Math 690 Fall 2000, MW 121:30 DRL 4C8
Mathematical Foundations of Computer Security
Office: Room 4E6 in David Rittenhouse Laboratory
Telephone: eight five nine eight three
( Math. Dept. Office: eight eight one seven eight )
Fax: three four zero six three
Email: lastname at math
Office Hours: By appointment
Textbooks
 "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone.
CRC Press, 1996. ISBN: 0849385237.
 "Cryptography: Theory and Practice" by Stinson. CRC Press, 1996,
The Fourth Printing. ISBN: 0849385210.
About This Course
"What is to distinguish a digital dollar when it is as easily reproducible
as the spoken word? How do we converse privately when every syllable is
bounced off a satellite and smeared over an entire continent? How should a
bank know that it really is Bill Gates requesting from his laptop in Fiji
a transfer of $100,000,.....,000 to another bank? Fortunately, the
mathematics of cryptography can help. Cryptography provides techniques
for keeping information secret, for determining that information has not
been tampered with, and for determing who authored pieces of information."
(From the Foreword by R. Rivest to the "Handbook of Applied Cryptography"
by Menezes, van Oorschot, and Vanstone.)
This course will be followed by a course on Advanced Topics
in Mathematical Foundations of Computer Security, Math 691,
in Spring 2001.
Topics
Basic Concepts of Cryptology, Substitution Ciphers, Permutation Ciphers,
Vigenere Cipher, Rotor Machines, Attack Models, NeedhamSchroeder Key Exchange
Protocol.Overview of Probability Theory: Probability Distribution, Random
Variable, Conditional Probability, Bayes Theorem, Expected Value.
Symmetric Ciphers, Block Ciphers, OneTime Pad, InformationTheoretic
Properties of OneTime Pad, Perfect Secrecy, Misuses of OneTime Pad,
Malleability. Stream Ciphers, Linear Feedback Shift Register, Golomb's
Randomness Postulates, Linear Complexity, Nonlinear Filters, Knapsack
Keystream Generator. Feistel Networks, Data Encryption Standard, Sboxes,
Key Schedule, DES Properties, DES Modes of Operation, Message Authentication
Code, Exhaustive Search Attack, Triple DES, DESX, Matsui's Linear Cryptanalysis
of DES. PublicKey Cryptography Overview, Merkle Puzzles.
Introduction to Number Theory: Modular Exponentiation by
Repeated Squaring, Prime Factors of (b^n)  1, Finite Fields,
Roots of Unity, Quadratic Residues, Legendre Symbol, Jacobi Symbol,
Law of Quadratic Reciprocity, Computation of Square Roots Modulo p,
Probabilistic Tests for Primality: SolovayStrassen Test, MillerRabin Test.
DiffieHellman Key Exchange, Personinthe Middle Attack. Discrete
Logarithm, Random SelfReduction, GiantStep BabyStep Algorithm,
PohligHellman Algorithm, ElGamal PublicKey Cryptosystem.
RSA PublicKey Cryptosystem, Attacks on RSA: Pollard's p  1
Algorithm, Low Private Exponent, Low Public Exponent.
Digital Signatures, Selective Forgery, Existential Forgery,
Signature Schemes Based on RSA: PKCS #1, Signature Schemes Based on Discrete
Logarithm: ElGamal Signature Scheme, Digital Signature Standard.
Hash Functions, Preimage Resistance, Second Preimage Resistance,
Collision Resistance, Compression Functions, MerkleDamgard Iteration
Construction, Cryptographic Message Authentication Code, InformationTheoretic
Message Authentication Code. Key Distribution and Authentication Protocols:
TMN Protocol, Kerberos, WideMouthed Frog, WooLam, Yahalom.
Formal Methods in the Analysis of Cryptographic Protocols.
Further References

J.P. Anderson. Computer Security Technology Planning Study.
ESDTR7351, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972)
[NTIS AD758 206].

M. Bishop's History of Computer Security Web Site at UC Davis.
 O. Goldreich. "Modern Cryptography, Probabilistic Proofs and
Pseudorandomness." SpringerVerlag, 1999. ISBN: 354064766X.

O. Goldreich. Foundations of Cryptography (Fragments of a Book).
 B. Schneier. "Applied Cryptography : Protocols, Algorithms, and Source
Code in C." John Wiley & Sons, 1995. ISBN: 0471117099.

Ron Rivest's Cryptography and Security Page at MIT.

The Cypherpunks Home Page at UC Berkeley.

Crypto FAQ site at RSA Security.
 M. Matsui. Linear cryptanalysis method for DES cipher.
In: Advances in Cryptology, Eurocrypt '93, Lecture Notes in Computer
Science 765, pages 386397, SpringerVerlag, 1993.
 M. Matsui. The first experimental cryptanalysis of the
data encryption standard. In: Advances in Cryptology, Crypto '94,
Lecture Notes in Computer Science 839, pages 111, SpringerVerlag, 1994.

J. Clark and J. Jacob. A Survey of Authentication Protocol Literature.
Version 1.0, November, 1997.
 R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic
Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.

J.C. Mitchell, M. Mitchell, and U. Stern. Automated Analysis of Cryptographic
Protocols Using Murphi, IEEE Symp. Security and Privacy, Oakland, 1997, pages
141153.
In the news ...
TakeHome Midterm Due in DRL 4E6 on Monday, November 6 at 4 p.m.
 Stinson, pp. 3940, Exercises 1.1 (b) and (d).
 Stinson, pp. 6769, Exercises 2.1, 2.3, 2.4, 2.15, 2.16, and 2.17.
 Stinson, pp. 110111, Exercises 3.1, 3.2, 3.3, 3.4, and 3.5.
This is a complete list of assignments due November 6, 2000.
TakeHome Final Exam Due in DRL 4E6 Tuesday, December 19 at 4 p.m.
 Using the Fundamental Theorem of Arithmetic, prove that the product
of (1  1/p) over all primes p is zero.
 Prove that if (2^n)  1 is a prime, then n is a prime,
and if (2^n) + 1 is a prime, then n is a power of 2.
The first type of prime is called a Mersenne prime, and the second type
is called a Fermat prime.
 Show that there exists a natural number N such that
whenever p is a Fermat prime or a Mersenne prime,
discrete logarithm in F_p is computable in O((log^N)(p))
bit operations. Show that this implies that breaking the DiffieHellman
Key Exchange Protocol is easy for Fermat primes and Mersenne primes.
 Stinson, pp. 159160, Exercises 4.8 and 4.9.
 Stinson, p. 230, Exercise 6.4.
This is a complete list of assignments due December 19, 2000.