skip to primary navigationskip to content
Home

Department of Computer Science and Technology

Cryptography and Protocol Engineering

 

Course pages 2024–25

Cryptography and Protocol Engineering

Details of the required work for each assessment are contained in the lecture notes. Please submit your code and lab reports through Moodle.

Assignment 1: Diffie-Hellman, Signatures

Due 17 February 2025, 4pm

Task 1: Implement X25519 from scratch, relying only on bignums for field arithmetic. Do it two ways and check they agree:

  • Using the Montgomery curve group law and a double-and-add algorithm for scalar multiplication, as described in the lecture notes.
  • Using the Montgomery ladder. See Bernstein's paper; RFC 7748 (contains Python code); and Martin's ECC tutorial (contains C code).

Task 2: Implement Ed25519 from scratch, relying only on bignums for field arithmetic. You can find example code and test vectors in RFC 8032.

Assignment 2: Authenticated key exchange

Due 3 March 2025, 4pm

Task 1: Implement the SIGMA protocol using X25519, Ed25519, and HMAC.

  • We suggest you use your own X25519 and Ed25519 implementations from the first assignment, but you can use an off-the-shelf library if you prefer
  • There's no RFC, only a paper, so you need to define the format of the messages yourself (and justify it in your lab report)
  • Use it to build a basic two-party secure messaging protocol (use a library for hashes and symmetric crypto)
  • As PKI, implement a basic CA that issues certificates (signed using Ed25519, but using your own format, not X.509), and include certificate validation in your protocol implementation. Omit the check whether the user controls the phone number/email address/domain name.
  • Identity protection, ratcheting, etc. are not required
  • Simulate the network in a single process

Task 2: Implement the SPAKE2 protocol using Edwards25519.

  • Same curve as for Ed25519 – you can use your implementation from assignment 1 (but don't have to)
  • RFC 9382 contains M and N values you can use (given using compressed point encoding)
  • The RFC contains some ambiguities; you'll need to decide on some details yourself

Assignment 3: Private information retrieval

Due 24 March 2025, 4pm

Implement a PIR scheme using symmetric LWE encryption.

  • Users should be able to query 1-bit fields from a database with more than 1,000 entries
  • Simulate the network in a single process
  • To our knowledge, there are no relevant standards/specifications. You will have to make your own decisions.
  • Recommended reading: Henzinger et al.’s SimplePIR (USENIX Security 2023)

Study at Cambridge

About the University

Research at Cambridge