I've already talked about Coursera before, and how much I liked it.

The Cryptography course by Dan Boneh is amazing and I often come back to it when I need a reminder. For example, even today I rewatched his video on AES because I was studying Differential Fault Analysis on AES (which is changing bits of the state during one round of AES to leak information about the last round subkey).

So if I could give you another course recommendation, it would be Software Security by Michael Hicks. It looks ultra complete and the few videos I've watched (to complete the security course I'm taking at the University of Bordeaux by Emmanuel Fleury) are top notch.

Communication Theory of Secrecy Systems is a paper published in 1949 by Claude Shannon discussing cryptography from the viewpoint of information theory. It is **one of the foundational treatments (arguably the foundational treatment) of modern cryptography**. It is also a proof that all theoretically unbreakable ciphers must have the same requirements as the one-time pad.

source: wikipedia

I found an old Matthew Green's post where he wrote a really useful list of cryptography blogs and resources

I'll get back here after reading everything.

Studying about smartcard there seem to be a lot about whitboxes to learn, since it is indeed a whitebox: the encryption/decryption that are done inside the cards can be analyzed since you own the card. Analysis are separated in different categories like non-intrusive and intrusive. Intrusive because for efficient analysis you would have to remove some part of the plastic covering the interesting parts and directly plug yourself on the chip. This is what **Differential Power Analysis** (DPA) do, it's a stronger kind of Simple Power Analaysis (SPA).

**Kocher & al** found out about this in 1998 and released a paper that is still very useful today: http://www.cryptography.com/public/pdf/DPA.pdf

The idea is to record the power consumption of the chip along multiple encryptions. You then obtain curves with pics that you can correlate to XORs operations being performed. You can guess what cipher is used, and where are the known rounds/operations of the cipher from the intensities of some peaks, and the periodicity of some patterns. In the paper they study DES which is still the state of the art for block ciphers then.

Looking at a big number of such curves, along with the messages (or ciphertexts) they encrypted, you can focus on one operation and **one bit** of the internal state to find out one bit of one of the subkey. One bit should affect the number of XORs being performed thus you should find a **correlation** between the bit you're looking for and the power consumption at one point. Repeat and find all the other ones. It's powerful because you only need to find one bit of the subkey, one after the other.

It's pretty hard to explain it without pictures (and a video would be even better, that's always something I have been wanting to do, if I dig deeper into it maybe I'll try that). But the basic idea is here, if you want more info check the original paper

I was wondering why Randomized Algorithm were often more efficient than non-randomized algorithm.

Then I looked at a list of random number generators (or **RNG**).

Of course we usually talk about **PRNG** (Pseudo Random Number Generator) since "truly random" is impossible/hard to achieve.

An interesting thing I stumbled into is that you can create a **PRNG** using a block cipher in counter mode, by iterating the counter and always encrypting the same thing, if the block cipher used is good, it should look random.

This sounds solid since ciphers sometimes need to have Ciphertext Indistinguishability from random noise.

To support such deniable encryption systems, a few cryptographic algorithms are specifically designed to make ciphertext messages indistinguishable from random bit strings

Also under the **Ciphertext indistinguishability property** that a cipher should respect, you shouldn't be able to find any relations between the ciphertexts coming from the same input but encrypted with an increasing counter.

MicroCorruption is a "game" made by **Matasano** in which you will have to debug some programs in **assembly**. There is a total of 19 levels and it gets harder and harder by the number. The first levels are made for beginners though! So it seems like a great tool to learn, and that's what our prof Emmanuel Fleury must have thought when he gave us this as homework. One rule: every level is worth one point.

I started writing the solutions here but as people told me "it was unethical to post solutions of a challenge online", I promptly removed them. If someday the challenge will shut down I will post the write ups online so that people can still learn from it :)

I feel like I don't write much about my formation, and that it could be useful to people who are wondering about **studying Cryptography at Bordeaux University**.

There is a good article from a M1 student here: http://journaldumaster.stats.yt/master-csi-presentation/

And as it says there, the master 1 is do-able both for maths and CS people as long as you're willing to catch up in the other subject. There's a lot of theory that will allow you to study more interesting subjects in the second year of Master.

I've talked about some of the subjects but one subject I forgot to talk about was a M1 class: Elliptic Curves, taught by Fabien Pazuki and if you have the chance of taking a class from the guy just do it. He's one of the best math teacher I have had in my life, along with Vincent Borrelli (Surfaces & Curves at Lyon 1) and **some dude I can't remember the name of**. Each one of them were both really passionate and making true efforts to be pedagogical.

Someone wrote about this awesome explanation of what is AES from scratch on the **#crypto** channel on freenode. It's pretty nice!