*Topics* 1. Stream Ciphers 0:15 2. Random Numbers a) RNG (Random Number Generator) 37:10 b) PRNG (Pseudo Random Number Generator) 44:00 c)CPRNG (Cryptographicly Secure Pseudo Random Number Generator) 51:30 3. One Time Pad 1:00:30 4. LCG (Linear Congruent Generator) PRNG 1:15:15

Thank you so much for sharing this course for free. You are such an amazing professor. Academic needs more talents like you. Thank you sir

I set my alarm for the middle of the night to watch these so I can literally follow his instruction to "go back to sleep"

"The next 120 seconds, are going to be very important in your life!"

I can't believe that there are students who are sleeping / not paying attention in this class. I'm watching the video at midnight and I'm having my eyes wide open marvelling at the simple way in which Prof. Paar explains step-by-step some of the most cryptic (literally) stuff!

Many thanks to Prof. Paar for the most interesting lectures I even learn few German words as a side benifit of the lectures ...

These lectures are so good! They make a perfect pair with the crypto-textbook. The most fascinating course I've had so far in my studies.

First time listening Professor Christoff Paar on Cryptography. Very nice lectures Great pace and way of teaching Stay blessed Professor Dr Zaheer Center for Mathematical Sciences Pakistan Istitute of Engineering and Applied Sciences Islamabad Pakistan

studying Crypto for CCNA Cyber Ops, these lectures are amazing. I'm learning so much, great job Professor

Thanks a lot for these wonderful lectures! I have seen many engineering online lectures, but the way you teach is very educational and exceptional.

I like the way you are teaching. :) I wish I could attend your classes!!!

Stream ciphers 0:01 Random number generators(RNG) 37:20 OTP 1:00:30 LCG 1:15:20

Mr. Paar, where did you learn everything you know? You are a highly intelligent individual, anyone can tell just based off how you teach. I'm only 15 and I'm understanding what you are teaching, you really know what you are talking about and that is shown in the way you break down these ciphers and explain them in detail.

Why take german and cryptography, when you can learn them both at the same time? (lol) Great Lecture by the way.

Thank you. You really make this subject fascinating.

I'm your die hard fan already!! Great Lecture!

Dear Professor Paar, when I was watching your explanation on the OTP, I suddenly wondered if this is how the ancient Chinese encrypted their messages. We Chinese use characters, and the most commonly used ones are of a whopping number between 3000-5000. During war times, for secret message exchange, people write a seemingly normal message, but you need a sort of mechanism to see the original message. It's a message in a message.

Professor Paar, in 55:40 when you say that is computationally infeasible to construct Sn, you mean Si+n right? i.e the next key after Si+n-1

Right when you wrote down the symbol for modulo 2, I knew XOR was going to come up.

Excellent teaching! Professor!!

Regarding OTP... store random mouse moves collected in an array up to the size needed to encrypt the message, each time you need a new random number array, easy. Encrypt the message one to one with the random array and you only need a random array as large as your message, so message x 2 is the final size. Embed the encrypted message in a picture using steganography. First send the key embedded in a picture with an RSA encoded password (known to the recipient). Then send the picture with an embedded encrypted message. Works better if the message is also embedded into text (ie: ipsum lorem) that will fill the whole picture, so that changed bits in the picture don't stand out. Already wrote this program, handling LF's was a problem but sorted now. A 520x520 bit picture will hold about 72k of characters.

53:50 lol, for the viewer thats a conundrum

Sehr gut! Very good lecture of my favorite cryptography topic! Most of the stuff lectured here I already knew, but I learned a few additional things here, such as that XOR is actually Modulo 2 (Mod2). I never realised that. I'm continuously developing my own XOR stream/block ciphers for years now. Strong OTPs can be generated by TRNGs and CSRNGs with high randomness factor on the bits. That's the best way imo. PRNGs are deterministic and crap for encryption purposes indeed, because once an attacker knows the seed he can regenerate the whole sequence of random keybits.

This man is an American hero

Great lectures, Christof!

Great information! Learning this becoming much more fun and meaningful. Thank you!

Thank you so much for this course and also for the books which is an easy to read great information place !

Surely the LCG is even worse for cryptography: we showed that Oscar can break it by knowing (x1,x2,x3). Even if they didn't know those values, there are only 8 possibilities so he can find 8 pairs of (A,B), exactly 1 of which is the solution. Trying them out against the rest of the ciphertext narrows down the possibilities even more. Knowing a linear generator is weak, my first impression would be to go to higher order polynomials (perhaps I'm anticipating future lectures here) -- from trying it out, solving systems of polynomial equations in n unknowns is a hard task.

Firstly, this lecture series is great. Super clear and concise. The slides on the website are also very helpful. Secondly, at 28:00... since we're encoding/decoding 7 (or 8) bits at a time, isn't the stream-cipher just a very small block-cipher? The "block" in this case being a single byte?

Thank you Professor, great lectures

During the Cold War and even now One-Time Pad messages are sent to agents via clandestine shortwave radio stations known as Numbers Stations. These stations would read out the encrypted messages usually as strings of 5 digit numbers and the agent who is meant to receive one copies the numbers down and then decodes them with the OTP given. Most of these Numbers Messages cannot ever be decrypted because most agencies were very careful with not re-using keys. But eventually they ran low on resources and had to recycle whole keys and parts of keys etc. If you ever reuse a key for two different messages, then cracking both of them is child's play. Now if you reuse the same key for the same message sent with that same key then it does not matter because the numbers would be identical and you are nowhere closer to cracking it then you were when you first intercepted it.

thank you sir for all this information your teaching methods are good too

What a nice teacher! Was fuer einen Mensch...

Entanglement offers an interesting way to pass data encryption keys. Assuming entanglement systems are difficult and expensive it may not be practical to transmit data this way but the secure key is a smaller data set.

Great lecture and I envy those students out there for having a lecturer as such. The lecturer we have in our university in Holland is nowhere near this lecturer, sadly of course.

Great Lecture Sir ...Few Doubts as Below :- 1)How Do we Get Seed Value.... 2) How Does a PRNG Developed. 3) How Do We Get The K Value Mentioned in 1.20 ....

I am sorry I was actually doing KZbin while listening to you professor.

Legendary as always...

Great lecture again, would have loved to see some more practical examples of OTP and LCG. And any real life applications of OTP.

Dear professor Paar, thank you for sharing. I would like to know if it is correct to say, at the beginning of the last exercise (1:22:45), that the system (attacked by Oscar) can be solved due to the Rouché-Capelli theorem. Thank you

read this pdf " An Encryption Algorithm Based on ASCII Value of Data".

Enjoying your lectures. I am purchasing your textbook, which other books/textbooks would you recommend over Cyber Security?

What about the number stations that broadcast letters and numbers all around the world in the HF radio spectrum.? Are they using one time pads? It seems like the only thing they could be using.

Excellent lectures.

Thank you so much for this amazing lecture !

amazing lecture. hope i have a lecturer like you in my college...Thanks for uploading videos.

Was there a follow up course. Can that also be shared please. Thankyou so much

1:25:37 why isn't mod(m) an unknown? Thank you very much for this wonderful lecture

Hello Prof Parr Again thank you for the best crypto course on the web. I have a question with relation to this video. The OTP as referred to as a perfect cipher (unbreakable) however that is not my particular understanding. As I understand this and I could be wrong is that the OTP is perfect only in the following sense. For a cipher text only attack the probability of decrypting the message is exactly the same if you have or don't the ciphertext. In other words even if you have infinite computing power having the cipher text doesn't help to decrypt the message since the message space and key space are of equal (at least) or greater size (key space) every possible decryption of the message with every possible key yields a potentially valid decryption and there is no way to differentiate what the original message if is an attacker has the cipher text. It doesn't help. This only holds true for ciphertext only attacks. In other ways the OTP is actually a weak cipher. Any thoughts on this would be greatly appreciated Thank you Steve

Excellent lectures!

I wasn't paying attention but was listening to the lecture, and at 5:58 he stops and says "Hello!", I thought he said that to me lol

Why is binary bitwise XOR preferred over decimal adding? Is it just because it's faster to compute or are there security advantages too?

u r amazing teacher ,, thanks from turkey by palestinen engineer

At Timestamp 1:11:12 you asked us how big the key is in the example for a 400 MB movie. I'm not sure I follow how you arrived at 3.2 GBs for the encrypted file. I do understand that any key in a OTP is going to be as big if not bigger than the original message.

Can you generate a random "Key Stream" then swap the keys by using Diffie-Hellman and do a new key every hour over the cell infrastructure?? Feasible or not?

Thanks Prof... it was Amazing lecture

Dear Professor Paar, one thing is confusing me a lot that is understood than Random numbers generate by the sender applying any of define methods and one of them is CPRNG which is infeasible for anyone to generate same pattern. My question is that how receiver computes the same pattern using CPRNG or any other method for deciphering received message? What I understood is that both sender and receiver share pattern function for CPRNG using any other secure channel.

Wonderful job professor, i think that people like you allow students to progress. Congratulations. Now, i have a short question. In your book that is amazing in otp you put 3 requirements but now in your explanation you omitted the second one which say the key stream is only known to the legitimate communicating parties. I think that i will get erasmus from Valencia (Spain) just for being in your classes ajjjjajaa. THx

We learned that LCGs/PRNGs wouldn't work at the end of lecture for getting the Si, but what would work? A CPRNG?

very practical lectures....thank you

Can we say that LCG uses Affine Cipher after getting seed value from PRNG? It looks like S2 = A. S1 + B where A and B are part of Key.

Awsome lecture...thank you sir...

In 1:24:20 Oscar finds/intercepts x1, x2 and x3. You say: he(Oscar) also computes S1, S2 and S3? How can he compute them without the key? Isn't he intercepting s1, s2, s3 also? Thanks for interesting lectures!

Why should the One Time Pad ( Key stream bits) be used only once for it to be secure?

So Oscar gets some plaintext, xi, from file header info but wouldn't he need the encrypted counterpart, yi, in order to calculate the operator, Si?

What is m in (mod m)? Whatever modulo the situation calls for? i.e. mod2 for binary, mod26 for Shift cipher etc? Or is m specific to this lecture?

Professor Christof Paar, I don't understand why 1 + 1mod2 equals to 0 and not 2? 1mod2 equals to 1 if I'm not mistaken, hence 1 + 1 = 2. What am I missing at 19:39?

and also to add, thanks for uploading these! I'm trying to find how mathematics is used in cryptology.

53:52 Christof Paar: "don't do KZbin at this moment" Me watching this on KZbin: 😦

When Christof teaches that CSPRNG, it is in-feasible to compute Sn+i and not Sn.. right?

thank you for the great video

Hello Prof..Thanks for the amazing lecture series.. I had couple of questions on OTP.. 1. Even though the key size would be "huge" in case of OTP but theoretically with infinite computational resources, it would still be possible to break it [ 2^3.2G computers can do it in 1 step]. 2. Further, if the message size is really small (16 bytes), wouldn't OTP be a weak algo in that case ?

55:40 This should be S_(i+n) rather than S_n, shouldn't it?

GREAT LECTURE SIR THANK YOU

i wonder if the Zodiac Cipher is a kind of One-Time-Pad

Great lecture

1:00:00 Chapter 3 - One Time Pad

Hi Professor, i love security so find your videos a great way to go above curriculum and prepare for a undergrad in computer science. I was thinking isn't it possible to change the key values after each byte is encrypted with a LCG. This way any attacker knowing the first few bits would find it very difficult to get anywhere into the data. My idea is similar to some public key encryption. Using some trap door function to generate a new key (A,B). The idea uses an elliptical curve on both PRNGs that will compute a new key. If point (A,B) is x, it will compute x^m (mod m). This new point will be the corresponding A and B values for the next 8 bit Si values. For the next 8 bits, it would compute x^m+1 (mod m) and so on. This way knowing A and B from the first byte will not allow you to obtain the next A,B key without knowing the equation or having some prior idea of what the message is. The simultaneous attack breaks down if you get s8 and s9 as the A B values will be different. Is this a practical solution?

Great lecture, you lost me at the end, :-) Many thanks

40:49 did he mean to say chaotic natural processes (I think there are random natural processes on the quantum scale but I'm not sure. I know more classical)

Professor Christof Paar, at 50:18, how did you get the value of Si + 1? is it just a random value or is it a constant or a derivated value

Nice lecture...as always. One question, though. If S, A and B are strings of bits then why is this still called a 'stream' cipher? Why not a simple block cipher? Thank you.

would oscar know the modulas in the linear congruence RNG?

Rosenberg, not Rosental! A married couple who was spying for the Soviets. In the east block countries it was of course denied. in Budapest there was (is) a street, named atfer them: Rosenberg hàzaspàr utca. In German: Rosenberg ehepaar strasse In English: Rosenberg couple street.

professor I have one question about LCG we can compute A and B values by A = (s2-s3)(s1-s2)^-1 mod m B = s2 - s1(s2-s3)(s1-s2)^-1 mod m but what if the case where there does not exist a (s1-s2)^-1 in modulo m?

Hi Professor I'd like to know that if we can get authentication through only nonce in a protocol? for example A------->B: N(a) B-------->A: {N(a),N(b)} K(ab) Do we have mutual authentication ? Thanks

beautifully explained..! thank you sir :)

where do i get homeworks ?(in general is it posible to get them here?

where can i get the homeworks? great lecture by the way

Dear Prof, Please which university are you lecturing at Germany university, Please i want contact you directly on Information Security(Data & Cryptography)

in the very end .... isn't "m" in mod-m unknown as well? so there are 3 variables A, B and m

Hello,sorry but a stupid question but why 8*400??not 400 isnt one key stream bit required for encrypting one bit of the message?? 1:11:37

Great lecture! :)

He's soooo good!

Sir,I m self learning with the help of your videos,can u share the weekly assignment!! Question or anything!!?

30:18 I love how he corrects his grammar mistake by himself lol. I just adore him.

sorry small question how did you get the 8 when you multiply by 400 megabites?

Preciate it brother

What are other examples that cellphone as stream ciphers? If anyone of you know, let me know thanks!

are lecture notes available online?