives. This will be announced at the beginning of the term.

The work on all tasks composes 100% of the final grade. The results for the projects are given in points and in %-scores. The entire portfolio is assigned a letter grade. All assignments will be given in English only and reports must be submitted in English.

If a student has the final grade F/failed, the student must repeat the entire course. Also in the case a student wants to improve their grade, they must repeat the entire course.

Recommended previous knowledge

The following courses are recommended: TMA4140 Discrete Mathematics, TDT4100 Object-Oriented Programming, TDT4120 Algorithms and Data Structures, TTM4135 Applied Cryptography and Network Security, or equivalent courses. It is also recommended to take TMA4160 Cryptography prior to or at the same time as this course.

Course materials

To be announced at the beginning of the term. The main course material will be given in the form of slides, notes, manuals, research papers, books and recordings.

Useful course material:

• ChipWhisperer: https://www.newae.com/chipwhisperer
• "Serious Cryptography" by Jean-Philippe Aumasson
• "Real World Cryptography" by David Wong
• "The Hardware Hacking Handbook" by Jasper van Woudenberg and Colin O'Flynn