4003-482-01/4005-705-01 Cryptography
Graduate Team Project

Investigation
Team Formation
Team Proposal
Team Deliverables
Team Presentations
Grading
Absences
Late Submissions
Plagiarism

The team project is to implement a block cipher algorithm and implement an attack on it.

1. You must pick a block cipher.

   1. Each team must pick a different block cipher. As team proposals are submitted, I will post links to them on the course web site so you can see what other teams have picked. If you pick the same block cipher as another team who submitted their proposal earlier, I will not accept your proposal and you will have to pick a different block cipher.

   2. You are not allowed to pick a block cipher covered in class. Why? Because one of this project's objectives is to expose you to additional functions beyond those covered in class. The following functions will be covered in class and are prohibited:
      • Block ciphers -- AES, DES, PRESENT, Threefish, Triple-DES

   3. To find a block cipher that interests you, I suggest scanning books in the library or listed in the Bibliography. The Handbook of Applied Cryptography and Applied Cryptography, 2nd Edition are especially useful as sources of ideas.

2. You must write an implementation of your block cipher algorithm. I will be showing examples in class.

   1. You must implement your block cipher from scratch, based on its published specifications. You may not use any existing implementation as part of your project.

   2. You may use whatever language you wish.

   3. Your implementation must include the capability to specify the number of rounds of the algorithm to use. For example, the DES block cipher algorithm has 16 rounds; an implementation of DES must support specifying any number of rounds R, not just 16.

   4. Your block cipher must implement this Java interface or its exact equivalent in another language: BlockCipher.java (download)

3. You must do a literature search for any journal papers, conference papers, technical reports, web sites, etc. that describe attacks on your chosen block cipher.

4. You must write a program that carries out an attack on your block cipher implementation. I will be showing examples in class; see Structural Attacks on Block Ciphers.

   1. The program must attack the block cipher algorithm reduced to one or two rounds.

   2. If you so choose, the program may attack the block cipher algorithm reduced to more than two rounds.

   3. You may choose to implement one of the attacks shown in Structural Attacks on Block Ciphers (ad hoc attack, meet-in-the-middle attack, linear attack, differential attack) or another attack you discover from your literature search.

   4. Before choosing a specific attack, think carefully about whether you will be able to understand and implement the attack within the time allotted for this project.

5. You must run your attack program to find several different unknown encryption keys based on known plaintexts and ciphertexts.

6. Based on your attack program runs, you must analyze how many encryptions and how many known plaintexts and ciphertexts are required for the attack to succeed.

44% of the graded work for the course will be done in a two- or three-person team. You get to pick your own partners. You must do the following by 11:59pm Thursday 14-Mar-2013:

1. Pick your partners. I would strongly prefer three persons on each team. I will accept two persons on a team if necessary; for example, if N ≢ 0 (mod 3), where N is the number of graduate students in the class.

2. Pick a name for your team.

3. Set up a web site for your team. You may use the web site in your CS account (public_html directory) or another publicly accessible web site. The web site should list the team name and the team members.

4. Post your team proposal on your web site. See Team Proposal below.

5. Send me an email giving the team name, the names of the team members, the email addresses of the team members, and the URL of the team web site.

Team formation is worth 4% of your final course grade. If you complete the above steps by the deadline, you will get 4%. Otherwise, you will get 0%; furthermore, I will assign you arbitrarily chosen partners.

Write a proposal for your team project. The proposal must be at most two pages long. The proposal must be in the form of a PDF file. Post the proposal on the home page of your team web site. The proposal must include the following information:

1. The block cipher you will implement.

2. Complete citations to the block cipher's published specifications.

3. A brief description of the attack you will implement.

4. Complete citations to the papers publishing the attack.

5. Complete citations to any other papers, books, web sites, etc. with information about your block cipher that you plan to use.

I will not accept your team proposal unless it appears on the home page of your team web site. I will not drill down past the home page to try to find your team proposal. If your web hosting provider doesn't let you put documents on the home page, host your web site somewhere else.

You must post the following items on the home page of your team web site. These team deliverables will be graded and must be posted by 11:59pm Thursday 02-May-2013.

• A final report, in the form of a PDF file, including:
  • A description of the algorithm(s) of your block cipher, including plenty of diagrams to show how the algorithm(s) work.
  • Source code for your block cipher implementation.
    • The source code must appear in the PDF file.
    • The only source code included must be the class or classes that implement the block cipher interface specified above.
    • The source code must be annotated with comments that clearly and completely describe what each part is doing.
  • A description of the attack on your block cipher.
  • A description of your attack program, including the format of the input and output data.
  • The results of running your attack program to find several different unknown encryption keys.
  • An analysis of how many encryptions and how many known plaintexts and ciphertexts are required for the attack to succeed.
  • An analysis of each item found in your literature search, including a comparison of their results to yours.
  • A developer's manual for your software (i.e. exact instructions for how to compile the software).
  • A user's manual for your software (i.e. exact instructions for how to run the software, how to use the UI if any, etc.).
  • A discussion of what you learned from the project.
  • A discussion of possible future work.
  • A statement of what each individual team member did on the project.
  • List of references.

• All software design descriptions, source code, test cases, input files, output files, test results, and so on that you developed during your investigation. Do not include the test suite software. These must be posted in a single archive file, either a JAR file, a ZIP file, or a TAR GZIP file.

I will not accept your team deliverables unless they appear on the home page of your team web site. I will not drill down past the home page to try to find your team deliverables. If your web hosting provider doesn't let you put documents on the home page, host your web site somewhere else.

The team will give two presentations in class, one during week 6, the other during week 10, as shown on the Course Schedule. Specific dates and times for each team's presentations will be assigned later. The presentations will cover the same material as in the team report.

For each presentation, the team must give prepared slides (using PowerPoint, LibreOffice, or the like) and must respond to questions from the audience. All team members must participate in the presentation. The team must also post the prepared slides on the home page of the team web site before giving the presentation in class, along with any other supporting materials. The prepared slides must be posted in the form of a PDF file. You may also post the prepared slides in other formats.

You will project your slides using the classroom's PC projector. You may use your own laptop. If you don't have a laptop, borrow one.

Cover the following items in your first presentation. You will have a maximum of 15 minutes for your presentation.

• Introduce the team members.
• Describe the algorithm(s) of your block cipher. Include plenty of diagrams to show how the algorithm(s) work.

Cover the following items in your second presentation. You will have a maximum of 20 minutes for your presentation.

• Introduce the team members.
• Briefly describe your block cipher.
• Describe the attack on your block cipher.
• Briefly describe your attack program, including the format of the input and output data.
• Give the results of running your attack program.
• Analyze how many encryptions and how many known plaintexts and ciphertexts are required for the attack to succeed.
• Analyze each item found in your literature search, including a comparison of their results to yours.
• Discuss what you learned from the project.
• Discuss possible future work.

24% of your final course grade is based on the quality of your team's results as recorded in your team's final deliverables posted on your team web site. All team members will receive the same grade for results. I will grade the deliverables as follows:

• [26 points] Team Report
  Each of these items will be assigned points as follows:
  2 = Satisfactory
  1 = Needs improvement
  0 = Missing
  • A description of the algorithm(s) of your block cipher
  • Source code for your block cipher implementation
  • A description of the attack algorithm
  • A description of your attack program
  • The results of running your attack program
  • An analysis of how many encryptions and known plaintexts/ciphertexts are required
  • An analysis of each item found in your literature search
  • A developer's manual for your software
  • A user's manual for your software
  • A discussion of what you learned from the project
  • A discussion of possible future work
  • A statement of what each individual team member did on the project
  • List of references
• [10 points] Software deliverables (source code, etc.)
  10 = Satisfactory
  8 = Needs minor improvements
  6 = Needs major improvements
  0 = Missing
• [36 points] Total

20% of your final course grade is based on the quality of your two team presentations. All team members will receive the same grade for each presentation. I will grade each presentation on a scale of 0 to 10 points, with 10 = outstanding, 1 = unacceptable, and 0 = absent. However, if your prepared slides are not posted on the home page of the team web site in the form of a PDF file before giving the presentation in class, I will deduct 5 points from your team project presentation grade.

I will add your grade for each presentation and the deliverables, along with any comments I have, to your encrypted grade file. See the Course Policies and the Encrypted Grades for further information.

If you are absent from class when one of your team presentations is scheduled, you will receive a grade of zero for the presentation unless before the start of the class when the presentation is scheduled you make an alternate arrangement with me. I am normally willing to permit this only for absences due to illness or unforeseen personal emergency. However, if you feel you have a valid reason for your absence, please discuss it with me. Appointments, job interviews, career fairs, vacations, trips home, and other scheduled activities are not valid excuses for absence. You have an obligation to this course, and you must schedule other activities so as not to interfere with class sessions.

If your team deliverables are not posted on your team web site by the deadline, your team deliverables will be late and will receive a grade of zero. You may request an extension for posting your team deliverables. See the Course Policies for my policy on extensions.

The team proposal, team presentations, and team deliverables must be entirely your team's own work. I will not tolerate plagiarism. If in my judgment any team product is not entirely your team's own work, you will automatically receive, as a minimum, a grade of zero for the assignment. See the Course Policies for my policy on plagiarism.

Cryptography • 4003-482-01/4005-705-01 • Spring Quarter 2013

Course Page

Alan Kaminsky • Department of Computer Science • Rochester Institute of Technology • 4486 + 2220 = 6706

Home Page

Copyright © 2013 Alan Kaminsky. All rights reserved. Last updated 01-Mar-2013. Please send comments to ark­@­cs.rit.edu.