This course aims to teach learners about bugs in cryptographic implementations. By the end of the course, students will be able to identify implementation mistakes in encryption methods, understand the vulnerabilities in various constructions, and analyze real-world examples of flawed cryptographic systems. The course covers topics such as authenticated encryption, encrypt-then-MAC, nonces, associated data, and signcryption. The teaching method involves presenting examples of flawed implementations and discussing the lessons learned from these mistakes. This course is intended for individuals interested in cryptography, cybersecurity, and software development.
Overview
Syllabus
Introduction.
A basic question.
Answer: authenticated encryption.
Constructions Generic composition encrypt-then-MAC key = (kana kmal).
Nonces and associated data.
Many more desirable properties.
Lots of viable constructions.
Implementation mistakes.
Example 1: Apple RNCryptor.v1 [2013].
Why is this a problem?.
Example 2: checksum-MAC (abstract WEP).
The chopchop attack (abstractly).
Signcryption: AE in the pub-key settings [O-RTT mutual authenticated key exchange, for messages] Sender.
A beautiful mistake: iMessage (simplified).
The problem.
Lessons.
Shameless plug ....
Taught by
Stanford Online
