Prof. Anja Lehmann, Dennis Dayanikli (TA), Andrey Sidorenko, Karla Friedrichs, Felix Auringer

Description

Cryptography is the discipline concerned with the design and analysis of protocols and techniques that secure information against adversarial access or manipulation. This lecture provides a rigorous introduction to modern cryptography, presenting the algorithmic and mathematical foundations as well as the formal security notions underlying symmetric and public-key primitives. The fundamental principle of modern cryptography—provable security—is a central theme of the course: formal attacker models are defined, and the security of the presented cryptographic methods is proven under well-specified complexity assumptions within these models. Participants will gain a systematic understanding of how the most common cryptographic constructions are designed, analyzed, and deployed to achieve provable security.

Topic Overview

• Information-theoretical vs. complexity-theoretical security
• Symmetric cryptography:
  • Symmetric encryption
  • Pseudo-random functions
  • Message authentication codes (MAC)
  • Hash functions
  • Authenticated encryption
• Asymmetric cryptography:
  • Diffie-Hellman key exchange
  • Public-key encryption
  • Digital signatures

The lecture is based mainly on the book: Katz, Lindell: Introduction to Modern Cryptography (currently 3rd edition, 2020), but also takes inspiration from Boneh, Shoup:  A Graduate Course in Applied Cryptography  (v6, 2023)

Requirements

The lecture requires basic knowledge of mathematics and theoretical computer science. In particular, students must be able to apply elementary proof techniques. Additional lectures/exercises will be offered alongside the lecture, in which elementary basics can be refreshed. 

Organisation & Exam

Weekly lecture and several smaller excercise groups out of which you can choose one. We also offer a voluntary Crypto CTF along the course to provide a more hands-on access to the lecture's topics. 

Written exam.

Links

[Moodle] [CAS Campus]

­­­

Prof. Anja Lehmann, Dr. Christian Mouchet

Description

This course is an introduction to the cryptographic techniques that enable computation over encrypted data, with a central focus on Homomorphic Encryption. It adopts a practical and engineering-oriented approach, while also covering essential theoretical concepts. The course includes two hands-on projects for the participants to apply their knowledge to develop functional cryptographic systems.

Topic Overview

• Definitions and modelling of Homomorphic Encryption (HE)

• Early HE constructions, ElGamal, Paillier.

• Current, lattice-based HE constructions

• HE-based secure multiparty computation (MPC)

Links

[Moodle] [CAS Campus]

Prof. Anja Lehmann, Karla Friedrichs, Cavit Özbay

The eIDAS2.0 regulation requires all EU member states to provide a digital identity solution – the EU Digital Identity Wallet (EUDI) – by the end of 2026. Using a digital identity system and strong authentication can improve security, but its ubiquitous manner also poses a risk to privacy when implemented in the wrong way. Therefore, eIDAS2.0 mandates several core privacy principles that the EUDI wallet must satisfy, such as selective disclosure and unlinkability of presentations.

While technical solutions exist that would naturally satisfy these requirements, the EU has decided to not use them (yet), and build the wallet entirely from classic signatures such as ECDSA. These signatures can be amended to provide some privacy, but inherently lack the support of unlinkability when issuers are corrupt: that is, a malicious issuer of a digital credential can always trace its usage when colluding with the services that accept them. The most obvious attack would require the issuer to store all issued credentials and compare them against all presentations based on them, which is often ruled out as too “impractical” or cumbersome to happen.

In this master project, we want to show that there are more clever ways that allow malicious issuers to track their users. Issuers can deviate from the protocol specification in a way that is indistinguishable from the users view, yet allows convenient surveillance and tracking through malicious entities. After developing these attacks, we also want to propose counter measures on how to thwart or detect them.

For more information, see our Poster or Project Description.