F.-X. Standaert

Teaching Activities

**Master students.** Directly related to the course ELEC2760 (see below), several topics are
proposed for master theses. Proposals are open to master students in __electrical engineering,
electromechanical engineering, computer science engineering and mathematical engineering__.
Depending on the students, topics can be adapated with a more or
less theoretical flavour, with or without a programming part. Some of them can also be combined
with an industrial internship.
Interested students can contact me by
e-mail to obtain more
information. Foreign students should first register at UCL before contacting me.

**PhD students.** Open positions at the Crypto Group are listed on the group's
webpage.

ECTS: 5 credits, Lectures: 30h, Exercises: 30h.

*Goal. *
This course covers the different issues that are raised by the design of cryptographic algorithms and their implementation
(in hardware and software). It is part of the option in "Cryptography and
Information Security", as a complementary to courses in cryptography (MAT2450) and computer system security (INGI2347).
However, *these courses are not prerequisites*. More specifically:

- Cryptography assumes the existence of certain basic primitives acting as perfect black boxes in order to prove the security of
advanced functionalities (identification, signature, voting, ...). For example, the block cipher in Figure 1 is ideally assumed to act as
a family of random permutations. But in practice, this random permutation has to be emulated by a particular algorithm that
can run efficiently on different devices. And this emulation of an idealized abstraction with a practical instance may have
mathematical weaknesses (e.g., deviations from a random behavior). Understanding these deviations is the goal of cryptanalysis
and is essential in order to ensure the reliability of secure systems.

- On the other hand, the more general field of information security exploits cryptographic protocols and their implementations in order
to secure computer-based (or other) applications such as e-mails, Internet, payment systems, ... And these applications also imply different constraints
on the "efficiency" of the cryptographic implementations (e.g., in terms of code size, circuit size, throughput, power consumption, cost, ...).
So, designing algorithms and implementations able to fulfill these constraints is also critical.

Figure 1. From black box assumptions to cryptographic implementations.

The goal of this course is to analyze the design of cryptographic algorithms as a tradeoff between security
and performances. Taking the example of Figure 1 again, a 128-bit random permutation could be seen as a large table with
2^128 possible inputs. But no computer would be able to store
such a large table. Hence, while large random tables could be the best solution from a security point of view,
practical implementations require algorithms that can be represented with simpler operations such as the ones
available in the instruction sets of standard computing devices. Following, the course discusses how practical algorithms
can fulfill the properties required by cryptographic protocols (as defined in MAT2450) while in the same time allowing
sufficient performances for being used in real applications (as studied in INGI2347). Additionally, it pays a particular
attention to the security against so-called physical attacks, in which an adversary not only exploits the regular inputs
and outputs of his target device, but also alternative information channels. It finally studies how physical phenomenons can
be exploited constructively in a secure system (e.g., in order to generate random numbers, or using biometrics). Such problems are
essential for the deployment of small embedded devices such as smart cards, RFIDs, ...
*The course material includes the following topics:*

- ...