CS838 Spring 2012: Applied Cryptography

Instructor: Thomas Ristenpart
Email: rist at cs dot wisc dot edu
Office hours: TBA
Lectures: Tuesday 4:00 - 6:30 pm
Location: 1263 CS



Cryptography is a ubiquitous tool in today's electronic world. It secures online shopping and banking, protects sensitive data stored on home PCs or in the cloud, and much more. This class will cover applied cryptography, from the design and formal assessment of cryptographic algorithms all the way to deployment in today's computing systems.

See the class handout for more information.


There are no formal prerequisites for this course. However, much of the material will involve theory (definitions, theorems, and proofs). I expect that students will have had exposure to topics in theoretical computer science, e.g. via a course on complexity theory or theory of computation. Specifically, students should have familiarity with the concept of a reduction (ala NP-completeness). Please talk to me if you have any questions or concerns.


Students will be given several homework assignments during the term. Students will perform a class project on a topic of their choosing (subject to instructor's approval). The project will require an in-class presentation and a short write-up (less than 5 pages). The goal will be for projects to lead to publication-quality research, but this will not be a requirement to receive a passing grade. Final grades will be calculated by some to-be-determined formula of the preceding requirements and class participation.

Tentative topics:

Below is a list of topics I am thinking of covering, but treat this more as an estimate than a true schedule. Feel free to contact me with requests for topics to be covered.
TopicSlidesLecture notes
Introduction pdf pdf
Blockciphers pdf pdf
Pseudorandom functions pdf pdf
Birthday bounds -pdf
Symmetric Encryption pdfpdf
Padding oracle attacks-pdf
Hash functionspdf pdf
Message authenticationpdf pdf
Authenticated encryption pdf-
AE in practice: TLS, SSH, IPSec
Randomness generation
Computational number theory basics pdfpdf
Public-key encryption pdf pdf
PKE in practice: PGP
Digital signatures pdf pdf
Signatures in practice
Key exchange pdf -
KE in practice: TLS, SSH
Further topics: secure function evaluation, homomorphic encryption

Course materials:

We'll be using the cryptography lecture notes of Bellare and Rogaway, research papers, standards/RFCs, and open source implementations. The Bellare-Rogaway notes will be available from this website when the class starts. Another good reference is the Katz and Lindell book Introduction to Modern Cryptography.

Project ideas:

I'll have a list of specific example projects for the course in the first couple weeks of the class. To give a sense of flavor, projects could range from cryptanalyzing standards or implementations, investigating insecurity of cryptographic protocols in cloud environments, proving (in)security of protocols from the research literature, novel implementations that include significant cryptographic component(s), etc.