Excellent explanations Sir. Your explanations have helped me to learn many nook and corners of cryptography, starting from Symmetric/Asymmetric ciphers, key agreement, digest functions and how such cryptosystems are used over the wire, clubbed with my understanding of networking and studying about the TLS handshake(which actually does everything necessary covering the four tenets of cryptography), including algorithms as part of the cipher suites. Took over one and a half years going through your lectures, scanning through rfc's etc. Really! Thumbs Up! You deserve a salute!
Thank you for your consistent effort and detailed explanations, Professor Christof. Watched your videos detailing the workings of RSA and Extended-EA for an Mathematics Exploration report which will constitute 20% of my IB Math Grade. Your explanations and clarity have helped me understand what seemed to be an incredibly abstract and complex series of theorems and formulae. I sincerely appreciate your work and dedication to producing tutorials for free, so that the rest of the world may be able to benefit from your teaching. Thank you once again.
the constants for the rho step are the triangular numbers going by the order of the pi permutation, modulo 64. in addition, the iota constants are actually determined by setting bits 1, 2, 4, 8, 16, 32, 64 of each number to the output of an LFSR, in sequence.
Excellent lecture like always Professor Paar. I just had a thought, in the movie "Swordfish" Hugh Jackman was a hacker and in the first 'crypto scene' he was operating on cubes to break the cipher. I think back in the day (this is early 2000s) they already visioned an algorithm in crypto that was to be 3-dimensional :D
Wonderful presentation, as all the others are! Question on technology making the current rounds in Cryptographic domain: Are you planning to offer video courses on "Differential Privacy" and "Homomorphic Encryption", both focused on Privacy which is becoming a very sought after area currently? My problem with the current internet content (both video and text) is that it is overly mathematical, which I don't mind if explained properly and less abstractly. I am hoping that you can offer the courses without overwhelming us with abstract theoretical math, but geared towards actual algorithms which we can understand at a basic level. We can then take it to actual implementation at hardware and software level. Thank you again for all your efforts.
For the teta step. I want to know if I have to do the operations with a copy of A (the state) after I xor with A of origin Or do the operations directly on A ? Because if we make directly on A modifies the previous elements of the slice, they will have an impact on the calculation of the elements which succeed them.
where i can find this additional chapter of the book there is no link provided for that. it would be of great help if it can be provided. thanking you sir for the effort
Dear Christof, thank you for your course. I have a question related to use of SHA3 as a PRNG as you propose in the lecture. You suggest that one can simply continue to squeeze the sponge and take the part of the block. But this looks deeply concerning since the bits such a generator outputs are feeded back again into the F function of the next iteration. So in case we want to use this approach in an CSPRNG we are baisically giving an attacker a pretty large portion of the state of the generator for free. This looks pretty dangerous. Is this secure because the part of the generator state is not revealed? Even if so I still think I would rather run a Hash DRBG as proposed by NIST based on SHA3 rather than this....... What do you think?
Good consideration but the SHA-3 sponge construction is exactly designed so that you *can* squeeze out r bits securely in every iteration if you run it as PRNG. Even though the attackers has the r state bits, there are c capacity bits that are not revealed to him/her. The smallest standardized number for c is c=512 (where r=1088). Note that the f function in SHA-3 performs 24 iterations which is sufficient to prevent attacks. --- I am not a symmetric cryptographer myself. If you want to get deeper into the security consideration of sponge constructions, I would suggest that you start with the excellent page that the Keccek team maintains: keccak.team/sponge_duplex.html cheers, christof
Hi, For Rho and Pie step - Does this rotation in Rho step takes places 25 times and then move forward to pie step? or is it r[0,0] -> pie step and again r[0,1] pie step. Thank you.
Hello Professor, In SHA-3, when considering X0, what is the other input for XOR ? As per block diagram, its coming from r. Assuming r is a register, what contents should we be assuming? Thanks and Regards, Srinivas
There are actually independet of each other and it does not matter too much which one you watch first. It is a bit more natural to watch them in the order 21, and then 21 (update). regards, christof
I am looking forward to starting my masters studies at RUB, but I was wondering if it is common practice for Profs at RUB to write everything on the blackboard? The Profs at my current Uni just project their slides and also upload them for the students which makes preparing for the lecture and studying for exams very pleasant.
@@introductiontocryptography4223 I, for one, really love that you do this on a blackboard. Watching you build up and draw each part step by step is so much better than looking at a fixed slideshow.
The SHA-3 extension chapter is on the companion site of our textbook: Go to www.crypto-textbook.com -> Sample Chapter and scroll down to "Extension Chapter", after Chapter 11. Good luck with learning crypto, christof
Thank you very much for this! Helped me a lot in my studies... However, I believe the reason for your "mistake" in the Iota-subfunction, is because it is split into 2 algorithms, where the last of these is responsible for the round-constant and not the Iota algorithm in general, which is why you had noted table 1.4 and not 1.5. So a piece of the puzzle seems to be missing from this lecture... But a great lecture nontheless!
Professor Paar is a true legend. I am proud to have learnt Crypto from him at UMASS Amherst
Did not expect an upload on this channel after 3 years, much appreciated!
Excellent explanations Sir. Your explanations have helped me to learn many nook and corners of cryptography, starting from Symmetric/Asymmetric ciphers, key agreement, digest functions and how such cryptosystems are used over the wire, clubbed with my understanding of networking and studying about the TLS handshake(which actually does everything necessary covering the four tenets of cryptography), including algorithms as part of the cipher suites. Took over one and a half years going through your lectures, scanning through rfc's etc.
Really! Thumbs Up! You deserve a salute!
i really feel good when i listen to you prof. i watched you lectures while i was preparing my PhD, and now i am PhD and still watching your lectures
Congratulations on that
This is a wonderful video! THANK YOU so much Christof Paar, you are doing the world a great justice by sharing this with us!!!
Thank you for your consistent effort and detailed explanations, Professor Christof. Watched your videos detailing the workings of RSA and Extended-EA for an Mathematics Exploration report which will constitute 20% of my IB Math Grade. Your explanations and clarity have helped me understand what seemed to be an incredibly abstract and complex series of theorems and formulae. I sincerely appreciate your work and dedication to producing tutorials for free, so that the rest of the world may be able to benefit from your teaching. Thank you once again.
Studying SHA-3 for a cryptography final. Your explanation is fantastic. Thank you for sharing your lecture.
Thanks for the update! Good to see that you are still supporting young minds on crypto.
This is way clearer than my professors have assed 25min explanation. Thank you.
Wow, new video! Much appreciated! Please post more!
Long waited lecture ...thanks Prof. Paar!
Thank you for sharing your knowledge for free sir, appreciate it!
Crypto 314 nice yt channel u got too
I finally undestood sponge function. I is hard to understand it fully just by looking at the scheme, explanation of Christof helps a lot.
the constants for the rho step are the triangular numbers going by the order of the pi permutation, modulo 64. in addition, the iota constants are actually determined by setting bits 1, 2, 4, 8, 16, 32, 64 of each number to the output of an LFSR, in sequence.
This is quite a sweet video, nice work man.
Excellent lecture like always Professor Paar. I just had a thought, in the movie "Swordfish" Hugh Jackman was a hacker and in the first 'crypto scene' he was operating on cubes to break the cipher. I think back in the day (this is early 2000s) they already visioned an algorithm in crypto that was to be 3-dimensional :D
truly appreciated, thanx sir
"This is pretty dramatic" -> Wins the internet today ! :D
Happy Birthday to your Son Sir!!!!
Wonderful presentation, as all the others are!
Question on technology making the current rounds in Cryptographic domain: Are you planning to offer video courses on "Differential Privacy" and "Homomorphic Encryption", both focused on Privacy which is becoming a very sought after area currently?
My problem with the current internet content (both video and text) is that it is overly mathematical, which I don't mind if explained properly and less abstractly. I am hoping that you can offer the courses without overwhelming us with abstract theoretical math, but geared towards actual algorithms which we can understand at a basic level.
We can then take it to actual implementation at hardware and software level. Thank you again for all your efforts.
For the teta step. I want to know if I have to do the operations with a copy of A (the state) after I xor with A of origin
Or do the operations directly on A ?
Because if we make directly on A modifies the previous elements of the slice, they will have an impact on the calculation of the elements which succeed them.
where i can find this additional chapter of the book there is no link provided for that. it would be of great help if it can be provided. thanking you sir for the effort
nicely explained.
excellent speaker!
Dear Christof, thank you for your course. I have a question related to use of SHA3 as a PRNG as you propose in the lecture. You suggest that one can simply continue to squeeze the sponge and take the part of the block. But this looks deeply concerning since the bits such a generator outputs are feeded back again into the F function of the next iteration. So in case we want to use this approach in an CSPRNG we are baisically giving an attacker a pretty large portion of the state of the generator for free. This looks pretty dangerous. Is this secure because the part of the generator state is not revealed? Even if so I still think I would rather run a Hash DRBG as proposed by NIST based on SHA3 rather than this....... What do you think?
Good consideration but the SHA-3 sponge construction is exactly designed so that you *can* squeeze out r bits securely in every iteration if you run it as PRNG. Even though the attackers has the r state bits, there are c capacity bits that are not revealed to him/her. The smallest standardized number for c is c=512 (where r=1088). Note that the f function in SHA-3 performs 24 iterations which is sufficient to prevent attacks. --- I am not a symmetric cryptographer myself. If you want to get deeper into the security consideration of sponge constructions, I would suggest that you start with the excellent page that the Keccek team maintains: keccak.team/sponge_duplex.html
cheers, christof
Hi,
For Rho and Pie step - Does this rotation in Rho step takes places 25 times and then move forward to pie step? or is it r[0,0] -> pie step and again r[0,1] pie step.
Thank you.
SHA3 clearly explained.
Are there going to be more videos? Has some other course started?
I miss these live lectures :( All online now
hi, did anyone know how gf multiplication operation done ?
Hello Professor,
In SHA-3, when considering X0, what is the other input for XOR ? As per block diagram, its coming from r. Assuming r is a register, what contents should we be assuming?
Thanks and Regards,
Srinivas
At 40:00 it's not clear what the initial value of the b=r,c register is.
There is one mistake on 1:37:20 you should not add the constant but xor it with the [0, 0] element
Good evening Pro. christof
I have a question What is a problem with using serial number as a password? from security aspects
Is there is a problem?
Any programming explanation of these lessons. Or any resources to learn programming for these lecture. Any helps
Bravou🔔🥀👍🙏💟
Should I watch the "Lecture 21" video before this "Lecture 21 (update)" or is this a replacement?
There are actually independet of each other and it does not matter too much which one you watch first. It is a bit more natural to watch them in the order 21, and then 21 (update). regards, christof
Seriously excellent video. My only complaint is that the audio is a little too quiet.
I am looking forward to starting my masters studies at RUB, but I was wondering if it is common practice for Profs at RUB to write everything on the blackboard? The Profs at my current Uni just project their slides and also upload them for the students which makes preparing for the lecture and studying for exams very pleasant.
Most courses are NOT taught with blackboard (and many of my professor colleagues make fun of me :)
@@introductiontocryptography4223 I, for one, really love that you do this on a blackboard. Watching you build up and draw each part step by step is so much better than looking at a fixed slideshow.
sir when will you upload next lecture
Sponge construction starts at @20:44
@30:49, shouldn't the third row be 767 instead of 768?
Oh, never mind, it was corrected.
that -> sät ... usw. Ist es denn zuviel verlangt, wenn man im 21. Jahrhundert eine halbwegs korrekte Aussprache erwartet? So was kann man üben.
Oscar was here.
Why? The video repeats?
24:26
How can I get extension chapter pdf?
The SHA-3 extension chapter is on the companion site of our textbook: Go to www.crypto-textbook.com -> Sample Chapter and scroll down to "Extension Chapter", after Chapter 11. Good luck with learning crypto, christof
@@introductiontocryptography4223 thankyou professor 🙂
31:23 Keccak
Thank you very much for this! Helped me a lot in my studies... However, I believe the reason for your "mistake" in the Iota-subfunction, is because it is split into 2 algorithms, where the last of these is responsible for the round-constant and not the Iota algorithm in general, which is why you had noted table 1.4 and not 1.5. So a piece of the puzzle seems to be missing from this lecture... But a great lecture nontheless!
Before proof after proof sha dis algorithms.
Professor Christof you look more grey then your last video ..... and is that a vold spot I see !
P-SHA-333=π
I guess coming prepared would be better.. You can explain this in 15minutes.
We do go get your video on the subject?
Why waste time in writing on the board. Why can’t he use ppt and use board only henequen required. Such a waste of time.
No it's not!