##
PHD school on block ciphers and their security

Course description

The course is composed of two parts.
In the first part we describe the algebraic tools needed to
understand the cryptosystems presented in the second part.
From the algebraic study we can derive naturally criteria
and approaches to test the robustness and security of
a symmetric cryptosystem: such criteria are introduced during
the presentation of the cryptosystems.

###
The first part.

**Introduction to the theory of permutation groups **
(action of a group on a set, transitive and k-transitive
action, regular and k-sharply transitive action, primitive
action,
some maximal subgroups of the symmetric group),

**finite field theory **
(fields, commutative rings, ideals, quotients, polynomial
rings,
primitive elements and polynomials),

**permutation polynomials**
(over finite fields),

**introduction to Boolean functions**
(property
of the ANF, relations with Reed-Muller codes),

**non-linearity in Boolean functions**
(classical non-linearity, functions MNL and AB,
delta-uniformity and APN functions, weakly delta-uniformity
and weakly APN functions, anti-invariance).

###
The second part.

** Translation-based cryptosystems **
S-Boxes
as Boolean functions, description of AES, SERPENT and
PRESENT,
how their security depends on their SBoxes (as Boolean
functions),
** the role ** of the mixing layer and of the key-scheduling in
tb systems,

** classical Feistel ciphers and their security **
(DES, 3DES),

** modern Feistel ciphers and their security **
(Blowfish, Camellia, Kasumi, Twofish),

** other interesting block ciphers **
(IDEA,IDEA-NXT/FOX,SAFER).

###
Lecture notes.

Lecture notes covering the whole course will be given to all participants.

###
Lab sessions.

**Ten lab sessions**
Everyday in the afternoon there will be a lab session where
the software package MAGMA will be used to implement the theory described
in the morning lectures. We believe that the immediate concrete use
of theoretical tools is the best way to learn them.