PHD school on block ciphers and their security

Course description

The course is composed of two parts. In the first part we describe the algebraic tools needed to understand the cryptosystems presented in the second part. From the algebraic study we can derive naturally criteria and approaches to test the robustness and security of a symmetric cryptosystem: such criteria are introduced during the presentation of the cryptosystems.

The first part.

Introduction to the theory of permutation groups (action of a group on a set, transitive and k-transitive action, regular and k-sharply transitive action, primitive action, some maximal subgroups of the symmetric group),

finite field theory (fields, commutative rings, ideals, quotients, polynomial rings, primitive elements and polynomials),

permutation polynomials (over finite fields),

introduction to Boolean functions (property of the ANF, relations with Reed-Muller codes),

non-linearity in Boolean functions (classical non-linearity, functions MNL and AB, delta-uniformity and APN functions, weakly delta-uniformity and weakly APN functions, anti-invariance).

The second part.

Translation-based cryptosystems S-Boxes as Boolean functions, description of AES, SERPENT and PRESENT, how their security depends on their SBoxes (as Boolean functions),

the role of the mixing layer and of the key-scheduling in tb systems,

classical Feistel ciphers and their security (DES, 3DES),

modern Feistel ciphers and their security (Blowfish, Camellia, Kasumi, Twofish),

other interesting block ciphers (IDEA,IDEA-NXT/FOX,SAFER).

Lecture notes.

Lecture notes covering the whole course will be given to all participants.

Lab sessions.

Ten lab sessions

Everyday in the afternoon there will be a lab session where the software package MAGMA will be used to implement the theory described in the morning lectures. We believe that the immediate concrete use of theoretical tools is the best way to learn them.