About Some Perspective Training Cryptography Disciplines Alexander A. Varfolomeev Information Security Department Bauman Moscow State Technical University Moscow, Russia a.varfolomeev@mail.ru Abstract— The work contains proposals for new training areas of cryptography (“Public Key Cryptography”, disciplines on cryptography that go beyond the traditional “Symmetric Key Cryptography”). disciplines such as "Cryptographic methods of information protection", specifying and supplementing them. Particular Similarly, in the list of cryptographic disciplines of the attention is paid to the content of disciplines "Financial department there are names that say little about their content. Cryptography", "Post-Quantum Cryptography", etc. These For example, "Introduction to cryptography", "Cryptographic disciplines could be included in the disciplines section of choice methods of information protection". The latter discipline can for training specialists and bachelors. cover all cryptography. Keywords— financial cryptography, post-quantum The author has allocated the following activities for the cryptography, lightweight cryptography, lattice-based cryptography, formation of new disciplines: code-based cryptography, multivariate cryptography; supersingular  Financial Cryptography and Data Security (FC); elliptic curve isogeny cryptography.  Crypto Finance Conference (CFC); I. INTRODUCTION  School on Cryptocurrency and Blockchain The quality of training and the demand for information Technologies; security professionals largely depends on the disciplines studied by them in the university, including those from  International Conference on Post-Quantum cryptographic disciplines. The purpose of the work was to Cryptography (PQCrypto); select relatively new, relevant fields and areas of research in  International Workshop on Lightweight Cryptography cryptography and to determine the possibility on their basis of for Security & Privacy (LightSec); developing new disciplines for training specialists and bachelors [1]. It is important not only to determine the name of  Workshop on Fault Diagnosis and Tolerance in the discipline, but also to its sections. Cryptography (FDTC);  Annual Workshop on the Economics of Information II. METHODOLOGY AND JUSTIFICATION OF THE CHOICE OF Security (WEIS). DISCIPLINES AND THEIR CONTENT The second source of choice of subjects of disciplines - We offer as the first sources for the selection of actual areas Open position - provides a list of areas of cryptography and of cryptography the pages of website of the International information security that are of interest to employers from Association of Cryptographic Research (IACR): Events and various organizations. A number of these areas are classical, Open position. and a number are quite new and promising. Here are some of The Events page contains a list of conferences, seminars them: and schools on cryptography and information security. The - homomorphic and split key encryption, first step will be the consideration of the names of events, which in some cases can help with the choice of the name of - function and format preserving encryption, the discipline. The second step is to review the sections and - lattice and pairing-based functional encryption, works presented at these events. - trusted computing, Activities related to concepts such as "Elliptic Curve cryptography", "Hash functions", can be only sections of - distributed ledger technologies, disciplines, because of their narrow focus and connection with - secure multiparty computation, several areas. For example, without getting acquainted with these concepts it is impossible to set standards for digital - financial cryptography, signature, etc. On the contrary, many activities cover too large 135 - blockchain security, In work [4] it was noted that the scope of "financial cryptography" has changed significantly since the inception of - payments (micropayments), this concept. If earlier cryptography ensured the security of - cryptocurrencies, operations with financial means presented in electronic form, now, in addition, cryptography itself provides financial - smart contracts, resources in the form of crypto-currencies that do not have a - secure cloud computing, physical basis in the real world. - IoT security protocols, As can be seen from the listed sections, it is difficult to determine the necessary time for the presentation of this - bio-computation, material. In the case of a time limit of one semester, a complex - quantum cryptography, selection of material for each section is required. - quantum computation, A feature of this area is its government regulation, imposing its limitations on the application of security - post-quantum cryptography, measures. Apparently, for this it is necessary to select the - elliptic curve cryptography, separate training module. In support of this, it is sufficient to mention as examples Federal Law No. 161-FZ "On the - lattice-based cryptography, National Payment System" dated June 27, 2011, Regulation No. 382-P of the Bank of Russia of June 9, 2012, RF - code-based cryptography, Government Decree of April 16, 2012. No. 313. - lightweight cryptography. In addition, in Russia and abroad systems of standards and The third source for substantiating the choice and formation best practices are developing. In view of their specifics, it is of disciplines are publications of domestic and foreign difficult to justify their inclusion in other cryptographic periodicals on cryptography. (For example, [2-12]). On the disciplines. The Bank of Russia created a number of industry basis of the proposed approach, it is expedient to allocate the standards (SRT BR IBBS -1.0., Etc.). The obligatory standard following cryptographic disciplines for study: on plastic cards Payment Card Industry Data Security Standard (PCI DSS 3.2) still applies. We can say that financial  "Financial cryptography"; cryptography in our country is represented mainly by the  "Post-quantum cryptography"; banking sphere of activity. Recently, the standard GOST R 57580.1-2017 "Safety of financial (banking) operations. Basic  "Lightweight (low-resource, balanced) cryptography"; composition of organizational and technical measures".  "Quantum cryptography". “Post-quantum cryptography”. It is more difficult to justify the choice of sections and Of course, it should be recalled that post-quantum training modules for each of the disciplines. cryptography deals with the development and analysis of cryptographic primitives that are resistant to methods of “Financial cryptography”. analysis using a quantum computer. Thanks to the timely raised The notion of "financial cryptography" can be defined as security issue, the existing and widely used primitives from the ensuring the information security of financial transactions in advent of quantum computers have done a lot. A number of electronic (digital) form by cryptographic methods. stable schemes based on various principles are proposed. Work continues to increase the effectiveness of their implementation, In connection with this definition, in the discipline which is still inferior to those used in security systems. "Financial Cryptography", in the author's opinion, the following sections should be included: Since 2006, the conference "PQCrypto" (in 2017 - the eighth). In fact, the names of its sections determine the - cryptographic schemes and protocols of electronic different directions and principles of building persistent payments (including in remote banking systems (RBS); primitives. They can form training modules: - micropayments;  Cryptosystems based on hash functions; - electronic money;  Cryptosystems based on algebraic codes; - crypto-currencies;  Cryptosystems based on algebraic lattices; - the use of smart cards;  Cryptosystems based on multivariate systems; - technology of digital watermarks;  Cryptosystems based on isogenies of supersingular - protocols of electronic auctions; elliptic curves. - special schemes for digital (electronic) signature, taking As can be seen from the names of these modules, the into account domestic and international standards and exposition of all of them requires a serious study of various recommendations. complex mathematical constructions. Therefore, it is difficult to present these modules within one semester. Apparently, it is 136 necessary to prepare separate curricula of disciplines for each as "The Mathematical Theory of Coding". But, even in this of the listed directions. case, it is not possible to expound this discipline in one semester. Currently, the National Institute of Standards and Technology (NIST) has initiated a process to solicit, evaluate, “Lightweight (balanced, low-resource) cryptography” and standardize one or more quantum-resistant public-key cryptographic algorithms. The deadline for submission of This area of cryptography has reached a sufficient level of applications (November 30, 2017) has already passed. Sixty- development and has great practical application [2, 3]. nine applications were submitted, three of which were rejected. Evidence of this can serve as the developed international All applications are publicly available and can be downloaded cryptographic standards: from the NIST website. On the site you can find comments on  ISO / IEC 29192-1: 2012 Information technology - the applications, you can participate in the discussion yourself. Security techniques - Lightweight cryptography - Part 1: Materials of the process can be used in the study of General. discipline in various ways. The lecture material should include  ISO / IEC 29192-2: 2012 - Lightweight cryptography - the study of cryptosystems that have existed for quite a long Part 2: Block ciphers. time and have been subjected to a long analysis by many researchers. New cryptosystems can be used to select themes  ISO / IEC 29192-3: 2012 - Lightweight cryptography - for course and diploma papers, topics for lectures in seminars. Part 3: Stream ciphers. Below we give a list of the algorithms announced for the  ISO / IEC 29192-4: 2013 - Lightweight cryptography - NIST competition, selected according to the directions and Part 4: Mechanisms using asymmetric techniques. principles of construction, mentioned above.  ISO / IEC 29192-5: 2016 - Lightweight cryptography - Part 5: Hash-functions. TABLE I. TABLE OF SOME QUANTUM-RESISTANT PUBLIC-KEY CRYPTOGRAPHIC ALGORITHMS FOR NIST STANDARTIZATION PROCES The preparation of these standards in recent years was preceded by an active study of this field, the results of which were included in several useful surveys [6-8]. Type Algorithms The presentation of them within the framework of this discipline will relieve the discipline "Cryptographic standards". Cryptosystems based on It should also be noted that this discipline should be included in Gravity-SPHINCS; SPHINCS+; hash functions a block of disciplines for choice for the preparation of BIG QUAKE; BIKE; Classic McEliece; bachelors and specialists. Her teaching should naturally follow DAGS; HQC; LAKE; LEDAkem; Cryptosystems based on LEDApkc; Lepton; LOCKER; McNie; after studying the basic concepts of cryptography such as block algebraic codes NTS-KEM; Ouroboros-R; pqsigRM; QC- and stream ciphers, hash functions and asymmetric MDPC KEM; RaCoSS; RankSign; RLCE- cryptosystems, which are mentioned in the name of the above KEM; RQC; standards [13-21]. CRYSTALS-DILITHIUM; DRS; FALCON; LAC; LIMA; NTRUEncrypt; III. HARMONIZATION OF EDUCATIONAL MATERIAL OF pqNTRUSign; NTRU-HRSS-KEM; NTRU Prime; Odd Manhattan; qTESLA; VARIOUS DISCIPLINES IN CONDITIONS OF TIME LIMITATIONS OF Cryptosystems based on Titanium; THE EDUCATIONAL PROCESS.. algebraic lattices; CRYSTALS-KYBER; Ding Key LWE and its variants Exchange; EMBLEM and R.EMBLEM; In some universities, there was a separation of FrodoKEM; HILA5; KCL (pka cryptographic disciplines depending on the mathematical OKCN/AKCN/CNKE); KINDI; Lizard; apparatus used in the presentation and study. For example, LOTUS; NewHope; Round2; SABER; cryptographic disciplines related to asymmetric cryptography Three Bears require students to learn a lot from the theory of numbers that Cryptosystems based on DME; DualModeMS; GeMSS; HiMQ-3; are set out in early student training courses. multivariate systems LUOV; MQDSS; Rainbow; Cryptosystems based on At one time, the development and adoption of digital isogenies of supersingular SIKE (SIDH) signature standards on the basis of a group of elliptic curve elliptic curves points led to a change and increase in the studied material in Edon-K; Giophantus; Mersenne-756839; New & others Ramstake; basic mathematical disciplines, which eliminated the need to present these issues in cryptographic disciplines. Similarly, these disciplines should be influenced by new proposed All algorithms and systems participating in the NIST cryptographic disciplines. For example, one of the modules of competition are related to asymmetric cryptography (for Post-Quantum Cryptography requires a greater study of symmetric cryptography, the threat of the appearance of a algebraic lattices. In addition, the discipline "Financial quantum computer is not so terrible). Therefore, it is natural to Cryptography" obviously affects the basic cryptographic study this discipline after studying the issues of classical disciplines themselves. Therefore, there is a lot of work to asymmetric cryptography. It is possible to assign the module select the material and its methodological coordination among "Cryptosystems based on algebraic codes" to a discipline such the mathematical and cryptographic disciplines, to ensure the 137 possibility of presenting all the necessary material in a Cryptology ePrint Archive, 2016. URL: sufficiently tight framework of the educational process (e.g. https://eprint.iacr.org/2016/712.pdf [22, 23]). [11] Tschorsch F., Scheuermann B., Bitcoin and Beyond: A Technical Survey on Decentralized Digital Currencies, IACR Cryptology ePrint Archive, 2015. URL: https://eprint.iacr.org/2015/464.pdf IV. CONCLUSIONS [12] Bernstein D.; Hopwood D., Hülsing A., Lange T., eds. "SPHINCS: practical stateless hash-based signatures". Lecture Notes in In this paper, a method for determining promising Computer Science. 9056 (Advances in Cryptology -- EUROCRYPT educational cryptographic disciplines is proposed, with the use 2015): 368–397. DOI: 10.1007/978-3-662-46800-5_15. of which a short list is compiled. The training modules that ISBN 9783662467992. compose them and their sections are presented. The [13] Augot D., Batina L., Bernstein D.J., Bos J., Buchmann J., and etc. development and introduction of these cryptographic Initial recommendations of long-term secure post-quantum systems, disciplines in the educational process requires a lot of Technical report 2015. URL: http://pqcrypto.eu.org/docs/initial- recommendations.pdf. methodological work to harmonize the material presented in [14] Overbeck R., Bernstein D., ed. Code-based cryptography. Post- both cryptographic and mathematical disciplines. Quantum Cryptography. Springer Berlin Heidelberg, 2014. 95–145. DOI: 10.1007/978-3-540-88702-7_4. [15] Misoczki R.., Tillich J., Sendrier N., Barreto, P. S. L. M. MDPC- REFERENCES McEliece: New McEliece variants from Moderate Density Parity- Check codes. 2013 IEEE International Symposium on Information [1] Sheremet I.A. Directions of a New Level Education to Counter Theory: 2069–2073. DOI: 10.1109/ISIT.2013.6620590. Cyberthreats in Financial Sphere. Voprosy kiberbezopasnosti [16] Hirschhorn P.S., Hoffstein J., Howgrave-Graham N., Whyte W. [Cybersecurity issues]. 2016. No 5(18), pp. 3-7. DOI: (2009) Choosing NTRUEncrypt Parameters in Light of Combined 10.21681/2311-3456-2016-5-3-7. Lattice Reduction and MITM Approaches. In: Abdalla M., [2] Zhukov A. Lightweight Cryptography: Modern Development Pointcheval D., Fouque PA., Vergnaud D. (eds) Applied Paradigms. In Proceedings of the 8th International Conference on Cryptography and Network Security. ACNS 2009. Lecture Notes in Security of Information and Networks (Sochi, Russian Federation, Computer Science, vol 5536. Springer, Berlin, Heidelberg. DOI: September 08-10, 2015). SIN '15. ACM New York, NY, USA, 10.1007/978-3-642-01957-9_27. 2015, pp. 7-7. DOI: 10.1145/2799979.2799981. [17] Peikert Chris. Lattice Cryptography for the Internet. IACR. [3] Zhukov A.E. Lightweight cryptography. Part 1. Voprosy Archived from the original, 2014. URl: kiberbezopasnosti [Cybersecurity issues]. 2015. № 1 (9), pp. 26-43. https://eprint.iacr.org/2014/070.pdf , 2014. DOI: 10.21681/2311-3456-2015-1-26-43. [18] Lin J., Ding X., Xiaodong A Simple Provably Secure Key [4] Varfolomeev А.А. Analysis of the change of the concept «Financial Exchange Scheme Based on the Learning with Errors Problem. cryptography» on the basis of 20 years subjects of the international IACR Cryptology ePrint Archive, 2012. URL: conference «Financial cryptography and data security». Statistics https://eprint.iacr.org/2012/688.pdf and Economics. 2016; (4):12-15. (In Russ.) DOI:10.21686/2500- [19] Güneysu, Tim; Lyubashevsky, Vadim; Pöppelmann, Thomas 3925-2016-4-12-15. (In Russ) (2012). Practical Lattice-Based Cryptography: A Signature Scheme [5] J. Yu and M. Ryan, “Evaluating web PKIs,” in Software for Embedded Systems. In Proceeding CHES'12 Proceedings of the Architecture for Big Data and the Cloud, 1st ed., I. Mistrik, R. 14th international conference on Cryptographic Hardware and Bahsoon, N. Ali, M. Heisel, and B. Maxim, Eds. Elsevier, 2017, ch. Embedded Systems, pp. 530-547. DOI:10.1007/978-3-642-33027- 7, pp. 1-13. URL: https://eprint.iacr.org/2017/526.pdf. 8_31. [6] Biryukov A., Perrin L., State of the Art in Lightweight Symmetric [20] Alkim E., Ducas ., Pöppelmann T., Schwabe P. "Post-quantum key Cryptography, IACR Cryptology ePrint Archive, 2017, pp. 1-40. exchange - a new hope" . In 25th Security Symposium. 2016. URL: URL: https://eprint.iacr.org/2017/511.pdf. https://www.usenix.org/conference/usenixsecurity16/technical- [7] Cazorla M., Marquet K., Minier M., Survey and Benchmark of sessions/presentation/alkim. Lightweight Block Ciphers for Wireless Sensor Networks. IACR [21] Sun X., Tian W., Wang Y. Toward Quantum-Resistant Strong Cryptology ePrint Archive, 2013, pp. 1-13. URL: Designated Verifier Signature from Isogenies. In: Intelligent https://eprint.iacr.org/2013/295.pdf. Networking and Collaborative Systems (INCoS), 2012 4th [8] Delvaux J., Peeters R., Gu D., Verbauwhede I., A Survey on International Conference on. IEEE: 292–296. Lightweight Entity Authentication with Strong PUFs, IACR DOI:10.1109/iNCoS.2012.70. Cryptology ePrint Archive, 2014. URL: [22] Zhukov A.E. Cellular Automata in Cryptography. Part 1. Voprosy https://eprint.iacr.org/2014/977.pdf. kiberbezopasnosti [Cybersecurity issues], 2017, No 3(21), pp.70-76. [9] Atzei N., Bartoletti M., Cimoli T., A survey of attacks on Ethereum DOI: 10.21681/2311-3456-2017-3-70-76. smart contracts, IACR Cryptology ePrint Archive, 2016. URL: [23] Zhukov A.E. Cellular Automata in Cryptography. Part 2. Voprosy https://eprint.iacr.org/2016/1007.pdf kiberbezopasnosti [Cybersecurity issues], 2017, No 4 (22), pp. 47- [10] Halak B., Waizi S., Islam A., A Survey of Hardware 66. DOI: 10.21681/2311-3456-2017-4-47-66. Implementations of Elliptic Curve Cryptographic Systems, IACR 138