## Projects

A Description of students projects that can be used in conjunction with the book can be found here.

To facilitate the homework problems with given ciphertexts, all ciphertexts can be found in this textfile.## Links

Contemporary resources on the different topics of the book and beyond are provided below. The link collection provides ample opportunity for learning more about modern applied cryptography.

Of course, the given links below should be considered as a snapshot of a vast amount of available online documentation and is not exhaustive.

### Chapter 1

#### Introduction to Cryptography and Data Security

- CrypTool is an excellent tool suite for learning cryptography. The CrypTool project develops the world most-widespread free e-learning programs in the area of cryptography and cryptoanalysis.
- MAC, a nice modular arithmetic calculator.
- A list of unsolved ciphers.
- The Babington Plot which led to the execution of Mary Queen of Scots in the 16th century is an example how cryptanalysis played into politics
- A good newsletter on security security (and usually not on cryptography) is Bruce Schneier's Crypto-Gram.
- A very useful addition to Understanding Cryptography is the Handbook of Applied Cryptography which is an outstanding compilation of cryptographic techniques (contains only material up to 1997).
- The International Association of Cryptographic Research is the professional organization of cryptographers with about 1500 members.
- The American Cryptogram Association.
- An excellent one-hour video summarizing the last 40 years of modern cryptography by Ron Rivest.
- Spanish language introductory videos about security.

### Chapter 2

#### Stream Ciphers

- The ESTREAM Stream Cipher Project which investigated 34 new ciphers from 2004-2008 and recommends 7 ciphers.
- The official web site of the Trivium stream cipher.
- A bit dated (1995) but still an excellent description of stream ciphers is the RSA Labs Technical Report on Stream Ciphers.
- An online randomness test.
- A web site listing maximal length polynomials for LFSRs.
- A web site providing true random numbers and a lot of additional information on random numbers.

### Chapter 3

#### The Data Encryption Standard (DES) and Alternatives

- The archived Federal Information Processing Standard FIPS 46-3 describes the Data Encryption Standard (DES) and the use of Triple DES. (Withdrawn: May 19, 2005.).
- The CrypTool-Educational Tool for Cryptography and Cryptanalysis includes a DES implementation and an animation of the algorithm..
- Implementation DES using the bitslice method is documented in the following references:

Eli Biham, 'A fast new DES implementation in software'. Also published in 'Fourth International Workshop on Fast Software Encryption', volume 1267 of LNCS, pages 260-272. Springer, 1997.

Matthew Kwan, Reducing the Gate Count of Bitslice DES, 1999.

Mitsuru Matsui and Junko Nakajima, 'On the Power of Bitslice Implementation on Intel Core2 Processor'. Also published in CHES '07: Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, pages 121-134. Springer, 2007. - 'Differential Cryptanalysis of DES-like Cryptosystems' by Eli Biham and Adi Shamir in the Journal of CRYPTOLOGY (Springer) in 1991.
- Eli Biham's slides of the talk 'How to Make Difference: early History of Differential Cryptanalysis' held at FSE 2006.
- A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys, Memorial University of Newfoundland can be found at following web site.
- The SHARCS (Special-purpose Hardware for Attacking Cryptographic Systems) conference series provides state-of-the-Art information on cryptanalytic hardware.
- The homepage of the Cost-Optimized Parallel Code Breaker (COPACOBANA).
- More Info on the Deep Crack key searching machine can be found on the web sites of the Electronic Frontier Foundation (EFF) and on the web site of Cryptographic Research.
- The PhD thesis 'Lightweight Cryptography - Cryptographic Engineering for a Pervasive World' by Axel Poschmann at the Ruhr-University Bochum gives a good overview on lightweight crypto and a detailed description of the PRESENT cipher.

### Chapter 4

#### The Advanced Encryption Standard (AES)

- The official specification of AES can be found at the NIST website.
- A flash animation of the AES encryption was made for the CrypTool project.
- Jeff Moser created a stick figure guide to AES for his Blog.
- Brian Gladman provides his his implementations on his web page, which have been used, e.g., in software like WinZip or TrueCrypt.
- The AES Lounge is a collection of recent research results in context to AES.

### Chapter 5

#### More about Block Ciphers

- A useful introduction on different modes of operation can be found at Wikipedia.
- A list of proposed operation modes of AES by NIST is available on the NIST web site. The specification, the security analysis report and some test vectors are available in the above link as well.
- Recommended modes of operations for block ciphers by NIST.
- The modes of operations for DES is described in FIPS PUB 81.
- A JavaScript implementation of AES in ECB and CT modes.
- Some program code examples for Triple-DES in CBC mode.
- A sample program for CBC mode.

### Chapter 6

#### Introduction to Public-Key Cryptography

- A compact description of the history of public-key cryptography with pictures of the core people.
- A long and fascinating interview with Martin Hellman about the history of public-key cryptography.
- www.keylength.com gives recommendations for the minimum required key-lengths for asymmetric and symmetric cryptography, for current and future implementations. Eight different methods can be compared to evaluate the minimum security requirements for your crypto system.
- To get an impression of the size of big numbers as used for public-key cryptography, this web site gives 'real-world' examples.
- GnuPG for Windows is an open-source collection of tools for Microsoft Windows that allow for comfortable email and file encryption using public-key cryptography. The OpenPGP-based project includes a key manager, supports various email clients and is very well documented. The similar project for Linux users can be found at www.gnupg.org.
- Wolfram MathWorld explains the properties of Euler's Phi function (also called Totient function) in detail, some graphical plots included..
- The GMP (GNU Multi Precision) library is an open-source project that allows for arbitrary precision arithmetic with big numbers, e.g., 2048 bit, in your own C programs. The GMP functions for large integers can be tested online.
- The article 'On the Security of 1024-bit RSA and 160-bit Elliptic Curve Cryptography' by Bos et al. gives a state-of-the-art comparison of the two most widespread public-key algorithms.

### Chapter 7

#### The RSA Cryptosystem

- The early days of RSA by Ron Rivest.
- The original RSA paper from Rivest, Shamir, and Adleman: 'A Method for Obtainig Digital Signatures and Public-Key Cryptosystems'. Communications of the ACM, 1978.
- A pedagogical implementation of RSA with lots of explanations and examples.
- The Public-Key Cryptography Standards (PKCS).
- RSA-based Cryptographic schemes with padding (RSAES-OAEP (encryption scheme) and RSASSA-PSS (signature scheme)).
- The latest RSA factorization record is the factorization of a 768 bit modulus. The main computation step took about 1500 PC-years.

### Chapter 8

#### Public-Key Cryptosystems Based on the Discrete Logarithm Problem

- The ground breaking paper New Directions in Cryptography by Whitfield Diffie and Martin E. Hellman, published in the IEEE Transactions on Information Theory.
- A nice alternative explanation of the Diffie-Hellman Key Exchange can be found here.
- A discrete logarithm calculator using the Pohlig-Hellman algorithm.
- The Diffie-Hellman Key Agreement Method is described in the Request for Comment (RFC) 2631.
- Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, see ANSI X9.42:2003.

### Chapter 9

#### Elliptic Curve Cryptosystems

- A detailed introduction and history to cryptography with elliptic curves can be found at http://eprint.iacr.org/2008/390.pdf.
- An interactive introduction to Elliptic Curve Cryptography can be found at the ECC Notebook.
- The use of elliptic curves is approved by major standardization institiutions. The Standards for Efficient Cryptography Group (SECG) specifies SEC 1, a Standard for Elliptic Curve Cryptography in particular for small and embedded systems.
- The National Institute of Standards and Technology (NIST) defines a standard for signatures with elliptic curves in NIST FIPS 186 - 3: Digital Signature Standard (DSS).
- The IEEE P1363 is the standard for public-key cryptography approved by the IEEE.
- Recent reasearch topics on elliptic curve cryptography are annually reported and presented on the international workshop on Elliptic Curve Cryptography: http://www.eccworkshop.org/.
- There is a wealth of ready-to-use libraries for elliptic curves with programming languages such a C/C++ and Java. Examples are the Open source ECC library libecc or the Bouncy Castle project.
- Elliptic curves can have different representations which allow for more efficient computations in special cases. The Explicit-Formulas database, providing a large variety of elliptic curves for use in cryptography, is maintained by Daniel J. Bernstein and Tanja Lange.

### Chapter 10

#### Digital Signatures

- The National Institute of Standards and Technology (NIST) defines a standard for digital signatures in NIST FIPS: Digital Signature Standard (DSS) and provides a fact sheet on the Digital Signature Standard.
- There is an online-tutorial available how to program a signature generation and verification tool in java.
- There are several frontends of the open source project GNU Privacy Guard (GPG) available to easily generate and verify digital signatures, such as the enigmail plugin for thunderbird.
- The Digital Signature Law Survey homepage provides a good overview of the laws regarding digital signatures for various countries. (Last update August 2005.)
- The current Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) standard is defined in RFC 5280.

### Chapter 11

#### Hash Functions

- Overview of many hash functions with specifications.
- Birthday Paradox: Wikipedia has a nice explanation.
- Standard for SHA1 and SHA2.
- Overview on SHA-3.
- A funny song by (famous) cryptographers about the 50+ submissions to the SHA-3 competition.
- CrypTool is a learning program which also demonstrates the sensibility of hash functions.

### Chapter 12

#### Message Authentication Codes (MACs)

- The Keyed-Hash Message Authentication Code (HMAC): FIPS PUB 198 Standard.
- A very accessible survey on Message Authentication Codes by Greg Rose.
- Identifiers and Test Vectors for HMAC-SHA-224, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512: RFC4231.
- CrypTool is a learning program which also demonstrates HMACs.

### Chapter 13

#### Key Establishment

- A comprehensive Recommendation for Key Management by NIST.
- An accessible description of how the Kerberos authentication protocol works.
- A man-in-the-middle attack in order to impersonate a nanny.
- An introduction to PKI on slides by Peter Gutman.
- The Station-to-Station (STS) protocol which is based on the Diffie-Hellman key exchange and provides perfect forward secrecy.