TCSS $487$ Cryptography

Practical project $$ cryptographic library & app $$ part $1$

Version: Mar $25,2024$

Your homework in this course consists of a programming project developed in

two parts. Make sure to turn in the Java source files, and only the source files,

for each part of the project. Note that the second part depends on$,$ extends, and

includes, the first part of the project.

You must include a report describing your solution for each part, including any

user instructions and known bugs. Your report must be typeset in PDF $($scans

of manually written text or other file formats are not acceptable and will

not be graded, and you will be docked $20$ points if a suitable report is

missing for each part of the project$).$ For each part of the project, all source

files and the report must be in a single ZIP file $($executable$/$bytecode files

are not acceptable: you will be docked $5$ points for each such file you

submit with your homework$).$

Each part of the project will be graded out of $40$ points as detailed below, but

there will be a total of $10$ bonus points for each part as well.

You can do your project either individually or in a group of up to $3($but no more$)$

students. Always identify your work in all files you turn in$.$ If you are working in

a group, both group members must upload their own copy of the project material

to Canvas, clearly identified.

Remember to cite all materials you use that is not your own work $($e$.$g$.$

implementations in other programming languages that you inspired your work

on$).$ Failing to do so constitutes plagiarism and will be reported to the Office of

Student Conduct & Academic Integrity.

Objective: implement $($in Java$)$ a library and an app for asymmetric encryption

and digital signatures at the $256-$bit security level $($NB: other programming

languages are not acceptable and will not be graded$).$

Algorithms:

$$ SHA$-3$ derived function KMACXOF$256$;

$$ ECDHIES encryption and Schnorr signatures;

PART $1$: Symmetric cryptography

All required symmetric functionality is based on the SHA$-3($Keccak$)$ machinery,

except for the external source of randomness.

Specifically, this project requires implementing the KMACXOF$256$ primitive $($and

the supporting functions bytepad, encode$\_$string, left$\_$encode, right$\_$encode,

and the Keccak core algorithm itself$)$ as specified in the NIST Special Publication

$800-185.$ Test vectors for all

functions derived from SHA$-3($including$,$ but not limited to$,$ KMACXOF$256)$ can

be found at and

$.$

Additional resource: if you clearly and conspicuously provide explicit attribution

in the source files and documentation of your project $($failing to do so would

constitute plagiarism$),$ you can inspire your Java implementation of SHA$3$ and

the derived function SHAKE$256($both needed to implement cSHAKE$256$ and then

KMACXOF$256)$ on Markku$-$Juhani Saarinen$$s very readable C implementation:

$.$ NB: this is

just a source of inspiration for your work and does not mean everything you

might need is in there!

Services the app must offer for part $1$:

The app does not need to have a GUI $($a command line interface is acceptable$),$

but it must offer the following services in a clear and simple fashion $($each item

below is one of the project parts$).$ See the detailed specification below:

$[10$ points$]$ Compute a plain cryptographic hash of a given file $($this requires

implementing and testing cSHAKE$256$ and KMACXOF$256$ first$).$

BONUS: $[5$ points$]$ Compute a plain cryptographic hash of text input by the user

directly to the app $($instead of having to be read from a file$).$

$[10$ points$]$ Compute an authentication tag $($MAC$)$ of a given file under a given

passphrase.

BONUS: $[5$ points$]$ Compute an authentication tag $($MAC$)$ of text input by the

user directly to the app $($instead of having to be read from a file$)$ under a given

passphrase.

$[10$ points$]$ Encrypt a given data file symmetrically under a given passphrase.

$[10$ points$]$ Decrypt a given symmetric cryptogram under a given passphrase.

The actual instructions to use the app and obtain the above services must be

part of your project report $($in PDF$).$

High$-$level specification of the items above:

Notation: We adopt the notation from NIST SP $800-185$: KMACXOF$256($k$,$ m$,$ L$,$TCSS $487$ Cryptography

Practical project $-$ cryptographic library & app $-$ part $1$

Version: Mar $25,2024$

Your homework in this course consists of a programming project developed in

two parts. Make sure to turn in the Java source files, and only the source files,

for each part of the project. Note that the second part depends on$,$ extends, and

includes, the first part of the project.