Implement a Cipher From Mathematical Specification and Analyse a Real Vulnerability
8 weeks · 0 milestones
Implement a symmetric cipher (AES, ChaCha20, or equivalent) from its published mathematical specification — no library calls for the core cipher operations, only for testing correctness against known test vectors. Additionally, write an analysis of one published cryptographic vulnerability (a CVE with a known mathematical weakness such as padding oracle, timing side-channel, or nonce reuse) explaining the exact mathematical flaw exploited and how the implementation deviated from the secure specification. Proof: the implementation and vulnerability analysis reviewed by a security practitioner or CS lecturer with cryptography background who presents a different cipher specification you haven't seen and asks you to implement the key schedule or identify the flaw in a published attack — you must engage with the new material in real time, not describe your prepared examples.
Milestone map
Milestone map
3 milestones
Study the mathematical foundations of symmetric encryption (AES, block cipher modes) and public-key cryptography (RSA). Implement AES encryption and decryption without using a cryptographic library for the core algorithm — including the key schedule, SubBytes, ShiftRows, MixColumns, and AddRoundKey steps. Separately, implement RSA from first principles: key generation from two primes, modular exponentiation, encryption, and decryption.
Proof required
Submit: a public GitHub repository containing your AES implementation (with test vectors from NIST FIPS 197) and your RSA implementation (key generation, encrypt, decrypt — with a test demonstrating round-trip correctness); and a written explanation (300 words) of why AES is considered secure and what 'semantic security' means in practical terms. A cryptographer, security researcher, or CS lecturer with cryptography experience must review the implementations and confirm they are correct.
What gets checked
- AES implementation passes NIST FIPS 197 known-answer test vectors — not just informal round-trip tests
- RSA implementation includes key generation from actual primes — not hardcoded example keys
- A cryptographer or security researcher has confirmed both implementations are correct and the security explanation is accurate