CS 255 Syllabus

(Winter 2001)


This course is an introduction to the basic theory and practice of cryptographic techniques used in computer security. The course is intended for advanced undergraduates and graduate students.

The following is a tentative list of topics.  Next to each topic we list some related readings in the textbooks.  R31-34 means pages 31 to 34 in Stinson's Red book and B45-49 means pages 45 to 49 in Stallings Blue book.
Note:  Students are responsible for all the material covered during the lectures.  The textbooks do not cover everything said in class.  

Topics - tentative


  • History. Overview of cryptography. Attack models.    R1-13, B1-10.

Secret Key Encryption

  • Information theoretic security. One time pad. Stream ciphers.    R44-51, R20-24.
  • Feistel networks. DES. DESX. 3DES. Luby-Rackoff. The AES cipher.   R70-83, B50-75.
  • Vulnerabilities: Time-space tradeoffs, Differential & Linear cryptanalysis, Meet-in-the-middle.  R86-97,  B76-88.
  • Key distribution using online Trusted Third Parties.   B141-149

Public Key Encryption

  • Arithmetic modulo primes. Algorithms: bignum arithmetic, repeated squaring.  R114-123, B207-220.
  • Cryptography using arithmetic modulo primes:  Discrete log. Diffie-Hellman Key Exchange. 
    ElGamal encryption. Random self reductions.  R162-176, B228-232, B190-192.
  • Arithmetic modulo composites.  B226-227.
  • RSA encryption. Rabin. Bit security.  PKCS1 vs. OAEP.    R124-128,  B173-181.
    Performance of RSA. How to use RSA.  
  • Vulnerabilities: Unpadded RSA is insecure, Small private key, broadcast, 
    Random padding. Timing attacks.  R138-144.


  • Non keyed hash functions.  Motivation and applications. Merkle-Damgard and other constructions.   R232-246, B253-269.
  • Message Authentication Codes (MAC).   Applications.  Constructions. B243-253, B293-297.

Digital Signatures

  • Definition of secure signature schemes. Lamport and Merkle schemes.      B299-313, R202-212.
  • How to sign using RSA. Brief overview of the Digital Signature Standard (DSS).    B299-313, R202-212.

Crypto in the real world

  • Trust management: Certificates. Certificate chains. Cross certification. Revocation.  B341-349.
  • PGP, SSL, IPsec.   B356-373, B444-460, B402-431.
  • Secure file systems. CFS.  Key Recovery/escrow.


  • UNIX/NT Passwords, salts. One time passwords, S/Key. 
    Encrypted Key Exchange (EKE). Challenge response authentication.   B478-489.
  • Zero knowledge proofs of knowledge, examples. The Fiat-Shamir protocol. 
  • Kerberos V4. The Needham-Schroeder protocol.  B323-340.

Defensive programming

  • Attacks based on buffer overflows, simple timing attacks, TEMPEST.
  • Denial of Service attacks (DoS and DDos), covert channels.

Final Lecture

  • Internet voting systems.

Last update: January 09, 2001 by Dan Boneh