## Professor Andre Scedrov

Office: Room 4E6 in David Rittenhouse Laboratory
Telephone: eight five nine eight three ( Math. Dept. Office: eight eight one seven eight )
Fax: three four zero six three
E-mail: lastname at math
Office Hours: By appointment

"What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of \$100,000,.....,000 to another bank? Fortunately, the mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information has not been tampered with, and for determing who authored pieces of information." (From the Foreword by R. Rivest to the "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone.)

This course for graduate students and advanced undergraduates will discuss security protocol design and analysis and the related areas of cryptography.

## Topics Covered

Overview of Probability Theory: Probability Distribution, Random Variable, Conditional Probability, Bayes Theorem, Expected Value.

Basic Concepts of Cryptology: Substitution Ciphers, Permutation Ciphers, Vigenere Cipher, Rotor Machines, Attack Models. Symmetric Ciphers, Block Ciphers, One-Time Pad, Information-Theoretic Properties of One-Time Pad, Perfect Secrecy, Misuses of One-Time Pad, Malleability. Stream Ciphers, Linear Feedback Shift Register, Golomb's Randomness Postulates, Linear Complexity, Non-linear Filters, Knapsack Keystream Generator.

Introduction to Number Theory: Congruences, Chinese Remainder Theorem, Fermat's Little Theorem, Euler's Theorem, Modular Exponentiation by Repeated Squaring, Special Cases of Factoring. Finite Fields. Quadratic Residues and Reciprocity.

Diffie-Hellman Key Exchange Protocol. Discrete Logarithm. Security of Diffie-Hellman Key Exchange Protocol. Attacks. RSA Public-Key Cryptosystem. One-Way Functions. Attacks on RSA. ElGamal Public-Key Cryptosystem.

Digital Signatures. Attack Models. RSA-based Signatures. Signatures Based on Discrete Logarithm.

Non-keyed has functions. Birthday paradox. Iteration lemma. Keyed hash functions. Message authentication code (MAC). Universal hash functions.

Network security protocols. Needham-Schroeder public-key exchange protocol. Lowe anomaly. Dolev-Yao symbolic model. Multiset-rewriting formalism. Undecidability of secrecy for network security protocols.

Kerberos authentication protocol. Cross-realm extension of Kerberos. Public-key extension of Kerberos, PKINIT. Identity misbinding attack on PKINIT.

Contract-signing protocols. Fairness.

Formal encryption. Computational soundness and completeness.

## Take-Home Midterm Due in Class in Hardcopy on Wednesday, October 26

• Exercise 1.4abc on p. 28 of Katz-Lindell.
• Exercise 1.5 on p. 28 of Katz-Lindell.
• Exercise 1.6 on p. 28 of Katz-Lindell.
• Exercise 2.3 on p. 41 of Katz-Lindell.
• Exercise 2.4 on p. 41 of Katz-Lindell.
• Exercise 2.5 on p. 41 of Katz-Lindell.
• Exercise 7.5 on p. 294 of Katz-Lindell.
• Exercise 7.6 on p. 294 of Katz-Lindell.
• Exercise 7.8 on p. 294 of Katz-Lindell.
• Exercise 7.10 on p. 294 of Katz-Lindell.
• Exercise 7.11abc on pp. 294-295 of Katz-Lindell.
• Exercise 7.14 on p. 295 of Katz-Lindell. Assume d <= phi(N).
• Prove that if (2^n) - 1 is a prime, then n is a prime, and if (2^n) + 1 is a prime, then n is a power of 2. The first type of prime is called a Mersenne prime, and the second type is called a Fermat prime.
This is the complete set of problems for take-home midterm due in class on Wednesday, October 26, 2011.

## Take-Home Final Due in Hardcopy in DRL 4E6 on Monday, December 19 at 10 a.m.

• Five-page written report on one of the following two topics:
• Transport Layer Security (TLS) protocol.
• IKEv2 Internet Key Exchange protocol.
• Exercise 10.11 on p. 381 of Katz-Lindell.
• Exercise 10.13 on p. 382 of Katz-Lindell.
• Exercise 10.14 on p. 382 of Katz-Lindell.
• Exercise 11.12 on p. 420 of Katz-Lindell.
• Exercise 12.3 on p. 454 of Katz-Lindell.
This is the complete set of problems for take-home final exam due at 10 a.m. in DRL 4E6 on Monday, December 19, 2011.