Ideas for cryptography project

[fewkesy]

I'm just starting my final year at uni so I have to do a project/dissertation. Broadly speaking, I'm going to base it on cryptography, but I don't really know where to specify. So I'm branching out to you guys for a few ideas.

 

I'm thinking about looking at RSA weaknesses (256/512, no higher) but nothing really concrete.

 

If possible I also want to maybe linking it in with android in some way and maybe integrating cydia substrate as well. My logic here is the fact that I'm more profficient in Java than Obj-C at this stage so I'd rather stick with Android rather than iOS for now.

 

Any suggestions/ideas would be much appreciated. I'm fairly open to suggestions but obviously I'll tailor it to my own skills.

[random314]

I'm not really sure how far you're going to get looking for weaknesses in RSA. Bearing in mind that I don't know how much cryptography stuff you've done and I'm not really sure if you had in mind any particular weakness you wanted to go after. I think probably the best you can do for a university project would be to make your own plain RSA implementation and demonstrate some of the weaknesses that have already been shown (something like Coppersmith's attack). You could also go after weaknesses in the various padding schemes used for RSA.

 

As for Android, there is already support for all the major encryption standards through the javax.cryto and BouncyCastle libraries. You could build something like a secure messaging app or possibly a cydia substrate extension that allows transparent encryption of files (I'm sure these already exist)

[fewkesy]

In regards to the RSA weaknesses, I'd probably look into all of them, then choose the best/most promising one to do in the time frame I have. I'll look into those suggestions and see. They sound pretty good. 

 

For the android stuff, I don't think I'd be able to incorporate it enough to be part of the same project, which is a shame. Currently the only thing I could think to do is using android to benchmark the time taken for factorisation to give an idea of how plausible it is for lower levels of rsa to be broken. In all honesty, I think this is a bit far fetched and would have to be a very low level rsa in order for it to work.

[Darkfeign]

In regards to the RSA weaknesses, I'd probably look into all of them, then choose the best/most promising one to do in the time frame I have. I'll look into those suggestions and see. They sound pretty good. 

 

For the android stuff, I don't think I'd be able to incorporate it enough to be part of the same project, which is a shame. Currently the only thing I could think to do is using android to benchmark the time taken for factorisation to give an idea of how plausible it is for lower levels of rsa to be broken. In all honesty, I think this is a bit far fetched and would have to be a very low level rsa in order for it to work.

RSA is a pretty rugged algorithm so it really doesn't have a large range of weaknesses. Its very structure relies on such large prime numbers that it took both the NSA and GCHQ a lot of time to identify vulnerabilities in its algorithm, and I believe that even those vulnerabilities were community-based implementations. However, developing an Android app to attempt to decipher messages encrypted with the algorithm (if that's where you're going with this) is a good idea, but I would be concerned with the amount of processing power the phone would supply.