CS255 Introduction to Cryptography

Course Syllabus

Winter 2014

Optional reading can be found in two texts listed below (KL and HAC). Only one of these books is needed and KL is a much better fit for the class. Students opting for a free book can find some of the material in HAC.


Lecture 1:
1/ 6/14
History and overview of cryptography
Reading: KL 3-18 ; HAC 11-20.
Lecture 2:
1/ 8/14
Identification protocols   [pdf]
Password protocols, salts, PBKDF2; one time passwords (S/Key and SecurID);
challenge response authentication.
Reading: HAC Ch. 10.
Basic symmetric-key encryption
Lecture 3:
One time pad and stream ciphers
perfect secrecy and the one time pad.
semantic security and stream ciphers.
Reading: KL 29-40, 61-77 ; HAC 20-21, 191-194.
Lecture 4:
Block ciphers
Case studies: Feistel networks, DES, 3DES, and AES.
basic modes of operation: CBC and counter mode.
Reading: KL 159-187; HAC 233-237, 250-259
Lecture 5:
Block cipher abstractions: PRPs and PRFs   [pdf]
Pseudo Random Permutations (PRP); Pseudo Random Functions (PRF);
security against chosen plaintext attacks (CPA);
nonce-based CBC encryption and nonce-based counter mode.
Reading: KL 86-88, 94-102 ; HAC 228-230
MLK: no classes
Lecture 6:
Attacks on block ciphers
exhaustive search, time-space tradeoffs,
differential & linear cryptanalysis, meet in the middle, side channels.
Reading: KL 82-85, 89-90
Message integrity
Lecture 7:
Message integrity: definition and applications
Reading: KL 111-126
Lecture 8:
2/ 3/14
Collision resistant hashing
Merkle-Damgard and Davies-Meyer. MACs from collision resistance.
Case studies: SHA and HMAC.
Reading: KL 127-143 ; HAC 333-335, 339-341, 348
Lecture 9:
2/ 5/14
Authenticated encryption: security against active attacks
also: intro to session setup using a key distribution center (KDC).
Reading: KL 148-154
Public key cryptography
Lecture 10:
Arithmetic modulo primes
Reading: KL Ch. 7.
Summary of relevant facts: pdf.
Lecture 11:
Cryptography using arithmetic modulo primes
vanilla key exchange (Diffie-Hellman); the CDH and discrete-log assumptions
Reading: KL 315-339, 364-368
Lecture 12:
Public key encryption
semantically secure ElGamal encryption; CCA security
Reading: KL 315-339, 364-368
President's day: no classes.
Lecture 13:
Arithmetic modulo composites   [pdf]
RSA and Rabin functions.
how to encrypt with trapdoor permutations.
Reading: KL 355-364
Summary of relevant facts: pdf.
Digital signatures
Lecture 14:
Digital signatures: definitions and applications
How to sign using RSA.
Reading: KL 421-432
Lecture 15:
3/ 3/14
More signature schemes
Lamport and Merkle schemes.
overview of signatures based on discrete-log.
certificates and trust management.
Reading: KL 432-453
Final topics
Lecture 16:
3/ 5/14
Real world crypto: SSL/TLS and IPsec
record protocol. key exchange. password-based key exchange.
Reading: None.
Lecture 17:
The EMV payment protocol   [pdf]
Reading: None.
Lecture 18:
Advanced topics. TBD