Cryptography and Cryptocurrencies

Sam Bowne



$22 from Amazon

Class Description

Learn cryptography with a series of hands-on projects in a fun, CTF-style environment. Covers the main cryptosystems in use today: AES, RSA, ECC, SHA, Bitcoin, and Ethereum.

The first challenges are easy enough for beginners (Binary, XOR, Cryptokitties), and the later ones get difficult enough to interest intermediate security professionals (Padding Oracle, Smart Contracts). My assistants and I will demonstrate the challenges and help participants get through them as needed.

Technical requirements: some challenges require only a Web browser, but to do them all you will need a computer that can host virtual machines. Some projects require Windows, and some require 64-bit Ubuntu Linux. Thumbdrives with appropriate virtual machines will be available.

All materials and challenges are freely available at, including slide decks, video lectures, and hands-on project instructions. They will remain available after the workshop ends.

Live Streaming

Lectures will be streamed live at

They will also be recorded and published on YouTube for later viewing.


Thu, May 31, 2018 Bitcoin & Blockchains
Encryption Failures in Android Apps
DES, AES, & Encryption Modes
Diffie-Hellman Key Exchange
Fri, June 1, 2018 RSA, ECC, and Elgamal
Hash Functions
Digital Signatures


I. Cryptography

A. Binary Games 40
B. Caesar Cipher with Cryptool 10
C. DES with Cryptool 10
D. AES with Cryptool 15
E. XOR with Python 15

II. Blockchains

A. Coinbase Exchange and Exodus Wallet 10
B. Cryptokitties 10
C. Private Bitcoin Regtest Blockchain 20
D. Joining the Samcoin Blockchain 15

III. Cryptography

A. RSA with Very Small Keys 20
B. Cracking a Short RSA Key 40
C. ECB v. CBC Modes with Python 15
D. RSA Key Formats 30
E. Padding Oracle Attack 20
F. Existential Forgery Attack on RSA Signatures 30
G. Finding Large Primes 20
H. Factoring Large Numbers 20

IV. Blockchains

A. Getting Started with Multichain 25
B. Blockchain Survey with Multichain 15
C. Private Ethereum Blockchain 20
D. Ethereum Smart Contract with Truffle 10


Bitcoin and Blockchains · PDF · Keynote
1. Introduction to Cryptography and Data Security · PDF · Keynote
2. Stream Ciphers · PDF · Keynote
      Modular Arithmetic: Addition and Subtraction · PDF · Keynote
      XOR: Bits and Nybbles · PDF · Keynote
3. The Data Encryption Standard (DES) and Alternatives · PDF · Keynote
4. The Advanced Encryption Standard (AES) · PDF · Keynote
5. More About Block Ciphers · PDF · Keynote
6. Introduction to Public-Key Cryptography · PDF · Keynote
7. The RSA Cryptosystem · PDF · Keynote
8. Public-Key Cryptosystems Based on the Discrete Logarithm Problem · PDF · Keynote
9. Elliptic Curve Cryptosystems · PDF · Keynote
10. Digital Signatures · PDF · Keynote
11. Hash Functions · PDF · Keynote
12. Message Authentication Codes (MACs) · PDF · Keynote
13. Key Establishment · PDF · Keynote


Bitcoin 1: The Crypto-Currency - The New Yorker (2011)
Bitcoin 2: Merkle tree - Wikipedia
Bitcoin 3: Genesis block
Bitcoin 4: Bitcoin Block #0 on -- Click Transaction to see quote
Bitcoin 5: Coinbase, Coinbase Field - Bitcoin Glossary
Bitcoin 6: The Crypto-Currency - The New Yorker (2011)
Bitcoin 7: Cryptocurrency Prices
Bitcoin 8: Understanding Bitcoin Difficulty
Bitcoin 9: Difficulty - Bitcoin Wiki
Bitcoin 10: Mt Gox: The History of a Failed Bitcoin Exchange
Bitcoin 11: The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster
Bitcoin 12: Details of $5 Million Bitstamp Hack Revealed
Bitcoin 13: Bitcoin Exchange Gatecoin Hacked; 250 BTC & 185,000 ETH Lost (5-16-16)
Bitcoin 14: A history of bitcoin hacks
Bitcoin 15: Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt (8-27-12)
Bitcoin 16: Bitcoin exchange BitFloor shuttered after virtual heist (9-4-12)
Bitcoin 17: Cryptsy Hacked: Bitcoin Worth $USD 6 Million Stolen (1-18-16)
Bitcoin 18: Hackers steal $1m from Bitcoin site (11-8-13)
Bitcoin 19: Danish Bitcoin exchange BIPS hacked and 1,295 Bitcoins worth $1 Million Stolen
Bitcoin 20: $4.1 Million missing as Chinese bitcoin trading platform GBL vanishes (11-11-13)
Bitcoin 21: List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (11-16-14)
Bitcoin 22: Poloniex Loses 12.3% of its Bitcoins in Latest Bitcoin Exchange Hack (3-5-14)
Bitcoin 23: Secret Service Agent Gets Six-Year Sentence for Bitcoin Theft (12-17-15)
Bitcoin 24: Block Size Chart for Bitcoin and BitcoinCash
Bitcoin 25: Bitcoin Cash | Home
Bitcoin 26: Segwit2x and the Tale of Three Bitcoins (Aug. 7, 2017)

Blockchain 1: Microsoft launches Project Bletchley blockchain framework (June 17, 2016)
Blockchain 2: Understand the Blockchain in Two Minutes - YouTube
Blockchain 3: Ethereum Blockchain as a Service now on Azure (2015)
Blockchain 4: Sydney Stock Exchange Developing Blockchain Trading System (5-19-16)
Blockchain 5: Inside Linq, Nasdaq's Private Markets Blockchain Project (11-21-15)
Blockchain 6: Santander unveils first UK blockchain for international money transfers (5-26-16)
Blockchain 7: Acronis testing blockchain for backup (5-19-16)
Blockchain 8: Blockchain Experts, a Rare Breed, May Demand Big Bucks - WSJ (5-12-16)
Blockchain 9: A Visual Demo - YouTube
Blockchain 10: Demo - LIVE ONLINE

Introduction to Cryptography Videos by Christof Paar - YouTube
Cryptography Textbook Website
RSA is 100x slower than AES (figures 9-13)
RSA Public Key format - Stack Overflow
Cracking short RSA keys - Stack Overflow
Converting OpenSSH public keys
How can I transform between the two styles of public key format
Padding oracles and the decline of CBC-mode cipher suites
Prime Numbers Generator and Checker
PadBuster: Automated script for performing Padding Oracle attacks
RSA implementation in Python
Practical Padding Oracle Attacks on RSA
Android, JavaScript and Python compatible RSA Encryption
How to Install Python on Windows
MACTripleDES Class -- HMAC from Microsoft
Cryptool 2 Tutorial
Locky Gets Clever! Ransomware uses private-key and public-key encryption
How to Program Block Chain Explorers with Python, Part 1
How to Program Block Chain Explorers with Python, Part 2
Bitcoin mining the hard way: the algorithms, protocols, and bytes
Bitcoins the hard way: Using the raw Bitcoin protocol
Elliptic Curve Cryptography: a gentle introduction
Dogecoin Tutorial
Dogeminer - Dogecoin Mining Simulator
Dogecoin - Wikipedia
DogePay - DogeCoin Price
Ethereum - Wikipedia,
Ethereum Project
Ethereum Homestead 0.1 documentation Mining Pool | Litecoin, Bitcoin, Multipool, Dogecoin, Scrypt, X11, SHA256, X13, X15, NeoScrypt, Scrypt-N
Inside Linq, Nasdaq's Private Markets Blockchain Project
Dangers of using receive API - Unconfirmed inputs used for transaction fees (From 2014)
Receive Payments API -
Bitcoin Transaction from Joe to Alice
Bitcoin Network Still Backlogged With Tens of Thousands of Unconfirmed Transactions, Causing Delays (from 2015)
Bitcoin's Capacity Issues No 'Nightmare', But Higher Fees May Be New Reality (Mar. 2016)
Bitcoin's 'New Normal' Is Slow and Frustrating (Feb., 2016)
Bitcoin block size live
How to completely kill Bitcoin at the 1 MB hard limit (Mar., 2016)
Weaknesses - Bitcoin Wiki
Block size limit controversy - Bitcoin Wiki
Creating your own experimental Bitcoin network
How to Create Your Own Cryptocurrency | CryptoJunction
Genesis block - Bitcoin Wiki
List of address prefixes - Bitcoin Wiki
RSA implementation in Python
Execute Python3 Online
ASN.1 Parser | phpseclib -- Converts RSA Keys to Decimal Form
Mastering Bitcoin: Free Online E-Book
bitcoin/bitcoin.conf at master bitcoin/bitcoin GitHub
Bitcoin Double Spends - Max. is About 4 Per Day
Top 5 Cryptocurrency Scams of 2014
Cryptocurrency Scams Exposed - A Site Listing Scams, Funded by Scamsite Ads
Four genuine blockchain use cases | MultiChain
Difficulty - Bitcoin Wiki
Understanding Bitcoin Difficulty
How to Install Python 2.7.10 on Ubuntu & LinuxMint
Beyond Blockchain: Simple Scalable Cryptocurrencies
DAO Trading Launched on May 28, 2016
Customizing blockchain parameters | MultiChain
Kunstmaan Labs - Hands on with Multichain
Multichain: A Build-Your-Own Blockchain Service for Banks
MultiChain Private Blockchain White Paper
Simple Encrypted Arithmetic Library - SEAL - Homomorphic encryption
Blockchain Voting slides
CNSA Suite and Quantum Computing FAQ
DAO Attack Wouldn't Have Been Possible With Synereo's Smart Contracting Language (7-3-16)
The Blockchain Brain Drain: How The States Are Driving Blockchain Companies Abroad (6-28-16)
The DAO's Wild Ride: Where Does Blockchain Go From Here? (7-1-16)
A brief history of cryptocurrency drama, or, what could possibly DAO wrong? (7-2-16) -- HIGHLY RECOMMENDED
A Legal Analysis of the DAO Exploit and Possible Investor Rights (6-21-16)
How to setup a local test Ethereum Blockchain
A 101 Noob Intro to Programming Smart Contracts on Ethereum
Ethereum TESTNET Morden Block Chain Explorer
Create a Hello World Contract in ethereum
Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore (July, 2016)
Ethereum Accounts, Address and Contracts (Live)
Namecoin: A Trust Anchor for the Internet -- POSSIBLE PROKECT
Solidity by Example -- Voting
Contract Tutorial ethereum/go-ethereum Wiki GitHub
Ethereum hands-on tutorial
Setting up geth Ethereum node to run automatically on Ubuntu
How to get a Morden Test Wallet on Ethereum and write a simple Will contract
Ethereum DApp Essentials Part 1 -- Useful explanations of concepts
What is bitcoin and the blockchain?
Practical Applications of Blockchain Technology
How to make miner to mine only when there are Pending Transactions? - Ethereum
Getting started with Blockchain (Beta)
GitHub - kadena-io/juno: Smart Contracts Running on a BFT Hardened Raft -- IMPORTANT ALTERNATIVE TO BLOCKCHAINS
Ethereum is the Forefront of Digital Currency
Ethereum Enthusiasts Determine Their DAO After A Successful Hard Fork (7-21-16)
Cross-Chain Replay Attacks on Ethereum (7-17-16)
DAO hacked, Ethereum crashing in value (6-17-16)
Bitcoin Plunges After Hacking of Bitfinex Exchange in Hong Kong (Aug 3, 2016)
Bitcoin Mining Profit Calculator Game
CCDC 5: How to Win CCDC
Arizona Cyber Warfare Range -- Revolutionary advancement in cyber security happens here.
Why do we use XTS over CTR for disk encryption?
Disk encryption theory - Wikipedia
A Graduate Course in Applied Cryptography -- POSSIBLE ALTERNATIVE TEXTBOOK
AES Encryption in Python Using PyCrypto -- USE FOR PROJECTS
Attacks on RSA cryptosystem
NSA’s VPN exploitation process (portion of book)
Hosting a DNS domain on the blockchain -- Ethereum-based prototype (2017)
Why isn't Internet DNS based on blockchain? (from 2016) Fastest and easiest way to buy and sell bitcoins
Public Key Cryptography: Diffie-Hellman Key Exchange (short version) - YouTube
Length extension attack - Wikipedia
Everything you need to know about hash length extension attacks
A Primer on IOTA (with Presentation)
Generating Addresses: Learn the Basics - IOTA
Documentation - IOTA - Getting Started
Tutorial: Getting Started - Beginners - IOTA Forum
IOTA Support - Tutorial - Nostalgia Light Wallet
IOTA Node Tutorial
iotaledger/cli-app: CLI App that acts as a wallet
Node.js Introduction
'Hello World' in IOTA: Payments and Messaging Leaderboard
SSH Tunnel in 30 Seconds (Mac OSX & Linux)
IOTA - The Machine Economy - Reddit
IOTA cool tools
MD5 Length Extension Attack
A sample implementation of MD5 in pure Python
Introducing Ethereum Development - Part 1 - MetaMask and Web3
Getting Started as an Ethereum Web Developer
cryptography of archive formats zip, rar and 7zip
Full break on 1024-bit RSA keys (and ~1 in 8 2048 keys) in libgcrypt via L3 cache timing
Rindjael Flash Animation (SWF File)
Lifetimes of cryptographic hash functions

New Unsorted Links

Bitcoin 27: 3 Things to Know About Bitcoin Mining in China (June 13, 2017)
Bitcoin 28: Banks fear bitcoin's mining centralization in China
Custom RBIX Shellcode Encoder/Decoder -- INTERESTING PROJECT
Ch 3a: Why can I encrypt data with one DES key and successfully decrypt with another?
Ch 3b: A Tutorial on Linear and Differential Cryptanalysis
Brainwallet - JavaScript Client-Side Bitcoin Address Generator -- SHOW TO CLASS
Hash-based Signatures: An Outline for a New Standard (from 2015)
Google Tests New Crypto in Chrome to Fend Off Quantum Attacks (2016)
Introducing Azure confidential computing--ENCRYPTING DATA IN USE
Ch 4a: AES Rijndael Cipher - Visualization - YouTube
Ch 4b: PyCrypto API Documentation
Ch 5a: Block cipher mode of operation - Wikipedia
Ch 5b: Galois/Counter Mode - Wikipedia
Ch 5c: Shor's algorithm - Wikipedia
Ch 2g: What is the Difference Between Common Law and Civil Law?
Penetration Testing in Active Directory using Metasploit (Part 2)
Ch 6a: CSRC - NIST Computer Security Publications
SpiderLabs/CryptOMG: CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.
Ch 5d: Bug #996193 "OFB chaining mode requires padding" : Bugs : Python-Crypto
Ch 5e: Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2) -- CCMP Mode Explained
2017-10-08: Algorithm for Linux $6$ password hashes
c - python crypt in OSX - Stack Overflow
Ch 7a: RSA numbers - Wikipedia
Ch 7b: Attacking RSA exponentiation with fault injection
Ch 7c: Fault-Based Attack of RSA Authentication
Hash Length Extension Attacks
CryptOMG Walkthrough - Challenge 1
CryptOMG Walkthough - Challenge 2
php - Can I blindly replace all mysql_ functions with mysqli_? - Stack Overflow
MariaDB - How to reset MySQL root user password
Automated Padding Oracle Attacks with PadBuster
Padding oracle attack explained
FeatherDuster is a tool for brushing away magical crypto fairy dust
The Padding Oracle Attack - why crypto is terrifying
The Cryptopals Crypto Challenges
Ch 9a: A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Why RSA encryption padding is critical
Ch 8a: Chinese remainder theorem - Wikipedia
Generate Random Prime Numbers
rsatool can be used to calculate RSA and RSA-CRT parameters
Calculating RSA private keys from its public counterpart
IBM Blockchain 101: Quick-start guide for developers
Ch 9b: security - The length of the Bitcoin's private keys - Bitcoin Stack Exchange
Ch 9c: Keylength - ECRYPT II Report on Key Sizes (2012)
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
Install Node.js - Ubuntu 16
nodesource/distributions: NodeSource Node.js Binary Distributions
Cryptology ePrint Archive
How the Byzantine General Sacked the Castle: A Look Into Blockchain - The Byzantine Generals' Problem
Ethereum Casper 101
Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
Ethereum Contracts Are Going To Be Candy For Hackers (from 2016)
Attacks on RSA cryptosystem
Understanding Common Factor Attacks: An RSA-Cracking Puzzle
MTC3 — The Cipher Contest
trufflesuite/ganache-cli: Fast Ethereum RPC client for testing and development
Blockchain Demo - A visual demo of blockchain technology
The ultimate guide to audit a Smart Contract Most dangerous attacks in Solidity
How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight (Feb., 2018)
Hack This Contract - An Ethereum / Smart Contract Exploit Training Course
Comparison of the different TestNets - Ethereum Stack Exchange
Rinkeby is extremely slow at confirming transactions - Ethereum Stack Exchange
Ethernaut Coin Flip problem
ERC20 - Ethereum Token Standard
How to stop mining empty blocks? - MultiChain Developer Q&A
MultiChain/multichain-web-demo: Simple web interface for MultiChain blockchains, written in PHP.
Crypto Identifier - Tool To Uncipher Data Using Multiple Algorithms And Block Chaining Modes
Quantum Algorithm Zoo
Post-quantum Key Exchange—A New Hope
PQCrypto Usage & Deployment
GCHQ on Quantum key distribution - NOT RECOMMENDED
PadBuster v0.3 and the .NET Padding Oracle Attack
NewHope: Quantum-robust Crypto for Key Generation using Ring Learning With Errors
Introduction to post-quantum cryptography and learning with errors
How to write a quantum program in 10 lines of code (for beginners)
Crypton: Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems -- MORE PROJECTS
A Guide to Post-Quantum Cryptography

Last Updated: 12-21-17 7:31 am