537mat This course is an introduction to the basic theory and practice of cryptographic techniques used in computer security. The course is intended for advanced undergraduates and graduate students. The following is a tentative list of topics. Next to each topic we list some related readings in the textbook. S31-34 means pages 31 to 34 in the second edition of Stinson's book. S31-34 refers to the third edition. Note: Students are responsible for all the material covered during the lectures. The textbooks do not cover everything said in class. Topics - tentative Introduction History. Overview of cryptography. S1-13, S25-34 Basic Secret Key Encryption (security against eavesdropping) Information theoretic security. One time pad. Perfect secrecy. Stream ciphers. RC4. S45-54, S21-24 S45-54, S21-25 Feistel networks. DES. Using block ciphers (basic modes of operation). S95112 S95-112 Strengthening DES: DESX and 3DES. Attacks on block ciphers: Time-space tradeoffs, Differential & Linear cryptanalysis, Meet-in-the-middle. The AES cipher. S79-88 S79-88 Semantic security. Pseudo Random Permutations. Luby-Rackoff. Analysis of counter mode. Message Integrity (Hashing) Non keyed hash functions. Motivation and applications. Merkle-Damgard and Davies-Meyer. S117-136 S119-120, S129-139 Message Authentication Codes (MAC). Applications. Constructions: CBC-MAC, HMAC. S136-141 S140-144 More Secret Key Stuff Authenticated encryption: properly combining basic encryption and integrity. How not to do it: 802.11b encryption (WEP). Basic key distribution using online Trusted Third Parties. Public Key Encryption Arithmetic modulo primes. Algorithms: bignum arithmetic, repeated squaring. Cryptography using arithmetic modulo primes: Discrete log. Diffie-Hellman Key Exchange. ElGamal encryption. Random self reductions. S226-239, S261-267 S233-235, S268-273 Arithmetic modulo composites. S157-166 S161-177, S201-210 RSA and Rabin encryption. PKCS1 vs. OAEP vs. OAEP+. S167-171, 194218 S218-224 Performance of RSA. How to use RSA. Hybrid encryption. Vulnerabilities: Unpadded RSA is insecure. Small private key. Random padding. Timing attacks. Fault attacks. Digital Signatures Definition of secure signature schemes. Lamport and Merkle schemes. S274-280, S292-296 S281-285, S304-306 How to sign using RSA. Brief overview of the Digital Signature Standard (DSS). S297-300 Crypto in the Real World Trust management: Certificates. Certificate chains. Cross certification. Certificate revocation. SSL, SSH, IPsec. Authentication and Key Exchange UNIX/NT Passwords, salts. One time passwords. S/Key and SecurID. Challenge response authentication. Encrypted Key Exchange (EKE). Kerberos. The Needham-Schroeder protocol. A bit of Zero knowledge proofs of knowledge. Final Lecture Advanced topics.