Course Overview
Course Description
Content
The course will provide an introduction to modern cryptography.
We will cover many practical topics, such as how to correctly
use block ciphers and hash functions for the most common tasks:
encryption and message authentication, the differences
between public key cryptography and symmetric key cryptography,
and a few ways to build public key encryption and signatures.
We will learn about how to properly define security, and how to
prove that our constructions are secure. In addition, with what
time we remains, we may cover several recent topics in
cryptography, such as the use of blockchains for crypto
currencies, and securely computing on private data.
Objectives
The main objectives are to convey the importance
of provable security, to teach students how to use
cryptographic tools in a way that is provably secure, to
provide students with the ability to decide whether a
protocol is secure, and to demonstrate the range of what can be
achieved with provable security.
Course Outcomes
Students taking this class will: (a) be able to understand the
security properties achieved by common cryptographic
mechanisms such as encryption or digital signatures, (b) be
familiar with a number of cryptographic primitives
available to solve a variety of problems, (c) gain
some experience with how these cryptographic tools can be used to secure
modern systems.
Prerequisites
CS 330, CS 310, and STAT 344. More generally,
students should have some level of mathematical
maturity. Students should be comfortable writing proofs, and
should have comfort with basic probability theory.
Logistics
Office Hours
I will hold office hours in my office, on Tuesdays at 1pm
and Wednesdays at 10am. These sessions
will be streamed on Zoom as well, and I will post
links to
recordings on piazza. Occasionally, by announcement,
I will instead hold my Tuesday office hours
virtually.
My office hours should be viewed as study sessions: homework is
almost always due on Wednesday at class time, and I will help
you with the homework in my office hours. All are
welcome at the same time! I'll take questions and we'll work through problems
together. For
students that expect to struggle with the material, I
strongly encourage you to attend at least one, and preferably both hours
each week. If you lose points on a homework, you should see
this as an indication that you need help, and you should try to
attend office hours. The TA will also hold hours, and he is
able to help you in the same manner. To speak to me privately, please
email me ahead of time so we can schedule something.
Piazza
All class announcements will be made on Piazza.
I will answer all questions on Piazza.
My email inbox is typically swamped, and
anything sent there has a good chance of being missed.
If you do email me, put 487/587 in the subject line.
But better is to message me on piazza. Students are
encouraged to post homework questions on piazza! I realize that some posts need to be private,
but when in doubt, I encourage you to make your
posts public! Everyone will benefit from your
questions, and I prefer that we all learn from them.
Generally, I'm not that worried about questions that
give hints. (Within reason.)
Gradescope
Quizzes, homeworks and
exams will all be submitted through Gradescope.
You can find gradescope through Blackboard:
click on Tools, then gradescope. You should also be
able to access it directly from the gradescope website,
if you use your GMU login. When submitting an
assignment, please mark each question with the
appropriate question number, as this makes grading much
easier.
Overleaf
I will release some assignments on overleaf. This is a
web-based platform for writing latex documents. You do
not need special software, and I will not insist that
you use latex to write your answers. You can simply
view the PDF from the webpage, and submit answers to
Gradescope in whatever format you like. However,
I encourage you to use latex - it is fairly
easy, and produces nice PDFs. To do that, just copy
the project that I've shared, and edit. You still
submit the resulting PDF through Gradescope.
Lecture Videos
Students are expected to watch videos each week, prior to
the class meeting time. In the meeting, I will review
questions about those videos, and we will work through
related problems. Links to the videos can be found below,
under the class schedule.
Course Requirements
Homework
There will be roughly 10 homework assignments. Homework will be due
at class time on Wednesdays. All assignments will be
posted on this page, below, and are to be submitted through
Gradescope. Some assignments will require written responses, while
others will require python submissions using the playcrypt framework.
I intend to make a VM available to help with installation, though
the installation is fairly simple in any linux environment. Students are welcome to work in groups, but every student
must write/code their solutions independently. Homework that
appear overly similar will be considered to violate the honor
code.
Exams
There will be one midterm and one final exam. The better score
will count more heavily towards your final grade. The final
mostly covers the 2nd half. However, I may include some
material from the first half if I feel students did not
understand it sufficiently well. I will inform
you ahead of time if I choose to do this.
Quizzes
Quizzes are short: 1-2 questions, multiple choice or
fill-in-the-blank. They will be administered through
Gradescope. Each
single quiz is worth < 1% of your grade. They will be released on
Friday, and due by the start of class on Wednesday. Each will cover
the videos that were intended to be watched at home, in
preperation for the lecture to come. They mainly
serve to help me gauge what the students have understood from the
videos, and
what needs further explanation.
CS 587
Students in CS 587 will be be given extra homework problems on
most homeworks, and an extra problem on each of the exams. They
will also have to read Chapter 7 independently.
Grading
Quizzes -- 10%. The lowest two quiz grades will be dropped.
Homeworks -- 30%. The lowest two homework
grades will be dropped.
Midterm Exam -- 25% or 35%.
Final Exam -- 35% or 25%.
(The better exam score will count for 35%)
Do I curve? The short answer is yes. The more accurate answer is
more subtle. I do not force the final grades to fit any kind of
curve. Doing this would require a certain number of A's and a
certain number of F's. I do not believe that there must be some
minimum number of failures, or
that there should be some maximum number of A's. (Before you
get too excited, the
symmetric argument is valid as well.)
When the final exam is
graded, I will re-weight everyone's score according the weights
described above, and I will sort them. I will then look to draw
lines where there are clear gaps in the scores. For example, it is possible that
an 83 will get an A, and an 81 will not. To help give you a sense
of where you stand, after the midterm, I will give a histogram of
score projections, and a spreadsheet that allows you to see how you
will compare to those projected scores based on how you perform on
the remaining assignments.
Intended Schedule and Material
Security Games
Date |
Topics and Videos |
Slides |
Relevant Reading |
Homework |
8/24 |
Classic Ciphers;
Perfect secrecy via the one-time pad |
1, 2 |
1.1 - 1.4, A.3, 2.1, 2.2 |
HW1 due 8/31. |
8/31 |
Definitions
of computational
security; The goal of modern cryptography; Pseudorandom
generators; Attacking a broken encryption scheme |
1,
2 |
2.3, 3.1, 3.2.1, 3.3.1 |
playcrypt
example 1, playcrypt
example 2. HW 2
due 9/7 |
9/7 |
Pseudo-OTP;
proof of security for pseudo-OTP;
Multiple
message
security; Chosen
plaintext attack security; Pseudorandom functions |
1, 2,
3 |
3.3.2, 3.3.3, 3.4 |
PRF
playcrypt example HW
3 due
9/14 |
9/14 |
Achieving CPA
security;
Variable length enc;
Pseudorandom
permutations; modes of operation:
ECB, CBC,
OFB, CTR |
1,
2,
ECB, CBC, OFB, CTR |
3.5, 3.6.3 |
CPA playcrypt example HW
4 due 9/21 |
9/21 |
Chained
CBC; Chosen Ciphertext
Attack
security; Padding
oracle
attacks; Padding
oracle attack example |
1, 2,
3, 4 |
5.1.1, 5.1.2 |
HW 5 due 9/28 |
9/28 |
Message
authentication; A
secure MAC
scheme; Variable
length MACs; Authenticated encryption |
1,2,
3, 4, 5 |
4.1-4.3, 4.4.1, 5.2.1, 5.3.1 |
HW 6 Ungraded. |
10/5 |
Midterm exam |
|
|
  |
10/12 |
Hash functions, collision resistance,
Hash-and-MAC,
HMAC, Random
oracles, Applications of hash functions, birthday attacks |
1, 2,
3, 4 |
6.1 - 6.3, 6.4.1, 6.5, 6.6 |
HW
7 due 10/19 |
10/19 |
Practical constructions of
block
ciphers: SPNs and Feistel Networks; Double and Triple Encryption.
Meet in the middle attack. |
1, 2 |
7.2 (excluding 7.2.6) |
HW
8 due
10/26 Practice: key recovery |
10/26 |
Modular
Arithmitic; Group theory |
1, 2 |
(587: Chapter 8), 9.1.1 - 9.1.4, B.1, B.2.1 - B.2.3 |
HW 9 due 11/2 |
11/2 |
RSA assumption;
Discrete log
assumption; Diffie
Hellman, (587: One way
functions) |
1, 2, 3 |
9.2.1, 9.2.3, 9.2.4, 9.3.1, 9.3.2, 9.3.3 |
HW 10 due 11/9 |
11/9 |
Prime
order groups;
Concrete
parameters; CRHF
from Dlog; Key
Exchange
|
1, 2, 3, 4 pdf |
11.1 - 11.4 |
HW 11 due 11/16 |
11/16 |
Public
Key
Encryption; El
Gamal
encryption; RSA
Encryption; Hybrid Encryption |
1 pdf, 2
pdf, 3
pdf, 4 pdf |
12.1, 12.2.1, 12.4.1, 12.3.1, 12.2.2, 12.5.1, 12.5.2, 12.5.4 |
HW
12 due 11/30 |
11/23 |
break |
break |
break |
break |
11/30 |
Digital Signatures
(defs, constructions);
PKI; TLS |
23 pdf, 4 pdf, 5 pdf, 6 pdf |
6.5, 13.1-13.4, 13.6-13.7 |
|
12/7 |
Final exam: 4:30 - 7:15 |
Final exam: |
4:30 - 7:15 |
Final exam: 4:30 - 7:15 |