IA174: Fundaments of Cryptography

For each of the three regular homeworks, the first 3 points that you obtain are hard points. These are added to your final grade irrespective of the outcome of the written exam.

All the other points you obtain during the homeworks (including any points from the bonus homework) are soft points. These are added to your final grade if and only if your written exam result + your hard points are >= 60. That is, soft points are only added once you have enough exam + hard points to get at least E. In yet another words, the soft points will not help you pass the course, but if you pass it, they can improve your grade.

Example: Alice got 8 points from HW01, 7 points from HW02, and 2 points from HW03. That is, total of 8 hard points (3+3+2) and 9 soft points (5+4+0). She got 58 points from her written exam. Her exam + hard point total is 64 >= 60, so she passes the course. The 9 soft points are added to her point total, yielding 73 points, enough for D.

Example 2: Bob got 8 points from HW01, 3 points from HW02, and 1 point from HW03. That is, total of 7 hard points (3+3+1) and 5 soft points (5+0+0). He got 50 points from his written exam. His exam + hard point total is 57 < 60, so he fails the exam and needs to retake it (provided there are exam terms available).

The typical form of the homework is to find an idea on how to break a given flawed cryptographic construction and then implement the idea into an attack. Rudimentary programming skills are required.

The assignments will be posted at their dedicated webpages:

• Follow the instructions at the assignment webpages. In particular, you are allowed to submit at most one .zip file (any resubmission must overwrite the original file).
• The deadlines are strict. The submission vaults will close automatically once the deadline passes and there will be no other opportunity for submission. You are strongly advised to submit at least a day in advance so as to preclude possible issues with network connection etc.
• Each homework has a guarantor indicated in the assignment webpage. The guarantor can help you with technical issues, though you should primarily ask about such issues in the discussion forum in IS.
• The preferred language of text submissions is English.
• We do not a priori specify which programming language you should use in your implementation. We prefer that you stick to some of these languages: Python (incl. Sage), C++, C#, Java, Rust, JavaScript. Computer algebra systems, such as Magma, are also suitable for some of the HWs. Beyond the aforementioned list, each HW guarantor has a certain "degree of tolerance" for what you can submit. This might be indicated on the assignment page, or just ask the guarantor directly if you want to venture outside of the aforementioned list of languages.
• If you need clarification about the assignment, please use the discussion forum as well. You must however not indicate, in any way, any idea about the possible solution of the HW.
• Use of AI tools (in particular, large language models; LLMs) is permitted, but it must be declared. Consult the individual assignments for rules on how to cite the output of LLMs.

By submitting your solution you confirm that:

• You have adhered to the MU study and exam regulations.
• You have solved the assignment entirely on your own, without soliciting help from any other person (i.e., cheating is prohibited).
• Whenever you have used some literature and other resources (including webpages, textbooks, videos, etc.), you have referenced such a resource in the description.txt file (i.e., misappropriation of work is prohibited). The only exception to this rule are the course slides and lecture recordings, as well as reference guides for the programming language(s) you used in your implementation.
• If doubts arise about the authenticity of your submission, you will reply to our inquiries truthfully and honestly.

Violations of the above honor code will be reported to the FI disciplinary committee.

The exams will be written. Each exam will consist of a multiple-choice test (40 points) and four open questions (ca. 80 points).

The exam will cover all the lectures as well as the 3 regular homeworks. This is a theoretical course, so the exam will mostly test whether you know and understand the concepts and constructions presented. We definitely do not want you to memorize minuscule technical details of the concrete algorithms. E.g. for AES, I would expect you to know:

• that it is a block cipher;
• the high level scheme (that there is some key schedule and some round permutations that are applied repeatedly);
• high-level description of round permutations (that there are three operations, which one is non-linear, which one consists of computations over the Galois field, what is a Galois field);
• how is non-linearity achieved (i.e. some intuition behind S-boxes).

However, you are expected to know and understand the mathematical definitions and abstract concepts presented at the lectures, including security definitions via attack games. You are also expected to be able to reason about slight variations of these concepts that did not directly appear at the lecture.

The exam will be structured roughly as follows:

• a "simpler" multiple choice test (8 questions, one answer correct, 20 points total, there will be a penalty for wrong answers, though not for missing answers);
• a "harder" multiple choice test (4 questions, one answer correct, 20 points total, penalties as above);
• a "describe" question: describe a concept/algorithm/attack presented at the lecture (20 points);
• a "flaw" question: you will be given a cipher/algorithm/scheme with a security flaw, your task is to describe how to exploit the flaw to break the security of the given system (20 points);
• a "HW" question: a question testing your understanding of concepts related to some of the homeworks (20 points);
• a "security proof" question: describe a security reduction proving the security of some construction that did not appear at the lecture (20 points).

• On your desk, you can have writing utensils, an ID, your cheat sheet, and refreshments. Do not bring any other papers, you will get papers for writing from us.
• In particular, manipulating with any piece of digital technology during the test is strictly forbidden. This pertains in particular to phones, tablets, computers, etc.: you must not have these on your desk at all. You can wear smart watches, but restrict yourself to checking time on them. Any extended manipulation with them will be deemed suspicious.
• At the end of the exam, when the proctors tell you to stop writing, you really have to stop writing.
• The exam proctors have the authority to investigate any suspicious behaviour. If such a behaviour is detected, you will be warned to cease it. If the suspect behaviour continues (or if an outright cheating is discovered), you will be expelled from the exam with a grade F and referred to a disciplinary board.
• Please bring a valid photo ID (national ID, ISIC, passport, driving license,…) to prove your identity.

• The exam assignments are a copyrighted material and it is prohibited to take pictures of them or disseminate them further in any form. Violations will be referred to the faculty disciplinary board.
• Possibility of using a cheat sheet will be clarified at the end of the semester. Do not count on being able to use a cheat sheet, our experience shows that it rarely helps apart from forcing you to review the material when writing it down.

• The exam is allocated at least 150 minutes.
• The exam uses standard MU machine-readable answer sheets. In case you have not encountered them yet, please familiarize yourself with them here: https://is.muni.cz/auth/help/student/skenovani?lang=en;setlang=en#s_sken_nahlizeni
• Note in particular that for the multiple choice test you need to mark the answer in the machine-readable header of the answer sheet, otherwise the answer does not count. You will not be able to get new answer sheets for the multiple choice tests, since each sheet has a unique sample of questions. Hence, be careful when marking the final answer (you can, e.g. use a pencil and eraser).
• The open-ended questions will be assigned on a separate sheet of paper. Together with it, you will get four additional machine readable-sheets to write down your answers to these questions. Extra sheets can be provided on demand, but you are advised to write on both sides and be concise enough so as not to need an extra sheet.
• You can write in English, Czech, or Slovak.