I set my alarm for the middle of the night to watch these so I can literally follow his instruction to "go back to sleep"

"The next 120 seconds, are going to be very important in your life!"

I can't believe that there are students who are sleeping / not paying attention in this class. I'm watching the video at midnight and I'm having my eyes wide open marvelling at the simple way in which Prof. Paar explains step-by-step some of the most cryptic (literally) stuff!

Thank you so much for sharing this course for free. You are such an amazing professor. Academic needs more talents like you. Thank you sir

*Topics* 1. Stream Ciphers 0:15 2. Random Numbers a) RNG (Random Number Generator) 37:10 b) PRNG (Pseudo Random Number Generator) 44:00 c)CPRNG (Cryptographicly Secure Pseudo Random Number Generator) 51:30 3. One Time Pad 1:00:30 4. LCG (Linear Congruent Generator) PRNG 1:15:15

Many thanks to Prof. Paar for the most interesting lectures I even learn few German words as a side benifit of the lectures ...

These lectures are so good! They make a perfect pair with the crypto-textbook. The most fascinating course I've had so far in my studies.

studying Crypto for CCNA Cyber Ops, these lectures are amazing. I'm learning so much, great job Professor

Thanks a lot for these wonderful lectures! I have seen many engineering online lectures, but the way you teach is very educational and exceptional.

I like the way you are teaching. :) I wish I could attend your classes!!!

First time listening Professor Christoff Paar on Cryptography. Very nice lectures Great pace and way of teaching Stay blessed Professor Dr Zaheer Center for Mathematical Sciences Pakistan Istitute of Engineering and Applied Sciences Islamabad Pakistan

Thank you. You really make this subject fascinating.

Great information! Learning this becoming much more fun and meaningful. Thank you!

Thank you so much for this course and also for the books which is an easy to read great information place !

Why take german and cryptography, when you can learn them both at the same time? (lol) Great Lecture by the way.

I'm your die hard fan already!! Great Lecture!

This man is an American hero

Thank you so much for this amazing lecture !

Stream ciphers 0:01 Random number generators(RNG) 37:20 OTP 1:00:30 LCG 1:15:20

Excellent teaching! Professor!!

Great lectures, Christof!

amazing lecture. hope i have a lecturer like you in my college...Thanks for uploading videos.

Awsome lecture...thank you sir...

I am sorry I was actually doing KZfaq while listening to you professor.

Thanks Prof... it was Amazing lecture

Right when you wrote down the symbol for modulo 2, I knew XOR was going to come up.

thank you sir for all this information your teaching methods are good too

Excellent lectures!

Regarding OTP... store random mouse moves collected in an array up to the size needed to encrypt the message, each time you need a new random number array, easy. Encrypt the message one to one with the random array and you only need a random array as large as your message, so message x 2 is the final size. Embed the encrypted message in a picture using steganography. First send the key embedded in a picture with an RSA encoded password (known to the recipient). Then send the picture with an embedded encrypted message. Works better if the message is also embedded into text (ie: ipsum lorem) that will fill the whole picture, so that changed bits in the picture don't stand out. Already wrote this program, handling LF's was a problem but sorted now. A 520x520 bit picture will hold about 72k of characters.

beautifully explained..! thank you sir :)

Sehr gut! Very good lecture of my favorite cryptography topic! Most of the stuff lectured here I already knew, but I learned a few additional things here, such as that XOR is actually Modulo 2 (Mod2). I never realised that. I'm continuously developing my own XOR stream/block ciphers for years now. Strong OTPs can be generated by TRNGs and CSRNGs with high randomness factor on the bits. That's the best way imo. PRNGs are deterministic and crap for encryption purposes indeed, because once an attacker knows the seed he can regenerate the whole sequence of random keybits.

Excellent lectures.

u r amazing teacher ,, thanks from turkey by palestinen engineer

53:50 lol, for the viewer thats a conundrum

Great lecture and I envy those students out there for having a lecturer as such. The lecturer we have in our university in Holland is nowhere near this lecturer, sadly of course.

What a nice teacher! Was fuer einen Mensch...

wonderful lectures

very practical lectures....thank you

Great lecture again, would have loved to see some more practical examples of OTP and LCG. And any real life applications of OTP.

Legendary as always...

GREAT LECTURE SIR THANK YOU

Great lecture! :)

Great lecture, you lost me at the end, :-) Many thanks

thank you for the great video

Dear Professor Paar, when I was watching your explanation on the OTP, I suddenly wondered if this is how the ancient Chinese encrypted their messages. We Chinese use characters, and the most commonly used ones are of a whopping number between 3000-5000. During war times, for secret message exchange, people write a seemingly normal message, but you need a sort of mechanism to see the original message. It's a message in a message.

Mr. Paar, where did you learn everything you know? You are a highly intelligent individual, anyone can tell just based off how you teach. I'm only 15 and I'm understanding what you are teaching, you really know what you are talking about and that is shown in the way you break down these ciphers and explain them in detail.

Great lecture

Professor Paar, in 55:40 when you say that is computationally infeasible to construct Sn, you mean Si+n right? i.e the next key after Si+n-1

Wonderful job professor, i think that people like you allow students to progress. Congratulations. Now, i have a short question. In your book that is amazing in otp you put 3 requirements but now in your explanation you omitted the second one which say the key stream is only known to the legitimate communicating parties. I think that i will get erasmus from Valencia (Spain) just for being in your classes ajjjjajaa. THx

Surely the LCG is even worse for cryptography: we showed that Oscar can break it by knowing (x1,x2,x3). Even if they didn't know those values, there are only 8 possibilities so he can find 8 pairs of (A,B), exactly 1 of which is the solution. Trying them out against the rest of the ciphertext narrows down the possibilities even more. Knowing a linear generator is weak, my first impression would be to go to higher order polynomials (perhaps I'm anticipating future lectures here) -- from trying it out, solving systems of polynomial equations in n unknowns is a hard task.

Entanglement offers an interesting way to pass data encryption keys. Assuming entanglement systems are difficult and expensive it may not be practical to transmit data this way but the secure key is a smaller data set.

He's soooo good!

I wasn't paying attention but was listening to the lecture, and at 5:58 he stops and says "Hello!", I thought he said that to me lol

During the Cold War and even now One-Time Pad messages are sent to agents via clandestine shortwave radio stations known as Numbers Stations. These stations would read out the encrypted messages usually as strings of 5 digit numbers and the agent who is meant to receive one copies the numbers down and then decodes them with the OTP given. Most of these Numbers Messages cannot ever be decrypted because most agencies were very careful with not re-using keys. But eventually they ran low on resources and had to recycle whole keys and parts of keys etc. If you ever reuse a key for two different messages, then cracking both of them is child's play. Now if you reuse the same key for the same message sent with that same key then it does not matter because the numbers would be identical and you are nowhere closer to cracking it then you were when you first intercepted it.

read this pdf " An Encryption Algorithm Based on ASCII Value of Data".

Firstly, this lecture series is great. Super clear and concise. The slides on the website are also very helpful. Secondly, at 28:00... since we're encoding/decoding 7 (or 8) bits at a time, isn't the stream-cipher just a very small block-cipher? The "block" in this case being a single byte?

thank you man

Preciate it brother

Thank you

Can we say that LCG uses Affine Cipher after getting seed value from PRNG? It looks like S2 = A. S1 + B where A and B are part of Key.

Enjoying your lectures. I am purchasing your textbook, which other books/textbooks would you recommend over Cyber Security?

and also to add, thanks for uploading these! I'm trying to find how mathematics is used in cryptology.

Spre session sir... 15sep'22

Dear professor Paar, thank you for sharing. I would like to know if it is correct to say, at the beginning of the last exercise (1:22:45), that the system (attacked by Oscar) can be solved due to the Rouché-Capelli theorem. Thank you

this is good :)

What is m in (mod m)? Whatever modulo the situation calls for? i.e. mod2 for binary, mod26 for Shift cipher etc? Or is m specific to this lecture?

Hello Prof Parr Again thank you for the best crypto course on the web. I have a question with relation to this video. The OTP as referred to as a perfect cipher (unbreakable) however that is not my particular understanding. As I understand this and I could be wrong is that the OTP is perfect only in the following sense. For a cipher text only attack the probability of decrypting the message is exactly the same if you have or don't the ciphertext. In other words even if you have infinite computing power having the cipher text doesn't help to decrypt the message since the message space and key space are of equal (at least) or greater size (key space) every possible decryption of the message with every possible key yields a potentially valid decryption and there is no way to differentiate what the original message if is an attacker has the cipher text. It doesn't help. This only holds true for ciphertext only attacks. In other ways the OTP is actually a weak cipher. Any thoughts on this would be greatly appreciated Thank you Steve

30:18 I love how he corrects his grammar mistake by himself lol. I just adore him.

Can you generate a random "Key Stream" then swap the keys by using Diffie-Hellman and do a new key every hour over the cell infrastructure?? Feasible or not?

Why should the One Time Pad ( Key stream bits) be used only once for it to be secure?

where do i get homeworks ?(in general is it posible to get them here?

would oscar know the modulas in the linear congruence RNG?

excellent

Hi Professor, i love security so find your videos a great way to go above curriculum and prepare for a undergrad in computer science. I was thinking isn't it possible to change the key values after each byte is encrypted with a LCG. This way any attacker knowing the first few bits would find it very difficult to get anywhere into the data. My idea is similar to some public key encryption. Using some trap door function to generate a new key (A,B). The idea uses an elliptical curve on both PRNGs that will compute a new key. If point (A,B) is x, it will compute x^m (mod m). This new point will be the corresponding A and B values for the next 8 bit Si values. For the next 8 bits, it would compute x^m+1 (mod m) and so on. This way knowing A and B from the first byte will not allow you to obtain the next A,B key without knowing the equation or having some prior idea of what the message is. The simultaneous attack breaks down if you get s8 and s9 as the A B values will be different. Is this a practical solution?

Super Vorlesung

When Christof teaches that CSPRNG, it is in-feasible to compute Sn+i and not Sn.. right?

1:25:37 why isn't mod(m) an unknown? Thank you very much for this wonderful lecture

Why is binary bitwise XOR preferred over decimal adding? Is it just because it's faster to compute or are there security advantages too?

niceee... I wish u explained one time pad better :) I hope I do the rest as well :)

Very nice

1:00:00 Chapter 3 - One Time Pad

thanks

Great Lecture Sir ...Few Doubts as Below :- 1)How Do we Get Seed Value.... 2) How Does a PRNG Developed. 3) How Do We Get The K Value Mentioned in 1.20 ....

Dear Professor Paar, one thing is confusing me a lot that is understood than Random numbers generate by the sender applying any of define methods and one of them is CPRNG which is infeasible for anyone to generate same pattern. My question is that how receiver computes the same pattern using CPRNG or any other method for deciphering received message? What I understood is that both sender and receiver share pattern function for CPRNG using any other secure channel.

professor I have one question about LCG we can compute A and B values by A = (s2-s3)(s1-s2)^-1 mod m B = s2 - s1(s2-s3)(s1-s2)^-1 mod m but what if the case where there does not exist a (s1-s2)^-1 in modulo m?

Nice lecture...as always. One question, though. If S, A and B are strings of bits then why is this still called a 'stream' cipher? Why not a simple block cipher? Thank you.

Professor Christof Paar, I don't understand why 1 + 1mod2 equals to 0 and not 2? 1mod2 equals to 1 if I'm not mistaken, hence 1 + 1 = 2. What am I missing at 19:39?

What are other examples that cellphone as stream ciphers? If anyone of you know, let me know thanks!

We learned that LCGs/PRNGs wouldn't work at the end of lecture for getting the Si, but what would work? A CPRNG?

Professor Christof Paar, at 50:18, how did you get the value of Si + 1? is it just a random value or is it a constant or a derivated value

are lecture notes available online?

Hello,sorry but a stupid question but why 8*400??not 400 isnt one key stream bit required for encrypting one bit of the message?? 1:11:37

So Oscar gets some plaintext, xi, from file header info but wouldn't he need the encrypted counterpart, yi, in order to calculate the operator, Si?

i wonder if the Zodiac Cipher is a kind of One-Time-Pad

sorry small question how did you get the 8 when you multiply by 400 megabites?

How can somebody even dislike this video, logically you understand the stuff or you don't, but dislike !!

where can i get the homeworks? great lecture by the way

Hi Professor I'd like to know that if we can get authentication through only nonce in a protocol? for example A------->B: N(a) B-------->A: {N(a),N(b)} K(ab) Do we have mutual authentication ? Thanks

Hello Prof..Thanks for the amazing lecture series.. I had couple of questions on OTP.. 1. Even though the key size would be "huge" in case of OTP but theoretically with infinite computational resources, it would still be possible to break it [ 2^3.2G computers can do it in 1 step]. 2. Further, if the message size is really small (16 bytes), wouldn't OTP be a weak algo in that case ?

40:49 did he mean to say chaotic natural processes (I think there are random natural processes on the quantum scale but I'm not sure. I know more classical)