CRYPTOGRAPHIC ENGINEERING

• Knowledge and understanding: the student will acquire a technical background on some developing tools for Modern Cryptography; it will cover high-level cryptographic solutions but also low-level developing tools in order to be able to implement any kind of cryptographic schemes.
• Applying knowledge and understanding: the student will learn how to determine the effective security level of a cryptographic solution but also to prevent the use of not-secure approaches in his own code; such goal will be pursued by means of the study of existing applied solutions but by understanding how some notable cryptographic attacks work.
• Making judgements: the student will learn to judge the goodness of existing cryptographic schemes but also its suitability in a software project making use of it.
• Communication skills: the student will learn the specific technical micro-language and he will be able to interface with technical documentation but also to communicate with experts in such field.
• Learning skills: the theoretical background from Cryptography, jointly with the specific practical-technical knowledge acquired in this course, will permit the student to approach the adoption/adaptation/development of any cryptographic scheme in a more complex software project.

In class oral lessons on theoretical arguments and on laboratory-related aspects.

Should teaching be carried out in mixed mode or remotely, it may be necessary to introduce changes with respect to previous statements, in line with the programme planned and outlined in the syllabus.

requirements: knowledge of Cryptographic theory and good programming skills

prerequisite: Cryptography

This class is intended as the continuance of the theoretical path started with the course “Cryptography” and it can be considered a bridge towards the practice. It covers arguments from the, so called, "Cryptographic Engineering" field: it is fusion of the theoretical and practical knowledges that are necessary to implement cryptographic schemes in a sound, secure and efficient way. The first part of the class covers some basic concepts of theory and the introduction of some efficient algorithms widely used in implementations of multi-precision integers (MPI) arithmetic. Such knowledge is strictly necessary in order to optimize the performances of the cryptographic schemes but also to effectively understand many advanced cryptographic attacks presented during in the course. A second part of the class covers the study of some real-world standards (SSL/TLS, SSH) and to some related advanced cryptographic attacks. A third part goes deep in the implementation details on the topic.

• [AvOV] Alfred Menezes, Paul van Oorschot, Scott Vanstone: Handbook of Applied Cryptography
• [PP] Christof Paar, Jan Pelzl: Understanding Cryptography: A Textbook for Students and Practitioners
• [S] N.P. Smart: Cryptography Made Simple 

The slides include several references to technical scientific papers.

The exam involves the assignment of a scientific article in the original language to the student: this article will typically contain the proposal of one or more cryptographic schemes or notable attacks on known schemes.

The student, after examining the article limited to the agreed parts (no demonstrations), must:

• create an implementation project (using the tools and techniques introduced in class) of some cryptographic schemes (or attacks) contained in the article itself;
• take an oral interview on the theoretical contents seen in class; the student who sufficiently passes the two (written) tests in progress will be exempted from this interview.

Verification of learning can also be carried out electronically, should the conditions require it.