Dr Nicolas T. Courtois
Computer Science Room 7.06a.
Malet Place Engineering Building
University College London
London WC1E 6BT
Tel: +44 20 7679 3713
20 7387 1397
Mobile/text: +44 789 4334 773
Email: Initial.FamilyName (ATsign)
I have been lecturing at University College London
since 2006. At UCL we have
a specialist M.Sc. programme in Information Security.
Currently I am teaching
Computer Security 1 and
Applied Cryptography. I also run
a student Smart Cards Lab.
[In UCL Database]
[ @Personal Page]
crack an Oyster Card or/and clone a contactless building card;
if one is only allowed to communicate with the card of the victim for a short
time, for example sitting next to the victim on the train?
The "Courtois Dark Side" attack on MiFare Classic,
see slides and
more than 10 times faster than the best attack in this category
by Dutch university of Nijmegen,
and does not require a costly
In practice the best known attack on MiFrace classic is obtained
by combining this "Courtois' Dark Side attack" to recover one key
with the "Nijmegen Nested Authentication Attack" to efficiently recover more keys.
Here is a DETAILED explanation about how to recover cryptographic keys
of all MiFare Classic cards at home with the ACR122 reader:
do it yourself: hacking MiFare Classic cards.
It works for example for all London Oyster cards emitted before December 2009
and about 70 % of access cards used in buildings around the world.
Many companies actually use the same cryptographic keys in every card,
so that once keys for one card are recovered, all the other cards can be read and written.
Attacks on KeeLoq and car locks]
algebraic attacks on ciphers]
[Tools for algebraic cryptanalysis]
Research Interests - Cryptology:
Research Interests - Information Security:
Computational cryptanalysis of symmetric and asymmetric ciphers.
Algebraic Attacks: recover the secret key of a cipher by solving a very large
system of multivariate equations over small finite fields.
Special properties that make systems efficiently solvable (e.g. sparsity).
Conversion and solving algebraic equations with SAT solvers.
Computing Gröbner bases and designing simpler and frequently much
better/faster algorithms: Gröbner basis require a fixed polynomial ordering. In
many real-life cryptanalysis problems this is a very bad idea
and much better results are obtained with ad-hoc elimination
algorithms whcioh optimize sparsity.
Design and feasability of algebraic attacks: for example some stream ciphers
will be broken if a certain multivariate polynomial equation exists (sometimes
finding one such equation is sufficient to break the cipher!). Cryptanalysis of
some block ciphers greatly depends on whether they can be written in a certain
Define what kind of equations are useful/interesting. Find out if such
equations exist, prove they exist (or not), compute these equations.
Can AES be broken?
Experimental algebraic cryptanalysis.
Automation of symmetric cryptanalysis. Finding special properties of ciphers.
Implementation of algebraic attacks. Manipulating very large systems of
multivariate equations. Fast linear algebra, in particular when RAM is scarce.
Specialised memory management, parallel computing, use of specialised hardware.
Number theory and lattices.
Side channel attacks on smart cards.
Post-quantum cryptography and very efficient public key schemes for special
Very short digital signatures (that can be transmitted or and verified with
human interaction). Unforgeability and third-party verifiable authenticity of
paper documents (bank notes, cheques, ID cards, electronic airline tickets,
Very fast digital signatures (much faster than RSA) for low-cost devices.
Markets and Information Security:
Security in complex commercial systems. For example electronic bank cards +
terminals + back-end applications + supporting infrastructure + user
adoption + usability + legal and regulatory drivers + economics + fraud + crime
science + moral and ethical considerations. Achieving PCI DSS compliance.
Smart cards and smart card protocols.
Proprietary cryptography as a source of inimitability and the
primary defense against hackers in business ecosystems.
Marketing for security technologies. Adoption barriers for security products
New business models and new ways of doing business.
Economics of security and economics of insecurity, insurance, prices, bets and
derivative markets in information security.
Risk management. Fraud in financial markets and financial institutions.
Data security and compliance in financial institutions.
Last update 23/02/2010