Dr Nicolas T. Courtois
Computer Science Room 7.06a.
Malet Place Engineering Building
University College London
London WC1E 6BT
Tel: +44 20 7679 3713
20 7387 1397
Mobile/text: +44 789 4334 773
Email: Initial.FamilyName (ATsign)
I have been lecturing at University College London
since 2006. At UCL we have
a specialist M.Sc. programme in Information Security.
Currently I teach
Applied Cryptography course.
I also run a student Smart Cards Lab.
Previously I taught Computer Security.
[In UCL Database]
[ @Personal Page]
crack an Oyster Card or/and clone a contactless building card;
if one is only allowed to communicate with the card of the victim for a short
time, for example sitting next to the victim on the train?
The "Courtois Dark Side" attack on MiFare Classic,
see slides and
more than 10 times faster than the best attack in this category
by Dutch university of Nijmegen,
and does not require a costly
In practice the best known attack on MiFare classic is obtained
by combining this "Courtois' Dark Side attack" to recover one key
with the "Nijmegen Nested Authentication Attack" to efficiently recover more keys.
Here is a DETAILED explanation about how to recover cryptographic keys
of all MiFare Classic cards at home with the ACR122 reader:
do it yourself: hacking MiFare Classic cards.
It works for example for all London Oyster cards emitted before December 2009
and about 70 % of access cards used in buildings around the world.
To know more about the practical feasibility and impact see also
this paper from 2013
Many companies actually use the same cryptographic keys in every card,
so that once keys for one card are recovered, all the other cards can be read and written.
Attacks on KeeLoq and car locks]
algebraic attacks on ciphers]
[Tools for algebraic cryptanalysis]
Research Interests - Cryptology:
Research Interests - Information Security:
Computational cryptanalysis of symmetric and asymmetric ciphers.
Algebraic Attacks: recover the secret key of a cipher by solving a very large
system of multivariate equations over small finite fields.
Special properties that make systems efficiently solvable (e.g. sparsity).
Conversion and solving algebraic equations with SAT solvers.
Computing Gröbner bases and designing simpler and frequently much
better/faster algorithms: Gröbner basis require a fixed polynomial ordering. In
many real-life cryptanalysis problems this is a VERY bad idea
and better results are obtained with ad-hoc elimination
algorithms which optimize sparsity such as ElimLin
(and its practical implementations which take care of sparsity).
Design and feasability of algebraic attacks: for example some stream ciphers
will be broken if a certain multivariate polynomial equation exists (sometimes
finding one such equation is sufficient to break the cipher!). Cryptanalysis of
some block ciphers greatly depends on whether they can be written in a certain
Define what kind of equations are useful/interesting. Find out if such
equations exist, prove they exist (or not), compute these equations.
Can AES be broken?
Experimental algebraic cryptanalysis.
Automation of symmetric cryptanalysis. Finding special properties of ciphers.
Implementation of algebraic attacks. Manipulating very large systems of
multivariate equations. Fast linear algebra, in particular when RAM is scarce.
Specialised memory management, parallel computing, use of specialised hardware.
Number theory and lattices.
Side channel attacks on smart cards.
Post-quantum cryptography and very efficient public key schemes for special
Very short digital signatures (that can be transmitted or and verified with
human interaction). Unforgeability and third-party verifiable authenticity of
paper documents (bank notes, cheques, ID cards, electronic airline tickets,
Very fast digital signatures (much faster than RSA) for low-cost devices.
Markets and Information Security:
Security in complex commercial systems. For example electronic bank cards +
terminals + back-end applications + supporting infrastructure+ user
adoption + usability + legal and regulatory drivers + economics + fraud + crime
science + moral and ethical considerations. Compliance.
Smart cards and smart card protocols.
Economics of security and economics of insecurity,
insurance, prices, bets and future markets in information security.
Risk management. Fraud in financial markets and financial institutions.
Data security and compliance in financial institutions.
Last update 23/02/2010