This course is an introduction to the basic theory and practice of cryptographic
techniques used in computer security. The course is intended for advanced
undergraduates and graduate students.
The following is a tentative list of topics. Next to each topic we list some related
readings in the textbook. S31-34 means pages 31 to 34 in the second edition of
Stinson's book. S31-34 refers to the third edition.
Note: Students are responsible for all the material covered during the lectures. The
textbooks do not cover everything said in class.
Topics - tentative
History. Overview of cryptography.
S1-13, S25-34
Basic Secret Key Encryption (security against eavesdropping)
Information theoretic security. One time pad. Perfect secrecy. Stream ciphers.
RC4. S45-54, S21-24 S45-54, S21-25
Feistel networks. DES. Using block ciphers (basic modes of operation). S95112 S95-112
Strengthening DES: DESX and 3DES. Attacks on block ciphers: Time-space
tradeoffs, Differential & Linear cryptanalysis, Meet-in-the-middle. The AES
cipher. S79-88 S79-88
Semantic security. Pseudo Random Permutations. Luby-Rackoff. Analysis of
counter mode.
Message Integrity (Hashing)
Non keyed hash functions. Motivation and applications.
Merkle-Damgard and Davies-Meyer. S117-136 S119-120, S129-139
Message Authentication Codes (MAC). Applications.
Constructions: CBC-MAC, HMAC. S136-141 S140-144
More Secret Key Stuff
Authenticated encryption: properly combining basic encryption and integrity.
How not to do it: 802.11b encryption (WEP).
Basic key distribution using online Trusted Third Parties.
Public Key Encryption
Arithmetic modulo primes. Algorithms: bignum arithmetic, repeated
Cryptography using arithmetic modulo primes: Discrete log. Diffie-Hellman
Key Exchange.
ElGamal encryption. Random self reductions. S226-239, S261-267 S233-235,
Arithmetic modulo composites. S157-166 S161-177, S201-210
RSA and Rabin encryption. PKCS1 vs. OAEP vs. OAEP+. S167-171, 194218 S218-224
Performance of RSA. How to use RSA. Hybrid encryption.
Vulnerabilities: Unpadded RSA is insecure. Small private key.
Random padding. Timing attacks. Fault attacks.
Digital Signatures
Definition of secure signature schemes. Lamport and Merkle schemes.
S274-280, S292-296 S281-285, S304-306
How to sign using RSA. Brief overview of the Digital Signature Standard
(DSS). S297-300
Crypto in the Real World
Trust management: Certificates. Certificate chains. Cross
certification. Certificate revocation.
SSL, SSH, IPsec.
Authentication and Key Exchange
UNIX/NT Passwords, salts. One time passwords. S/Key and SecurID.
Challenge response authentication. Encrypted Key Exchange (EKE).
Kerberos. The Needham-Schroeder protocol.
A bit of Zero knowledge proofs of knowledge.
Final Lecture
Advanced topics.