Cryptographic Engineering

    On-Line Class
    CET – Central European Time Zone

    Download One-Page Schedule Here

    Week 1: June 9-13, 2025

    Week 2: June 16-20, 2025

    Registration deadline: May 26, 2025
    Payment deadline: May 30, 2025

    registration

    TEACHING HOURS

    DAILY Central European Time CET
    (Lausanne)
    Eastern Standard Time EST
    (New York)
    Pacific Standard Time PST
    (California)
    India Standard Time IST (India)
    Module 1 3:30-5:00 pm 9:30-11:00 am 6:30-8:00 am 7:00-8:30 pm
    Module 2 5:30-7:00 pm 11:30 am-1:30 pm 8:30-10:00 am 9:00-10:30 pm

    WEEK 1: June 9-13

    Monday, June 9

    3:30-5:00 pm Introduction to Block Ciphers; DES and AES Christof Paar
    5:30-7:00 pm Lightweight Block Ciphers for RFIDs Christof Paar

    Tuesday, June 10

    3:30-5:00 pm Public-Key Cryptography: Algorithms and Protocols Çetin K. Koç
    5:30-7:00 pm Integer Arithmetic Algorithms and Architectures Çetin K. Koç

    Wednesday, June 11

    3:30-5:00 pm Specialized Hardware for Secret-Key Algorithms Ingrid Verbauwhede
    5:30-7:00 pm Introduction to PUFs (Physically Uncloneable Functions) Ingrid Verbauwhede

    Thursday, June 12

    3:30-5:00 pm Finite Field Arithmetic Algorithms and Architectures Çetin K. Koç
    5:30-7:00 pm Public-Key Cryptographic Hardware and Embedded Systems Çetin K. Koç

    Friday, June 13

    3:30-5:00 pm Introduction to Side-Channel Analysis Marc Joye
    5:30-7:00 pm Block Ciphers: Attacks and Countermeasures Marc Joye

    WEEK 2: June 16-20

    Monday, June 16

    3:30-5:00 pm Trusted Computing Architectures, SSL and IPSec Pankaj Rohatgi
    5:30-7:00 pm Electromagnetic Analysis and Advanced Side-Channel Analysis Techniques Pankaj Rohatgi

    Tuesday, June 17

    3:30-5:00 pm RSA-ECC – Side Channel Attacks and Countermeasures Marc Joye
    5:30-7:00 pm Post-Quantum Cryptography Algorithms Francisco R.-Henríquez

    Wednesday, June 18

    3:30-5:00 pm Post-Quantum Cryptography Implementations Francisco R.-Henríquez
    5:30-7:00 pm Fully Homomorphic Encryption Marc Joye

    Thursday, June 19

    3:30-5:00 pm Random Number Generators for Cryptographic Applications Werner Schindler
    5:30-7:00 pm Evaluation Criteria for Non-Deterministic Random Number Generators Werner Schindler

    Friday, June 20

    3:30-5:00 pm Random Number Generator Design Constraints and Challenges Viktor Fischer
    registration

    Scroll to Top


    Abstracts

    Cryptographic Engineering On-Line Class
    June 9-20, 2025
    EPFL Premises, Lausanne, Switzerland

    Introduction to Block Ciphers: DES and AES
    Christof Paar, Ruhr-University Bochum, Germany

    We will first give a brief introduction to AES, DES and 3DES, which are the most widely used symmetric ciphers. We will then develop method for efficiently implementing both AES and 3DES in software. For AES, algorithms for both 32 bit CPUs and 8 bit smart card CPUs, will be treated. We will then introduce the bit-slicing method, an advanced and very efficient approach for fast software implementation of block ciphers. We will use DES as an example for illustrating bit-slicing.

    Lightweight Block Ciphers for RFIDs
    Christof Paar, Ruhr-University Bochum, Germany

    For extremely resources constrained environments such as RFIDs, sensor notes or other mobile applications, it is highly desirable to have ciphers which are extremely lightweight. We will introduce optimization techniques for low-area and low-power ciphers. PRESENT, which is an extremely compact block cipher, will be discussed as a case study.

    Public-Key Cryptography Algorithms and Protocols
    Çetin K. Koç, UC Santa Barbara, USA

    Computational requirements of RSA, Elliptic Curve Cryptography, Diffie-Hellman, ElGamal, and DSA and their ECC variants. PKC computational pyramid. PKC ALU Design. Lessons of the first RSA chip. Exponentiation and point multiplication. Addition chains. Power tree and factor method. Binary and m-ary methods. Sliding window methods. Addition-subtraction chains. Canonical encoding algorithm. The NAF algorithm and its variants. Optional: Koblitz curves and tau-adic expansions.

    Integer Arithmetic Algorithms and Architectures
    Çetin K. Koç, UC Santa Barbara, USA

    Integer rings. Addition and multiplication. Modular addition and multiplication. Montgomery multiplication and exponentiation. Multiplicative inversion. The CIOS algorithm. Arithmetic with special primes. Solinas algorithms.

    Specialized Hardware for Secret-Key Algorithms
    Ingrid Verbauwhede, KU Leuven, Belgium

    This lecture will introduce hardware implementation aspects of block ciphers and stream ciphers. The DES and AES algorithm will be discussed in detail. These ciphers are never used standalone but combined with modes of operation and integrated as IP blocks in larger systems. Very compact realizations and very high throughput realizations will also be discussed.

    Introduction to PUFs (Physically Uncloneable Functions)
    Ingrid Verbauwhede, KU Leuven, Belgium

    CMOS process variations are considered a burden to IC developers since they introduce undesirable random variability between equally designed ICs. Measuring this variability can also be profitable as a physically unclonable method of silicon device identification. This can be applied to generate strong cryptographic keys which are intrinsically bound to the embedding IC instance. In this lecture, we study and compare different proposed constructions.

    Finite Field Arithmetic Algorithms and Architectures
    Çetin K. Koç, UC Santa Barbara, USA

    Representing field elements. Polynomial and normal basis. Addition in GF(2^k). Multiplication in polynomial basis. Irreducible polynomials. Normal basis squaring. Optimal normal basis multiplication. Quadratic and sub-quadratic multiplication algorithms. Karatsuba multiplication. Recursive Karatsuba algorithm. 2-Term and 3-Term Karatsuba algorithm and generalization. Montgomery-Karatsuba formulas.

    Public-Key Cryptographic Hardware and Embedded Systems
    Çetin K. Koç, UC Santa Barbara, USA

    Scalable dual-field arithmetic. Putting together GF(p) and GF(2^k) arithmetic. Montgomery multiplication in GF(2^k). Unified or dual-field full adder. Scalable and dual-field Montgomery multiplication. PKC on embedded software. Functional characteristics of embedded platforms. Incomplete addition. Compilers and assembler optimizations. Special curve solutions.

    Introduction to Side-Channel Analysis
    Marc Joye, Zama, France

    Side-channel analysis is a powerful technique re-discovered by Kocher in 1996. The principle consists in monitoring some side-channel information like the running time, the power consumption or the electromagnetic radiation. Next, from the monitored data, the adversary tries to deduce the inner-workings of the algorithm and thereby to retrieve some secret information. This talk reviews the basics of side-channel analysis on various cryptographic algorithms. It is illustrated with practical examples and several side-channel attacks are mounted against several naive, unprotected implementations of cryptosystems.

    Block Ciphers: Attacks & Countermeasures
    Marc Joye, Zama, France

    In this lecture, we will review some attacks against implementations of block ciphers. We will also present countermeasures to prevent these attacks. Focus will be on the AES block cipher.

    Trusted Computing Architectures, SSL and IPSec
    Pankaj Rohatgi, Cryptograpy Research, USA

    Businesses, governments and individuals are increasingly reliant on complex, highly-interconnected computing platforms, mobile end-points and network centric applications to conduct much of their business. Maintaining and validating the trustworthiness of this infrastructure has therefore become critical. However, as the complexity and value of the infrastructure has increased, the number of software vulnerabilities discovered and attacks mounted against applications, platforms, end-points, identities and sensitive data within this infrastructure have grown at an even faster pace. There is a realization that given this complexity, software-only security mechanisms may not be sufficient to defend against these attacks or to evaluate the trustworthiness of a system.
    Trusted computing is an effort to use trusted hardware to assist software in improving and evaluating the security for platforms, end-points, applications, identities and data. In this lecture, I will describe the Trusted Platform Module (TPM), which provides the hardware foundations for Trusted Computing and describe several ways in which the TPM could be used as a building block to improve or validate the security of platforms, end-points, applications, data and identities.

    Electromagnetic Analysis and Advance Side-Channel Analysis
    Pankaj Rohatgi, Cryptograpy Research, USA

    This lecture will provide an introduction to the electromagnetic emanation (EM) side-channel. We will describe the various types of compromising EM emanations and the equipment needed to capture them. We will illustrate how compromising EM emanations can be captured from a variety of cryptographic devices and how multiple signals can be captured from each device. Next we will illustrate a variety of EM attacks on cryptographic implementations. Although the attack techniques are similar to power analysis, many EM attacks are not feasible using the power side channel, either because they exploit additional leakages present in EM channels or the power side-channel is inaccessible. Finally we will describe how one can design countermeasures against EM attacks.

    RSA/ECC – Side Channel Attacks & Countermeasures
    Marc Joye, Zama, France

    Elliptic curve cryptography (ECC) shows an increasing impact in our everyday lives where the use of memory-constrained devices such as smart cards and other embedded systems is ubiquitous. Its main advantage resides in a smaller key size for a conjectured equivalent security level. In this talk, we survey different known techniques to get efficient ECC implementations that resist against a variety of implementation attacks.

    RSA is the most widely used public key cryptosystem. It can be used for both encryption and signature. While the security of (black-box) RSA is well understood its secure implementation remains challenging. Basically, two classes of side-channel attacks can be distinguished: SPA-like attacks and DPA-like attacks. An SPA-like analysis is a process with a single measurement of some side-channel information; when there are several measurements handled with statistical tools, the process is referred to as a DPA-like analysis. This talk teaches how to prevent those two classes of attacks. General guidelines are provided along with concrete implementations.

    Post-Quantum Cryptography Algorithms
    Francisco Rodrìguez-Henrìquez, Cryptography Research Centre of the Technology Innovation Institute at Abu Dhabi, UAE

    As of today, most cryptographic systems deployed in the real world use asymmetric primitives that rely on the hardness of integer factorization (most notably RSA public-key encryption and signatures), or the (elliptic-curve) discrete-logarithm problem. While a sensible choice of parameters for these schemes are believed to resist attacks launched from classical computers, it is known since Shor’s seminal 1994 paper, that a large universal quantum computer will be able to solve both factoring and discrete logarithms in polynomial time. Fortunately, when sufficiently large quantum computer become a reality, this will not imply the end of efficient public-key cryptography. There exist various approaches for constructing public-key encryption or key-encapsulation mechanisms (KEMs) and signatures that — as far as we know — can resist attacks coming from large universal quantum computers.
    In this lecture we present an introduction to the most important techniques for achieving a secure and efficient implementation of so-called post-quantum cryptography, the anticipated next generation of asymmetric cryptography. Concretely, we will study five main approaches to construct such post-quantum cryptography, namely, Lattice-based Cryptography, Code-based Cryptography, Multivariate Cryptography, Hash-based Cryptography, Isogeny-based Cryptography.

    Post-Quantum Cryptography Implementation
    Francisco Rodrìguez-Henrìquez, Cryptography Research Centre of the Technology Innovation Institute at Abu Dhabi, UAE

    In this class we present an introduction to the most important techniques for achieving a secure and efficient implementation of so-called post-quantum cryptography, the anticipated next generation of asymmetric cryptography. Concretely, we will revise the algorithms and their best software implementation practices.

    Fully Homomorphic Encryption
    Marc Joye, Zama, France

    Fully homomorphic encryption (FHE) allows computing over encrypted data. In this lecture, we will cover some advanced topics in FHE. In particular, we will cover bootstrapping of ciphertexts and its extension to programmable bootstrapping. The general case of multivariate functions over encrypted data will also be dealt with. Applications to the private evaluation of neural networks will be discussed.

    Random Number Generators for Cryptographic Applications
    Werner Schindler, BSI Bund, Germany

    Many cryptographic mechanisms require random numbers, e.g. as challenges, session keys or signature parameters. Inappropriate random number generators may weaken principally strong cryptographic mechanisms considerably. Requirements are formulated that appropriate random number generators should fulfill and concrete examples are discussed. Relevant differences between deterministic and the non-deterministic random number generators are worked out.

    Evaluation Criteria for Non-Deterministic Random Number Generator
    Werner Schindler, BSI Bund, Germany

    In this lecture, I will investigate in more details the problem of physical security evaluations against side-channel attacks, with applications to implortant classes of countermeasures such as masking. In a first step, I will descibe formal approaches to quantify the information leakages and put forward their potential shortcomings. Next, I will use case studies to illustrate that one can gain good intuition about the security of certain implementation based on simple heuristic formulas.

    Random Number Generator Design Constraints and Challenges
    Viktor Fischer, Université de Saint Etienne, France

    In this lecture, we will first analyze the main characteristics of random number generators (RNGs): quality related issues such as sources of randomness, entropy extraction principles, post-processing, output bit-rate and its stability; security related issues such as existence of a mathematical model, inner testability and robustness against attacks; design related issues such as resource usage, power consumption, feasibility in logic devices and design automation. Next, we will critically analyze and compare the main existing RNG principles. Based on this analysis, we will point out pitfalls that can exist in a practical RNG design and challenges that are usually faced when designing secure RNGs according to recommendations AIS 20/AIS 31.

    registration

    Scroll to Top


Search

Time Zone

  • Lausanne, Delft (CET)
  • Santa Cruz (PST)
  • New-York (EST)
  • India (IST)

Local Weather

Lausanne
6°
light rain
humidity: 88%
wind: 10m/s SW
H 10 • L 3
3°
Mon
1°
Tue
1°
Wed
Weather from OpenWeatherMap