SC700: Cryptography – from Fundamentals to Quantum Resilience

Agenda:

• Introduction to cryptography
• Why cryptography?
• Definition and significance of cryptography
• Use cases in daily operations
• History of encryption techniques / Origins of encryption
• Overview of known compromised Encryptions and impact
  
  

• Fundamental concepts of cryptography
• Confidentiality, integrity, authenticity
• Non-repudiation
• Keys
• Key exchange
• Signatures
• One-Way functions
• Random numbers
• Zero-Knowledge
  
  

• Symmetric encryption
• Functionality of symmetric encryption algorithms
• Known algorithms
• DES
• AES
• BlowFish…
• Modes of various methods
• CTR
• CBC
• ...
• Strengths and weaknesses of various algorithms
• Known attacks on symmetric algorithms, deprecated versions
• Use cases and examples
• Key lengths and recommended modes
• Implementation & configuration
• Regulations and compliance
  
  

• Asymmetric encryption
• Functionality of asymmetric algorithms
• Difference to symmetric encryption
• Known algorithms
• RSA
• Diffie-Hellman
• Elliptic curves
• Known attacks on asymmetric algorithms, deprecated versions
• Use cases and examples
• Key lengths, curves etc.
• Implementation & configuration
• Regulations and compliance
  
  

• Key exchange methods
• Functionality
• Example – Key exchange implementation in TLS
• Use cases and examples
• Implementation & configuration
• Regulations and compliance
  
  

• Secure Signatures and Hashes
• Functionality of hash function
• Known hash functions
• MDX family
• SHA family
• Message authentication
• CMAC
• HMAC
• ...
• Functionality of digital signature
  
  

• Random numbers
• Significance of random numbers in general and in cryptography context
• Secure pseudo-random number generation
• Measuring entropy and the consequences
• Implementation and best practices
  
  

• Additional use cases of cryptography
• Certificates, PKI
• TLS and current cipher suites
• Password-based key derivation
• Secret sharing
  
  

• Quantum computing fundamentals
• Introduction to Quantum Bits (Qubits) and Quantum Gates
• Quantum algorithms and their impact on cryptographic methods
• Shor's algorithm
• Current state of Quantum Computing
• Outlook and forecasts
  
  

• Post-Quantum cryptography
• Fundamentals and concepts
• Categories of Post-Quantum secure algorithms
• Lattice-based
• Code-based
• Multivariate polynomials
• Overview of promising Post-Quantum algorithms
• Implementation and configuration
  
  

• Summary, outlook and conclusion

Objectives:

The participants of the course SC700 Cryptography – from Fundamentals to Quantum Resilience

• learn current cryptographic methods and their secure implementation and configuration;
• can assess and evaluate current and potential future threats to existing algorithms;
• receive an overview of quantum-resilient methods;
• are enabled to develop a post-quantum strategy including concrete measures.

Target audience:

The training SC700 Cryptography – from Fundamentals to Quantum Resilience is targeted at:

• Software developers
• Software architects
• Administrators
• Product managers

Prerequisites:

To be able to follow all learning content of the course SC700 Cryptography – from Fundamentals to Quantum Resilience effectively, practical technical basic understanding is a prerequisite.

Description:

Cryptographic methods are an essential prerequisite for secure IT, whether on the internet, in the corporate data center, or privately at home. Ensuring data integrity, authenticity, and confidentiality is hardly possible without the deployment of cryptographic methods.

The workshop SC700 Cryptography – from Fundamentals to Quantum Resilience provides a comprehensive overview of the theoretical foundations, practical use cases, and implementation paths of cryptographic measures and functions.

The course covers current algorithms for symmetric and asymmetric methods, hash and signature methods, as well as protocols built upon them for e.g. key exchange or secure communication.

Besides the algorithms, the topics of software implementation and the deployment of crypto libraries are addressed, as vulnerabilities exist in both of these layers that can make even secure algorithms attackable.

Current algorithms such as RSA (an asymmetric method) are considered potentially insecure due to progress in the quantum computing domain. Therefore, the threats posed by quantum computing are elaborated, the current threat potential is demonstrated, and preparation possibilities (crypto agility) are explored in depth, e.g. through introduction of so-called post-quantum cryptography.