This course is an introduction to the basic
theory and practice of cryptographic techniques used in computer
security. The course is intended for advanced undergraduates and
The following is a tentative list of topics. Next to each
topic we list some related readings in the textbooks. R31-34
means pages 31 to 34 in Stinson's Red book
means pages 45 to 49 in Stallings Blue book.
Note: Students are responsible for all
the material covered during the lectures. The textbooks do not cover
everything said in class.
Topics - tentative
- History. Overview of cryptography. R1-13,
Basic Secret Key Encryption (security against
- Information theoretic security. One time pad. Stream ciphers. RC4.
- Feistel networks. DES. DESX. 3DES. Luby-Rackoff. The AES cipher.
- Vulnerabilities: Time-space tradeoffs, Differential &
Linear cryptanalysis, Meet-in-the-middle. R86-97,
Message Integrity (Hashing)
- Non keyed hash functions. Motivation and applications.
Merkle-Damgard and other constructions. R232-246,
Authentication Codes (MAC). Applications.
Constructions: CBC-MAC, HMAC. B243-253,
More Secret Key Stuff
- Security against active attacks: properly combining basic encryption and
How not to do it: 802.11b encryption (WEP).
Other problems with 802.11b encryption.
- Key distribution using online Trusted Third Parties. B141-149.
Public Key Encryption
- Arithmetic modulo primes. Algorithms: bignum arithmetic,
repeated squaring. R114-123,
- Cryptography using arithmetic modulo primes: Discrete log. Diffie-Hellman Key Exchange.
Random self reductions. R162-176,
- Arithmetic modulo composites. B226-227.
- RSA and Rabin encryption. PKCS1 vs. OAEP vs. OAEP+.
Performance of RSA. How to use RSA. Hybrid encryption.
- Vulnerabilities: Unpadded RSA is insecure. Small private key.
Random padding. Timing attacks. Fault attacks. R138-144.
- Definition of secure signature schemes. Lamport and Merkle schemes.
- How to sign using RSA. Brief overview of the Digital
Signature Standard (DSS). B299-313,
Crypto in the Real World
- Trust management: Certificates. Certificate chains. Cross
- PGP, SSL, SSH, IPsec.
- Secure file systems. CFS. Key Recovery/escrow.
Authentication and Key Exchange
- UNIX/NT Passwords, salts. One time passwords, S/Key.
Encrypted Key Exchange (EKE). Challenge response
- Kerberos V4. The Needham-Schroeder protocol. B323-340.
A bit of Zero knowledge proofs of knowledge.
- Attacks based on buffer overflows, simple timing attacks, TEMPEST.
- Denial of Service attacks. Covert channels.