All outcomes
Skills

Implement a Cipher From Mathematical Specification and Analyse a Real Vulnerability

8 weeks · 0 milestones

Implement a symmetric cipher (AES, ChaCha20, or equivalent) from its published mathematical specification — no library calls for the core cipher operations, only for testing correctness against known test vectors. Additionally, write an analysis of one published cryptographic vulnerability (a CVE with a known mathematical weakness such as padding oracle, timing side-channel, or nonce reuse) explaining the exact mathematical flaw exploited and how the implementation deviated from the secure specification. Proof: the implementation and vulnerability analysis reviewed by a security practitioner or CS lecturer with cryptography background who presents a different cipher specification you haven't seen and asks you to implement the key schedule or identify the flaw in a published attack — you must engage with the new material in real time, not describe your prepared examples.

Milestone map

Milestone map

3 milestones

Study the mathematical foundations of symmetric encryption (AES, block cipher modes) and public-key cryptography (RSA). Implement AES encryption and decryption without using a cryptographic library for the core algorithm — including the key schedule, SubBytes, ShiftRows, MixColumns, and AddRoundKey steps. Separately, implement RSA from first principles: key generation from two primes, modular exponentiation, encryption, and decryption.

Proof required

Submit: a public GitHub repository containing your AES implementation (with test vectors from NIST FIPS 197) and your RSA implementation (key generation, encrypt, decrypt — with a test demonstrating round-trip correctness); and a written explanation (300 words) of why AES is considered secure and what 'semantic security' means in practical terms. A cryptographer, security researcher, or CS lecturer with cryptography experience must review the implementations and confirm they are correct.

What gets checked

  • AES implementation passes NIST FIPS 197 known-answer test vectors — not just informal round-trip tests
  • RSA implementation includes key generation from actual primes — not hardcoded example keys
  • A cryptographer or security researcher has confirmed both implementations are correct and the security explanation is accurate

We use analytics to improve Powstik. No ads, ever.