# Teaching: Cryptographic Engineering

## Course Introduction

Cryptography provides algorithms that are crucial for the security (e.g., confidentiality, integrity, and authenticity) of our modern communication. However, these algorithms themselves are only one pillar for security; it is also important to implement these algorithms efficiently and securely. This course explains how to achieve high performance even for small embedded devices when implementing cryptographic (i.e., mathematical) algorithms and how to protect an implementation against side-channel attacks that are not looking for weaknesses in the algorithm or the implementation but in the physical properties of the computing platform. The course is accompanied by hands-on tutorials on efficient implementation, side-channel analysis, and countermeasures.

The course has a focus on:

• developing skills in low-level programming in C and assembly language,
• developing skills in analyzing the performance and the bottlenecks of an implementation,
• developing skills in optimizing software implementations with a focus on embedded devices,
• developing skills in side-channel analysis of cryptographic implementations, and
• developing skills in hardening cryptographic implementations.

## Expected Learning Outcome

The student will be able to:

• detect and evaluate the performance and bottlenecks of an implementation,
• develop optimizations for cryptographic applications, and
• analyze and protect cryptographic applications in regards to side-channel security.

## Content

Slides are based on content by Peter Schwabe, Norman Lahr, and Richard Petri.

### Introduction to Cryptography

Description:

Introduction to cryptography with a discussion of important terminology and principles.

Slides:
1. Introduction I: Introduction, symmetric schemes. [slides]
2. Introduction II: Asymmetric schemes, random numbers. [slides]

### Implementation and Optimization

Description:

Implementation and optimization of cryptographic schemes for embedded devices.

Slides:
1. Optimization Basics: Architectures, vectorization, and bitslicing. [slides]
2. Symmetric Cryptography: Implementing and optimizing AES. [slides]
3. Timing Side Channels: Causes and exploitation of side channels. [slides]
4. Multiprecision Arithemtic I: Addition and multiplication of large integers. [slides]
5. Multiprecision Arithmetic II: Redundant representation, reduction, and inversion. [slides]
6. Elliptic Curve Arithmetic: Background on ECC arithmetic. [slides]
7. Optimizing ECC: Optimization of scalar multiplication. [slides]
8. Excursus: Dual EC - A Standardized Back Door? [slides]

### Side-Channel Analysis

Description:

Performing and preventing side-channel based implementation attacks.

Slides:
1. Introduction to SCA: Background and basics of side-channel analysis and fault attacks.[slides]
2. Power Analysis: Simple, differential, and correlation power analysis. [slides]
3. SCA Countermeasures: Countermeasures against power attacks. [slides]
4. Fault Attacks: Introduction to fault attacks and examples of fault attacks on AES, RSA, and DSA. [slides]

### More Cryptography

Description:

Further topics in applied cryptography, cryptographic engineering, and cryptography in general.