The team from IIT Bombay consisting of Sahil Jain, Himanshu Sheoran, Tirthankar Adhikari recently won a gold at NSUCRYPTO, an international cryptography olympiad. The team also proposed the best solution for the AES-GCM problem! NSUCRYPTO is the unique cryptographic Olympiad containing scientific mathematical problems for professionals, school and university students from any country. Its aim is to involve young researchers in solving curious and tough scientific problems of modern cryptography. Here we discuss with them about their learnings, experience and how it all started!
Tirthankar, Himanshu and Sahil (from L to R)
Can you describe the competition, your experience, the AES-GCM problem, the challenges faced and how did the team approach those?
Himanshu: The round 2 was a week long (October 19 – October 26), consisting of 10 problems.
Some of the problems were easy, in the sense that they didn’t require much cryptography knowledge, just basic mathematics knowledge. The maximum scores were not known beforehand to us. The problems with max score marked * were either completely open-research problems (problem 5 and 9) or just a part of them (problem 6 and 10). We couldn’t proceed in solving the research problem 9 and problem 6, but we did manage to solve ( or improve existing results) in problem 5 and 10. Although I had a pretty tight schedule owing to the placements, we could have given a better look at problems 6 and 9. Anyways, to our surprise, we got the best solution for problem number 10 which was based on “practical signature and message forgery on AES-GCM based on repeated nonces” which I personally believe was the hardest problem and took me 2 complete days to solve, test and verify my results. We got to know our marks on 7th December after a long wait of a month and a half! Seeing the best solution mark on a problem in the world for which I worked my ass off and wouldn’t have otherwise dared to look at it, made it the best day of the long dreaded covid blues.
About the individual tournament? How was it different and if you’d like to mention a few things about your solution?
Himanshu: Individual round was independent of the second round. The problems were designed to be simpler to solve in a time constraint of 4 hours. I was sitting in the placements and a placement test was scheduled to clash with round 1, so I could only give it an hour. Consequently, I managed to solve only 3 problems out of 7 in the first round.
Sahil : First round was on one Sunday after midsems and as such, I didn’t have a lot to do back then; so I tried to attempt all the problems, and was able to solve 6 out of the 7 problems. A few of them weren’t really about cryptography, but involved rather general concepts; while some others directly involved cryptographical concepts and therefore, without some background, it would’ve been hard to solve them.
What kind of a background/preparation does one need in order to ace such events? Any specific strategies you followed (as an individual or as a team)?
Himanshu: Regarding the preparation, personally I think all one needs is the dare to challenge the unseen. As the scope of such competitions is broad, one cant technically “prepare” for such an event in particular. As cryptography is broadly mathematics, several courses from the curriculum would help at some point or the other in tackling cryptographic problems be it algorithms, discrete maths or anything. What you can’t get from the curriculum is a fearless attitude to tackle unforeseen problems. How to search for solutions to such problems or solutions to similar problems which can be applied to the problem at hand. I believe participating in a lot of CTFs helped me a lot to challenge myself to deal with any problem. It is always refreshing to learn newer ways to tackle a problem from the perspective of different people from the discussions and writeups.
Team based strategy which we followed was to split different problems amongst ourselves and research the solutions to increase focus. Once someone discovers something which leads to a solution, or maybe even a solution, other members could be called in to proceed or verify the work done so far. If we got stuck in a particular problem, we discussed the approach so far and switched problems to reduce bias and incorporate varying ideas. This way we were able to manage our time, verify our results and consequently win the olympiad 🙂
Sahil: I think having had an exposure to cryptography helps a lot, but the most one needs is a curiosity to explore and work on their interests. Given enough interest and/or curiosity, even a newbie can learn things they’ve always wanted to, which aren’t covered in the curriculum.
Delving a bit into your background, when did you first get introduced to cryptography? How has the journey so far been (other competitions, etc)? Any helpful resources/courses?
Himanshu: I came to know about cryptography and other cybersecurity related fields like reverse engineering, binary exploitation, application and web security, digital forensics by CTF (capture the flag) competitions. I got to know and learn a lot of new and exciting cryptography related stuff with the launch of a new website https://cryptohack.org/ this year. Which led me to know about a lot of stuff, conferences and even this olympiad! Cryptohack has such an awesome community which welcomes crypto experts to newbies alike. Apart from that, I play so many CTFs each weekend that I have participated in a ton of CTFs. Apart from that, there is an awesome site called https://cryptopals.com/ which has a small number of cryptographic challenges developed by experts at NCC.
Sahil : I wanted to try hacking since the beginning of my second year, then in one of the courses a bit of cryptography was touched upon. Later, I somehow came to know about picoCTF, which I participated in with few friends of mine in my third semester(keeping studies at bay, of course :). Having tried that, my interest in cybersecurity as a whole grew even further; and I explored them a lot more in the following winters. Only then did I come to know about other CTFs and also learnt that several other people also do participate in CTFs including deuterium(aka Himanshu). He helped me with resources and guided me on what to try or explore next. In the fourth semester, I took up a course on Number Theory and Cryptography(EE 720, taught by Prof Saravanan Vijaykumaran back then); unfortunately, that semester came to a sudden end due to Covid-19. I had ample opportunities in the following lockdown, during which Himanshu also told me about CryptoHack, and I tried and learnt a lot more from these and other sites; I also participated in several CTFs with Himanshu, and he was the person who also told me about the olympiad! I had tried an online cryptography course by Stanford, but as usually happens, online courses never face completion!
Has anything changed after this gigantic international achievement? How do you plan to take this forward?
Sahil: For me, nothing much has changed! I had found the non-research problems this time in the second round to be somewhat easier as compared to the previous years (some of them were directly from the first round). I had tried attempting previous years’ olympiad papers and had found them somewhat on the difficult side. I still lack knowledge on a lot of common-place concepts like ECC, Diffie-Hellman Key Exchange, etc. in cryptography, so I am planning to learn those soon. My passion for cryptography has only grown, mostly because Himanshu is very passionate about crypto used to work on most cryptography problems in CTFs and I learnt a lot from him. Like in my case, if one has someone to look up to and seek guidance from, learning and growth both are quicker.
I am looking forward to participating in the Cryptography Olympiad next year as well, and probably also motivate other students to participate! I believe this is just the beginning, the future holds an even more interesting journey! I am also looking forward to participating in the Google CTF this year, and try to obtain a reasonable worldwide position; however CTFs are not an individual sport but are actually team activities where several people need to get involved to crack the challenges. Himanshu and I had participated in Google CTF last year too, but sadly we were the only ones from the institute. Hoping to see more people getting involved soon!! I’m currently learning cryptography as well as another field called binary exploitation, as these come really handy in CTFs.
Tirthankar: Nothing as such has changed if I must say 😛 But, this is something we should look forward to every year.
NSU Crypto gives a platform to showcase the mathematical and theoretical side of Cryptography (something which is not explored in great detail in routine CTFs, cryptohack contests etc) which would help a lot in exploring more of this side in our Cyber security club @IITB.
Such olympiads see participation from some of the best brains across the globe involved in this field, having immense experience and/or pursuing research. So competing with them and winning surely gives a sense of moral boost and there’s a thrust to perform to our level-best.
As a sophomore, this was my first such experience and I am looking forward to exploring more in future. So, I’d say the future prospects are quite promising as such events help in developing a deeper understanding of the subject at root level and connect to like-minded people in the community and also within insti.
The content on this website is strictly the property of Insight and the Students’ Gymkhana IIT Bombay. If you wish to reproduce any content herein, please contact us:
Chief Editors: Amogh Gawaskar and Suman Mondal
Mail to: firstname.lastname@example.org