Proposals for Student Tasks

Table of Contents Tasks Thesis Project Finished tasks (selection)

Tasks

This page lists open tasks which can be performed by students with no previous experience with CrypTool 2 (CT2). The proposed tasks are grouped into the following categories:

• Thesis
  • tasks which may be suitable for a bachelor or master thesis.
• Project
  • tasks which probably require an effort of a couple of weeks, but which do not qualify as a thesis topic. Tasks may be combined to a single project if one task proves to be less comprehensive than expected.

Note: For all tasks the CT2 team has more detailed information if a student or an advisor from another university is interested to take over a task. Writing a thesis includes the online help in CT2 (at minimum English) and templates for CT2.

As introduction to CT2 development, please have a look at our development video series on YouTube: https://www.youtube.com/watch?v=YaSd_4t19nk&list=PLMuvAbyIl0PTTfPE2VhJ9PZ6qlOG0MMaX

We are always happy to get further suggestions (maybe from your own research)

Thesis

1. Implement a Framework for Symmetric Cryptanalysis in CT2: This includes
   • attack key schedule of stream#* and blockciphers
   • slide attacks on blockciphers (at least against all general Feistel type ciphers and Treyfer)
   • How should such a framework be designed to fit into CT2 and to enable other developers to easily add further attack plugins?
2. Cipher Builder
   • create a component which allows to build modern ciphers out of standard components (like S-box, permutation)
   • this could, for instance, visualize Feistel networks
   • a start is to create (simple) SPN ciphers; later, extended to more complex ciphers
3. Modern Cryptanalysis: Visualization of Differential Cryptanalysis (DCA) of SDES and FEAL
   • also possible on fcrypt by Wobst
   • the ciphers are already implemented in CT2
   • build on top of the existing DCA framework (Bender)
4. Modern Cryptanalysis: Visualization of Linear Cryptanalysis of SDES and FEAL
5. Modern Cryptanalysis: Visualization of Slide Attacks of SDES and FEAL
6. Integer Linear Programming (ILinProg)
   • after creating a model for symmetric cryptanalysis and transfering it
7. Implement SAT Cryptanalysis
   • exhaustive pre-work exists (Brandi)
8. LFSR-Analyzer
9. Breaking RSA OAEP with Manger’s attack
   • http://iacr.org/archive/crypto2001/21390229.pdf
   • Falko Strenzke: Manger’s Attack revisited, 2010
   • https://github.com/anderspkd/manger-cca-rsa-oaep-demo
   • https://github.com/kudelskisecurity/go-manger-attack
10. Implement Cryptanalysis of Visual Cryptography
    • involve Nüsken (Schülerkrypto Bonn) for further material on that topic
11. Implement Visual Cryptanalysis: Cipher Dags (Bernstein)
12. Implement Quantum Algorithms from NIST Competition (Valence, Schrottenloher, Brands, ...)
    • https://csrc.nist.gov/projects/post-quantum-cryptography
13. Implement Attack on ElsieFour (start with reduced version)
    • https://eprint.iacr.org/2017/339.pdf
14. Implement Key Recovery Attack for 10-Rounds AES
15. Implement DROWN Attack
    • http://pwnies.com/winners/
16. Visualize the Off-the-Record (OTR) Messenger Protocol
17. Visualize the Crypto Protocol of the Messenger Signal (Axolotl Ratchet)
    • https://en.wikipedia.org/wiki/Signal_Protocol
18. Machine Learning and Cryptology: Implement Analysis of Ciphers with Neural Networks or Artificial Intelligence
    • For the later see here and here
    • here (May 2018).
19. Align Factorization Algorithms/Methods Already Existing in CT2
    • factorizer component (only brute-force, works)
    • quadratic sieve component (GUI made by Rech; uses msieve as library, works well)
    • NFS factorizer component (Inigo started to build it; uses yafu, partially works)
    • General Number Field Sieve component (started by Rech, uses msieve.exe, partially works)
    • --> Goal: ONE component (called Factorizer) that contains all methods (components) mentioned above
20. Distributed Factorization using CrypCloud
21. Cayley-Purser-Algorithmus und its Analysis
    • implement this algorithm which was awhile discussed in 1999 as an RSA alternative
22. Achievement System for CT2
    • based on tasks users have to fulfill
    • achievement points are awarded to them
    • create a global best list
    • example: achievement system in World of Warcraft
23. Implement all Major Algorithms on Permutations
    • see 1 and 2. This discusses the six major types of combinatorial collections with examples and formulas for counting. Expands with a C# generics-based set of classes for enumerating each meta-collection.
24. Any hash function from SHA-3 contest, for the weak ones preferably with an attack sample (overview) -#* e.g. MD6 implementation (Spec)
25. Implement the current status of cryptanalysis against hash algorithms
    • show the effectiveness against weak or weakened (reduced) algorithms (explain collision resistance, 1st and 2nd pre-image)
    • breaking MD4 On-the-fly
    • https://fortenf.org/e/crypto/2017/09/10/md4-collisions.html
    • attacks on MD5 and SHA-0 of Crypto 2004
    • How much faster are you when you find structural weaknesses in hash algorithms than when you do BF?
26. Pre-Image Attacks on Arbitrary Hash Functions
    • brute-force
    • dictionary (rule-based)
    • inspired by "John the Ripper"
27. Visualize Hash Functions (e.g. SHA1) in a Modern Way
    • not only the sensitivity and changes at the resulting hash value, but all changed bits after each step or round
    • visualize Merkle-Damgard construction
    • see here
28. Implement Further Codes and Classical Ciphers, their According Cryptanalysis, and Assess their Strength
    • Straddling Checkerboard
    • Ché Guevara
    • Baconian
    • T9 ("mobile phone code")
    • Josse's Code (Remi Geraud presented this in Uppsala 2018)
    • Chaocipher
    • and more ...
29. A Generic Heuristic Analyzer for Classic Algorithms (like the KeySearcher)
30. Distributed Cryptanalysis of the Enigma Machine using CrypCloud
31. Implement the Full Cryptanalysis Toolbox Used to Crack Simon Singh's Contest
    • only implement what is not already there in CrypTool
    • see How We Cracked the Code Book Ciphers by Fredrik Almgren, Gunnar Andersson, Torbjörn Granlund, Lars Ivansson, Staffan Ulfberg
32. Ciphertext-only Analysis of the Hill Cipher: Limits and Possibilities
33. Visualize Different Steganography Methods
    • steganography
    • (Example)
    • Done: text steganography, image steganography (LSB, BPCS)
    • Open: music steganography, "other" text and image steganography methods
34. Implement Current Real Cryptanalytical Successes like RFID, WLAN, MiFare, Crypto1, A5/1
    • for more details on the cryptoanalytical successes read the proceedings of current conferences, e.g. see here.
35. Cracking the Weak Encryptions in the VIM Editor
    • using them makes vim to warn: "Using a weak encryption method"
    • this happens for the two encryption modes 'zip' and 'blowfish'
36. Identity-Based Encryption (IBE) According to C. Cocks, Based on Quadratic Residues
    • implement and analyze
37. NTRU
    • implement and analyze parallel signatures; already broken
    • http://www.heise.de/newsticker/meldung/Neues-Kryptosystem-soll-digitales-Signieren-beschleunigen-Update-848426.html
38. McEliece
    • implement and analyze
39. Import and Export of Cryptographic Keys in PKCS!#8 and X.509 formats
    • show differences between PGP and S/MIME and conclude how many methods are interoperable
    • a standalone Java program exists which can be build upon
    • http://www.codeproject.com/KB/security/BlockCiphers.aspx
    • http://www.codeproject.com/KB/security/PKCS12.aspx
    • http://www.codeproject.com/KB/cpp/X509Certificate.aspx
    • http://www.codeproject.com/KB/security/csstreamcipher.aspx
    • http://www.codeproject.com/KB/security/RSAEncryption.aspx
    • http://www.codeproject.com/KB/security/Secret_Key_Encrption.aspx
    • This can be build in either CT2 or JCT.
    • Optional: Years ago, it was not possible to create certificate chains using .net methods (we used BouncyCastle for CrypCloud); Check, if now possible
40. GPU Against Classic and Modern Symmetric Cryptographic Methods
    • for this our didactic instruction "Cryptanalysis of classical ciphers using modern GPUs and CUDA" can be used
41. Investigate the robustness of primality tests using
    • Martin R. Albrecht, Jake Massimo, Kenneth G. Paterson, and Juraj Somorovsk: "Prime and Prejudice: Primality Testing Under Adversarial Conditions"
    • https://eprint.iacr.org/2018/749.pdf
42. Fried, Gaudry, Heninger, and Thomé: "A kilobit hidden SNFS discrete logarithm computation"
    • examine this construction and try to find out whether established procedures have been tampered with. Look for approaches to determine / identify them. This has come to be known as the "marked prime numbers" which are used in computing a discrete logarithm.
    • implement a visualization of "Biased Primes"
    • implement procedures (SNFS)
    • For the didactic purposes in CrypTool you can work with a shorter key length than in the specified paper.
    • https://eprint.iacr.org/2016/961
    • https://arxiv.org/abs/1610.02874
    • https://www.heise.de/newsticker/meldung/Gezinkte-Primzahlen-ermoeglichen-Hintertueren-in-Verschluesselung-3347585.html
    • Requirement: discrete math and attention of at least one number theory lectures
43. Steven Galbraith, Jake Massimo, and Kenneth G. Paterson: "Safety in Numbers: On the Need for Robust Diffie-Hellman Parameter Validation"
44. ROCA
    • Svenda et al.: "The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli"
    • https://www.semanticscholar.org/paper/The-Return-of-Coppersmith%27s-Attack%3A-Practical-of-Nemec-S%C3%BDs/0b978f224b8520c8e3d9b2eb55431262fcb16c05
    • https://www.semanticscholar.org/paper/Vulnerability-of-RSA-Algorithm-Markelova/600751e773c3216d73199675b577d823395df10f
    • https://www.semanticscholar.org/paper/Embedding-asymmetric-backdoors-into-the-RSA-key-Markelova/d017dc8cdc1eb572021f41e42bf0a2a58430b273
    • https://crocs.fi.muni.cz/public/papers/rsa_ccs17
    • https://github.com/crocs-muni/roca
45. Daniel Shumow: "Incorrectly Generated RSA Keys: How To Recover Lost Plaintexts"
    • investigate the potential for incorrectly generated RSA keys in the key-generation algorithm
    • https://eprint.iacr.org/2020/1059

Project

1. Morse Code Audio Decoder: in the existing morse code component, create an input for audio data that converts morse sounds back to digital data
2. Multiplex cipher: merge Cylinder Cipher component and M-138 component and create a common Multiplex Cipher component (including M-94, Bazerie, and M-138)
3. HexEditor (#11)
4. TextEditor (add syntax highlighting to TextInput and TextOutput) (AvalonEdit)
5. Enhance the frequency test with a tabular presentation (similar to CT1) and a comparative feature: two text-inputs should be compared, the primary one is displayed as a chart, and the color of each bar is green if it matches the second input and red if not (and the entire color-span inbetween for matching values from good to bad). In case no secondary input is provided, standard english or german should be used for comparision
6. Fuzzy string search (Example, Wikipedia)
7. Enhance existing WordPatterns plugin
   • multiple word search with one TextInput (split words at whitespace)
   • enter max match number
   • enter pattern in number format (like 1-2-2-1)
   • add filter function (see Borland C++ tool)
   • save last input words and propose them to user
   • improve performance
   • support wildcard (*)
8. Statistical tests for randomness (see NIST), maybe a new random number generator (see existing one first), see also 1, 2, 3, 4, 5, 6, 7
   • partially done
9. Man-in-the-Middle-Plugin to modify traversing data
   • visualize Diffie-Hellman protocol with MitM
   • see existing BB84 template with eavesdropper
10. Extend StringOperations component with annagramming function
    • could be used for manual attacking transposition ciphers
    • Input string is annagrammed and all resulting annagrams are outputted as String[]
    • good introduction task for new students/workers on CT2
11. Implement special crypto algorithms/methods/protocols
    • Vanish – adds date of expiry to texts (http://www.tecchannel.de/sicherheit/news/2020629/vanish_texte_mit_ablaufdatum_versehen/, (http://www.pressetext.de/news/090722009/vanish-software-versieht-text-mitablaufdatum/, http://www.tomshardware.de/Vanish-Washington-E-Mail-Posting,news-243177.html)
    • Everything from ECRYPT
    • probabilistic methods, e.g. Blum-Goldwasser (block ciphers incl. integrity checks, overview, partially patented?)
    • Homomorphic methods (HELib IBM)
    • FairplaySPF-Framework (paus.annika on CAST 2009)
    • HaunHash of Massierer: Provably secure crypto hash function
12. Establish ACA compatibility
    • Implement all ciphers defined by the ACA (see https://www.cryptogram.org/resource-area/cipher-types/)
    • Implement all according key generation methods
    • We have implementations for all ciphers in Python (see CANN project)

Finished tasks (selection)

1. ArrayIndexer (retrieve one object via numeric index from an array): Christian Arnold, Uni Due
2. LengthOf (get length of string or array): Christian Arnold, Uni Due
3. Check whether the plugin templates work: Matthäus Wander, Uni Due
4. Create plugin similar to Substring (or enhance Substring) which cuts CryptoolStream and/or byte[] (see CRC32-sample for usage scenario): CT2 Team Transposition, Uni Due
5. Create ButtonTrigger plugin which fires a bool output when user clicks a buttonj: CT2 Team Transposition, Uni Due
6. Create regular expression plugin(s), for example match and replace (see System.Text.RegularExpressions): CT2 Team Transposition, Uni Due
7. Combine Stream/String converters (add byte[] type): CT2 Team Distributed Cryptanalysis, Uni Due
8. Create all cost functions used in enigma as plugins (i.e. entropy, log2-trigrams..): CT2 Teams Distributed Cryptanalysis & Transposition, Uni Due
9. MD5 collider: Holger Pretzsch, Uni Due
10. Nihilist: Fabian Enkler
11. Vigenère-Autokey: Dennis Nolte, Uni Due
12. Concept for (semi-)automatic plugin testing: Matthäus Wander, Uni Due
13. Network sniffer (#32): Matthäus Wander, Uni Due
14. Full Internationalization / Localization (#127): Sven Rech, Armin Krauss
15. Lorenz SZ42 encryption: Implement and analyze. Integrate in CT2 a C# version of the ADA code of the winner from here. Assigned to: Wilmer Daza
16. Visualization and advanced cryptanalysis of Enigma: Julian Weyers
17. Implement a Navajo-Code component: This is basically a substitution component wich substitutes words from English with the corresponding Navajo words. For words which are not in the Navajo-Dictionary use spelling, i.e. substitute each letter with the corresponding Navajo-codeword. Additionally, the component should also try to parse Navajo-code language and translate back to English. See Navajo-Code Talker's dictionary for more details. #* done by A. Wacker, Uni Kassel with the substitution component and a ``navajo codebook
18. Implement a Morse-code component: translate letters forth and back to morse code: Nils Kopal, Uni Kassel
19. SIGABA encryption, visualization and cryptanalysis: Julian Weyers, Uni Due (not in the nightly build since quality assurance has to be done)
20. Diffie-Hellman visualization and analysis components.
21. Create new monoalphabetic analysis ([source:trunk/CrypPlugins/MonoalphabeticAnalysis/] needs to be revised or rewritten from scratch). Should support any alphabet, e.g. [A-Z] or [A-Z0-9]
22. Measure password strength
23. Bar Code and Matrix Codes: implement and visualize them. Also analyze scanned bar codes. (implemented in Visual Encoder/Visual Decoder)
24. Cryptanalysis of the Turning Grille (done in JCT)
25. Describe and characterize the variants of cryptographic signatures and implement/visualize/document some of the them, like blind signatures. An extension could be to implement applications like electronic cash and voting systems to describe and implement them from a cryptanalytic perspective.