Catalog description:

Cryptography is the study of techniques for protecting information and systems, that is, securing them against adversarial attacks. Cryptography appears everywhere, for example, computer passwords, user authentication, credit cards, cryptocurrency, web traffic (HTTPS), disk encryption, etc, all use cryptography. This course presents the techniques and tools used in modern cryptography with a focus on applications. For example, the course also discusses many attacks on various real-world systems, the mistakes made in building those systems, and how they could be built in a secure way.

Prerequisites:

CSE 274 and MTH 231

Learning Outcomes:

1. Design stream ciphers, and evaluate their security and usage.
2. Design block ciphers, and evaluate their security and usage.
3. Analyze message integrity and collision resistance.
4. Construct some authenticated encryption schemes.
5. Design secure public key encryption schemes from trapdoor permutations.
6. Use crypto libraries and cryptographic primitives for various applications, for example, implement a secure and efficient password manager (aka a keychain) and an end-to-end encrypted chat client.
7. The graduate students can evaluate the current schemes under the presence of quantum computers using quantum cryptography algorithms.
8. (Graduate students only) Analyze the Bleichenbacher attack on PKCS 1 and HTTPS defense.

Topics:

• Basic Cryptography Terminology covering notions pertaining to the different (communication) partners, secure/unsecure channel, attackers and their capabilities, encryption, decryption, keys and their characteristics, signatures
• Cipher types (e.g., Caesar cipher, affine cipher) together with typical attack methods such as frequency analysis
• Public Key Infrastructure support for digital signature and encryption and its challenges
• Mathematical Preliminaries essential for cryptography, including topics in linear algebra, number theory, probability theory, and statistics
• Cryptographic primitives:
  • pseudorandom generators and stream ciphers
  • block ciphers (pseudo-random permutations), e.g., AES
  • pseudorandom functions
  • hash functions, e.g., SHA2, collision resistance
  • message authentication codes
  • key derivations functions
• Symmetric key cryptography
  • Perfect secrecy and the one time pad
  • Modes of operation for semantic security and authenticated encryption (e.g., encrypt-then-MAC, OCB, GCM)
  • Message integrity (e.g., CMAC, HMAC)
• Public key cryptography:
  • Trapdoor permutation, e.g., RSA
  • Public key encryption, e.g., RSA encryption, EI Gamal encryption
  • Digital signatures
  • Public-key infrastructure (PKI) and certificates
  • Hardness assumptions, e.g., Diffie-Hellman, integer factoring
• Authenticated key exchange protocols, e.g., TLS
• Cryptographic protocols: challenge-response authentication, zero-knowledge protocols, commitment, oblivious transfer, secure 2-party or multi-party computation, secret sharing, and applications
• Motivate concepts using real-world applications, e.g., electronic cash, secure channels between clients and servers, secure electronic mail, entity authentication, device pairing, voting systems
• Security definitions and attacks on cryptographic primitives:
  • Goals: indistinguishability, unforgeability, collision-resistance
  • Attacker capabilities: chosen-message attack (for signatures), birthday attacks, side channel attacks, fault injection attacks
• Cryptographic standards and references implementations
• Quantum cryptography