CS 255 Syllabus

(Winter 2004)


This course is an introduction to the basic theory and practice of cryptographic techniques used in computer security. The course is intended for advanced undergraduates and graduate students.

The following is a tentative list of topics.  Next to each topic we list some related readings in the textbook.  S31-34 means pages 31 to 34 in Stinson's book.
Note:  Students are responsible for all the material covered during the lectures.  The textbooks do not cover everything said in class.  

Topics - tentative


  • History. Overview of cryptography.     S1-13, S25-34

Basic Secret Key Encryption  (security against eavesdropping)

  • Information theoretic security. One time pad. Perfect secrecy. Stream ciphers. RC4.    S45-54, S21-24, S37-38
  • Feistel networks. DES. Using block ciphers (basic modes of operation). S95-101, S109-112
  • Strengthening DES: DESX and 3DES. Attacks on block ciphers: Time-space tradeoffs, Differential & Linear cryptanalysis, Meet-in-the-middle. The AES cipher.   S79-88,S102-108
  • Semantic security. Pseudo Random Permutations. Luby-Rackoff. Analysis of CBC mode.   

Message Integrity (Hashing)

  • Non keyed hash functions.  Motivation and applications. 
    Merkle-Damgard and other constructions.   S117-136
  • Message Authentication Codes (MAC).   Applications.  
    Constructions: CBC-MAC, HMAC.   S136-141

More Secret Key Stuff

  • Security against active attacks. Properly combining basic encryption and integrity.
    How not to do it:  802.11b encryption  (WEP).   Other problems with 802.11b encryption.
    Basic key distribution using online Trusted Third Parties. 

Public Key Encryption

  • Arithmetic modulo primes. Algorithms: bignum arithmetic, repeated squaring. 
  • Cryptography using arithmetic modulo primes:  Discrete log. Diffie-Hellman Key Exchange. 
    ElGamal encryption. Random self reductions.  S226-239, S261-267
  • Arithmetic modulo composites.  S157-166
  • RSA and Rabin encryption.  PKCS1 vs. OAEP vs. OAEP+.    S167-171, 194-218
    Performance of RSA.  How to use RSA.  Hybrid encryption.
  • Vulnerabilities: Unpadded RSA is insecure. Small private key. 
    Random padding. Timing attacks.  Fault attacks. 

Digital Signatures

  • Definition of secure signature schemes. Lamport and Merkle schemes.      S274-280, S292-296
  • How to sign using RSA. Brief overview of the Digital Signature Standard (DSS).    S297-300

Crypto in the Real World

  • Trust management: Certificates. Certificate chains. Cross certification. Revocation. 
  • SSL, SSH, IPsec.  

Authentication and Key Exchange

  • UNIX/NT Passwords, salts. One time passwords, S/Key. 
    Encrypted Key Exchange (EKE). Challenge response authentication.  
  • Kerberos. The Needham-Schroeder protocol. 
    A bit of Zero knowledge proofs of knowledge.  

Final Lecture

  • Advanced topics.

Last update: January 03, 2004 by Dan Boneh