

This course is an introduction to the basic
theory and practice of cryptographic techniques used in computer
security. The course is intended for advanced undergraduates and
graduate students.
The following is a tentative list of topics. Next to each
topic we list some related readings in the textbook. S3134
means pages 31 to 34 in Stinson's book.
Note: Students are responsible for all
the material covered during the lectures. The textbooks do not cover
everything said in class.
Topics  tentative
Introduction
 History. Overview of cryptography. S113, S2534
Basic Secret Key Encryption (security against
eavesdropping)
 Information theoretic security. One time pad. Perfect secrecy.
Stream ciphers. RC4.
S4554, S2124, S3738
 Feistel networks. DES. Using block ciphers (basic modes of operation).
S95101, S109112
 Strengthening DES: DESX and 3DES.
Attacks on block ciphers: Timespace tradeoffs, Differential &
Linear cryptanalysis, Meetinthemiddle. The AES cipher.
S7988,S102108
 Semantic security. Pseudo Random Permutations.
LubyRackoff. Analysis of CBC mode.
Message Integrity (Hashing)
 Non keyed hash functions. Motivation and applications.
MerkleDamgard and other constructions.
S117136
 Message Authentication Codes (MAC).
Applications.
Constructions: CBCMAC, HMAC.
S136141
More Secret Key Stuff
 Security against active attacks. Properly combining basic encryption and
integrity.
How not to do it: 802.11b encryption
(WEP).
Other problems with 802.11b encryption.
Basic key distribution using online Trusted Third Parties.
Public Key Encryption
 Arithmetic modulo primes. Algorithms: bignum arithmetic,
repeated squaring.
 Cryptography using arithmetic modulo primes:
Discrete log. DiffieHellman Key Exchange.
ElGamal encryption. Random self reductions.
S226239, S261267
 Arithmetic modulo composites.
S157166
 RSA and Rabin encryption. PKCS1 vs. OAEP vs. OAEP+.
S167171, 194218
Performance of RSA. How to use RSA. Hybrid encryption.
 Vulnerabilities: Unpadded RSA is insecure. Small private key.
Random padding. Timing attacks. Fault attacks.
Digital Signatures
 Definition of secure signature schemes. Lamport and Merkle schemes.
S274280, S292296
 How to sign using RSA. Brief overview of the Digital
Signature Standard (DSS).
S297300
Crypto in the Real World
 Trust management: Certificates. Certificate chains. Cross
certification. Revocation.
 SSL, SSH, IPsec.
Authentication and Key Exchange
 UNIX/NT Passwords, salts. One time passwords, S/Key.
Encrypted Key Exchange (EKE). Challenge response
authentication.
 Kerberos. The NeedhamSchroeder protocol.
A bit of Zero knowledge proofs of knowledge.
Final Lecture
