Dr Nicolas T. Courtois
Contact Details:
Computer Science Room 7.06a.
Malet Place Engineering Building
University College London
Gower Street
London WC1E 6BT
Tel:    +44 20 7679 3713
Fax:   +44 20 7387 1397
Mobile/text: +44 789 4334 773     
Email: Initial.FamilyName (ATsign) ucl.ac.countrycode      [My PGP key]


I have been lecturing at University College London since 2006. At UCL we have a specialist M.Sc. programme in Information Security.
Currently I teach the Applied Cryptography course. I also run a student Smart Cards Lab. Previously I taught Computer Security.

[Publications @DBLP] [In UCL Database] [ @Personal Page]

    [Can one crack an Oyster Card or/and clone a contactless building card; if one is only allowed to communicate with the card of the victim for a short time, for example sitting next to the victim on the train? The "Courtois Dark Side" attack on MiFare Classic, see slides and paper is more than 10 times faster than the best attack in this category by Dutch university of Nijmegen, and does not require a costly pre-computation.]. In practice the best known attack on MiFare classic is obtained by combining this "Courtois' Dark Side attack" to recover one key with the "Nijmegen Nested Authentication Attack" to efficiently recover more keys. Here is a DETAILED explanation about how to recover cryptographic keys of all MiFare Classic cards at home with the ACR122 reader: do it yourself: hacking MiFare Classic cards. It works for example for all London Oyster cards emitted before December 2009 and about 70 % of access cards used in buildings around the world. To know more about the practical feasibility and impact see also this paper from 2013 and these slides). Many companies actually use the same cryptographic keys in every card, so that once keys for one card are recovered, all the other cards can be read and written.

[ Attacks on KeeLoq and car locks]

[Experimental algebraic attacks on ciphers] [Tools for algebraic cryptanalysis] [Hard probems]

Research Interests - Cryptology:

Research Interests - Information Security: