Applied Cryptography

CS838 Spring 2011: Applied Cryptography

Instructor: Thomas Ristenpart
Email: rist at cs dot wisc dot edu
Office hours: by appointment (email me)
Lectures: TR 9:30 - 10:45 am
Location: 2239 ENGR Hall

News:

Please read the course handout
Email me if you need a copy of the project ideas. I'll also bring more printouts to class on Thursday.
Problem set one is here
Problem set two is here
Problem set three is here
Example latex for POA analysis is here
Problem set four is here
Interesting lecture on public-key crypto here
Project progress reports due on Tuesday, April 5th. Please write a (typeset, preferrably with LaTeX) summary of: (1) reiteration of the project proposal; (2) refinements subsequently made to the proposal; (3) what you've got so far done; and (4) description of what you still have to do.
Problem set five is here

Summary:

Cryptography is a ubiquitous tool in today's electronic world. It secures online shopping and banking, protects sensitive data stored on home PCs or in the cloud, and much more. This class will cover applied cryptography, from the design and formal assessment of cryptographic algorithms all the way to deployment in today's computing systems.

Prerequisites:

There are no formal prerequisites for this course. However, much of the material will involve theory (definitions, theorems, and proofs). I expect that students will have had exposure to topics in theoretical computer science, e.g. via a course on complexity theory or theory of computation. Specifically, students should have familiarity with the concept of a reduction (ala NP-completeness). Please talk to me if you have any questions or concerns.

Requirements:

Students will be given several homework assignments during the term. Students will perform a class project on a topic of their choosing (subject to instructor's approval). The project will require an in-class presentation and a short write-up (less than 5 pages). The goal will be for projects to lead to publication-quality research, but this will not be a requirement to receive a passing grade. Final grades will be calculated by some to-be-determined formula of the preceding requirements and class participation.

Tentative topics:

Below is a list of topics I am thinking of covering, but treat this more as an estimate than a true schedule. Feel free to contact me with requests for topics to be covered.

Topic	Slides	Lecture notes
Introduction	pdf	pdf
Blockciphers	pdf	pdf
Pseudorandom functions	pdf	pdf
Birthday bounds	-	pdf
Symmetric Encryption	pdf	pdf
Padding oracle attacks	-	pdf
Hash functions	pdf	pdf
Message authentication	pdf	pdf
Authenticated encryption	pdf	-
AE in practice: TLS, SSH, IPSec
Randomness generation
Computational number theory basics	pdf	pdf
Public-key encryption	pdf	pdf
PKE in practice: PGP
Digital signatures	pdf	pdf
Signatures in practice
Key exchange	pdf	-
KE in practice: TLS, SSH
Further topics: secure function evaluation, homomorphic encryption

Course materials:

We'll be using the cryptography lecture notes of Bellare and Rogaway, research papers, standards/RFCs, and open source implementations. The Bellare-Rogaway notes will be available from this website when the class starts.

Project ideas:

I'll have a list of specific example projects for the course in the first couple weeks of the class. To give a sense of flavor, projects could range from cryptanalyzing standards or implementations, investigating insecurity of cryptographic protocols in cloud environments, proving (in)security of protocols from the research literature, novel implementations that include significant cryptographic component(s), etc.