### Abnormal Differential Cryptanalysis

Description: given a complex structure of some real-life cipher we design tweaks or conditions which make that it is NOT a Markov cipher and one difference (bitwise XOR on all bits) propagates in an abnormal way for a very large number of rounds. Namely probabilities do not multiply anymore and the attack complexity grows slower than exponential when the number of rounds increases. We actually embed a hidden polynomial property which the attacker might ignore, because all he checks is the differential property which BTW looks normal if the attacker has limited computing power or a limited amount of encrypted data. We will also study truncated differentials, which is the same but we ignore some bits.

Prerequisites: Not too hard. COMP0058 obligatory, matrices, polynomials, Boolean functions, ANF. Differential Cryptanalysis, some scientific programming background with polynomials in C++ or SAGE maths.

### Backdoors in Block Ciphers, Theory and Practice

Description: The main question is that given a complex structure of some real-life cipher can we design an S-box which makes this cipher weaker than expected.

Prerequisites: Harder, strong algebra required, COMP0058 obligatory, matrices, polynomials, Boolean functions, ANF, Differential Linear and Generalized Linear Cryptanalysis, some scientific programming background with polynomials in C++ or SAGE maths, SAT solvers and other software tools for cryptanalysis.

### SM3 versus SHA256 Comparative study

~~Description:~~ These two hash functions are very similar. We will study how they differ and if attack on one can be adapted to the other. For example collision attacks or would bitcoin mining be faster IF we replaced SHA-256 by SM3 as they are actually extremely similar,

Prerequisites: COMP0058 obligatory, polynomials, Boolean functions, ANF, Differential Linear and Generalized Linear Cryptanalysis, some scientific programming background with polynomials in C++ or SAGE maths, SAT solvers could be used.

### Cold War Cryptography and Historical Ciphers

##### Description

We will study various historical ciphers such as East-German T-310, Russian GOST cipher etc.

##### Prerequisites

COMP0058 or good grade in some other crypto modules. Programming like source code and text vectors. Firmware for old processors. . Knowledge of German or if a student studied maths at a university in Germany would help.

### Cryptanalysis of Ciphers with Annihilators and Cycles on Polynomials

We will study how an attack on multiple block and stream ciphers can be constructed with a uniform prescriptive methodology with Boolean polynomials.

**Prerequisites:** COMP0058 obligatory, good maths, matrices, polynomials, Boolean functions, ANF. Programming in Python or other. Working with lots of data sets and extensive computer simulations with complex polynomials and affine spaces and machine learning or evolutionary/mutation approaches. GPU or FPGA programming skills could help.

### Digital Signatures and Recovery of Private Keys in Crypto Currency Wallets

Description: We are going to study how private keys can be recovered in specific attacks scenarios and design optimized key recovery techniques based on graphs and linear algebra. We will study different types of digital signature schemes nad possibilities offered by new upgrades of bitcoin with Schnorr signatures etc. We will study key derivation BIP32/44/48 standards, RF6979, HMAC, SHA256 and SHA256 and OpenSSL rng, and see how exactly these are or can be implemented and see how these can be attacked by side channel attacks in theory and in practice.We will study possibilities offered by new upgrades of bitcoin with Schnorr signatures. We will study how crypto currency wallets can maybe be hacked and how to make them robust against such attacks.

Prerequisites: COMP0058 or other cryptography course, maths, programming, algebra, digital signatures, maths and number theory, elliptic curves.

### Polynomials relations and low level arithmetic of Elliptic Curves

The main problem is given a set of solutions defined by ECC relations and constraints what is the most efficient method to encode them as low degree polynomial equations mod P? Another problem is, can such systems of equations be solved by software at a reasonable cost? Another problem is to speed up computations and reduce multiplicative complexity of various complete formulas used by crypto developers, inside OpenSSL or crypto currency source code or other. A key problem is how the complexity of algebraic coding can be reduced in many ways by algebra and pre-computed computational shortcuts. A related problem is the existence of elliptic curves with special properties.

**Prerequisites:** COMP0058 Cryptanalysis obligatory, maths/algebra, scientific programming with polynomials in C/C++ or SAGE maths.

### The Rivest Time Capsule Puzzle

We study how this was solved. It is about doing repeated squaring really fast modulo a composite integer.

**Prerequisites:** COMP0058, maths/algebra, tough on number theory, scientific programming with polynomials in C/C++ or SAGE maths.