Math 690 Fall 1999 MW 9:30-11 DRL 4E9

Math 690 Fall 1999, MW 9:30-11 DRL 4E9

Mathematical Foundations of Computer Security

Professor Andre Scedrov

Office: Room 4E6 in David Rittenhouse Laboratory
Telephone: eight five nine eight three ( Math. Dept. Office: eight eight one seven eight )
Fax: three four zero six three
E-mail: lastname at math
Office Hours: By appointment

Textbooks

"Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone. CRC Press, 1996. ISBN: 0-8493-8523-7.
"Cryptography: Theory and Practice" by Stinson. CRC Press, 1996, The Fourth Printing. ISBN: 0-8493-8521-0.

About This Course

"What is to distinguish a digital dollar when it is as easily reproducible as the spoken word? How do we converse privately when every syllable is bounced off a satellite and smeared over an entire continent? How should a bank know that it really is Bill Gates requesting from his laptop in Fiji a transfer of $100,000,.....,000 to another bank? Fortunately, the mathematics of cryptography can help. Cryptography provides techniques for keeping information secret, for determining that information has not been tampered with, and for determing who authored pieces of information." (From the Foreword by R. Rivest to the "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone.)

Topics

Overview of Cryptography, Mathematical Background, Number-Theoretic Reference Problems, Public-Key Parameters, Pseudorandom Numbers and Sequences, Public-Key Encryption, Hash Functions and Data Integrity, Identification and Entity Authentication, Digital Signatures, Key Establishment and Other Security Protocols, Formal Automated Analysis of Security Protocols, Key Management Techniques, Quantum Cryptography.

Further References

J.P. Anderson. Computer Security Technology Planning Study. ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206].
M. Bishop's History of Computer Security Web Site at UC Davis.
O. Goldreich. "Modern Cryptography, Probabilistic Proofs and Pseudo-randomness." Springer-Verlag, 1999. ISBN: 3-540-64766-X.
O. Goldreich. Foundations of Cryptography (Fragments of a Book).
B. Schneier. "Applied Cryptography : Protocols, Algorithms, and Source Code in C." John Wiley & Sons, 1995. ISBN: 0471117099.
Ron Rivest's Cryptography and Security Page at MIT.
The Cypherpunks Home Page at UC Berkeley.
Crypto FAQ site at RSA Security.
M. Matsui. Linear cryptanalysis method for DES cipher. In: Advances in Cryptology, Eurocrypt '93, Lecture Notes in Computer Science 765, pages 386-397, Springer-Verlag, 1993.
M. Matsui. The first experimental cryptanalysis of the data encryption standard. In: Advances in Cryptology, Crypto '94, Lecture Notes in Computer Science 839, pages 1-11, Springer-Verlag, 1994.
J. Clark and J. Jacob. A Survey of Authentication Protocol Literature. Version 1.0, November, 1997.
R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.
J.C. Mitchell, M. Mitchell, and U. Stern. Automated Analysis of Cryptographic Protocols Using Murphi, IEEE Symp. Security and Privacy, Oakland, 1997, pages 141-153.

In the news ...

CNN Interactive coverage on November 5, 1999 of DVD encryption hacked.

Topics Covered So Far

Basic Concepts of Cryptology, Substitution Ciphers, Permutation Ciphers, Vigenere Cipher, Rotor Machines, Attack Models, Needham-Schroeder Key Exchange Protocol.
Overview of Probability Theory: Probability Distribution, Random Variable, Conditional Probability, Bayes Theorem, Expected Value.
Symmetric Ciphers, Block Ciphers, One-Time Pad, Information-Theoretic Properties of One-Time Pad, Perfect Secrecy, Misuses of One-Time Pad, Malleability.
Stream Ciphers, Linear Feedback Shift Register, Golomb's Randomness Postulates, Linear Complexity, Non-linear Filters, Knapsack Keystream Generator.
Feistel Networks, Data Encryption Standard, S-boxes, Key Schedule, DES Properties, DES Modes of Operation, Message Authentication Code, Exhaustive Search Attack, Triple DES, DESX, Matsui's Linear Cryptanalysis of DES.
Public-Key Cryptography Overview, Merkle Puzzles.
Introduction to Number Theory: G.C.D., Euler's Phi Function, Fermat's Little Theorem and Euler's Generalization, Chinese Remainder Theorem, Modular Exponentiation by Repeated Squaring, Prime Factors of (b^n) - 1. Finite Fields, Existence of Generators, Polynomial Rings, Splitting Fields, Existence and Uniqueness of Finite Fields with Prime Power Number of Elements. Roots of Unity, Quadratic Residues, Legendre Symbol, Jacobi Symbol, Law of Quadratic Reciprocity, Computation of Square Roots Modulo p.
Diffie-Hellman Key Exchange, Person-in-the Middle Attack. Discrete Logarithm, Random Self-Reduction, Giant-Step Baby-Step Algorithm, Pohlig-Hellman Algorithm, ElGamal Public-Key Cryptosystem.
RSA Public-Key Cryptosystem, Attacks on RSA: Pollard's p - 1 Algorithm, Low Private Exponent, Low Public Exponent.
Digital Signatures, Selective Forgery, Existential Forgery, Signature Schemes Based on RSA: PKCS #1, Signature Schemes Based on Discrete Logarithm: ElGamal Signature Scheme, Digital Signature Standard.
Hash Functions, Preimage Resistance, Second Preimage Resistance, Collision Resistance, Compression Functions, Merkle-Damgard Iteration Construction, Cryptographic Message Authentication Code, Information-Theoretic Message Authentication Code.
Key Distribution and Authentication Protocols: TMN Protocol, Kerberos, Wide-Mouthed Frog, Woo-Lam, Yahalom.
Guest Lecture. Alfred Maneki: Strand Spaces.
Guest Lecture. Sylvan Pinsky: Secure Composition Problem.
Guest Lecture. Catherine Meadows: Formal Methods in the Analysis of Cryptographic Protocols.
Guest Lecture. James P. Anderson: 35 years of computer security "progress".
Probabilistic Tests for Primality: Solovay-Strassen Test, Miller-Rabin Test.

Take-Home Midterm Due in Class Monday, November 1

Stinson, pp. 39-40, Exercise 1.1 (b).
Stinson, p. 67, Exercises 2.1 and 2.3.
Stinson, pp. 110-111, Exercises 3.2, 3.3, 3.4, and 3.5.

This is a complete list of assignments due November 1.

Take-Home Final Exam Due in DRL 4E6 Wednesday, December 15 at 4 p.m.

Using the Fundamental Theorem of Arithmetic, prove that the product of (1 - 1/p) over all primes p is zero.
Prove that if (2^n) - 1 is a prime, then n is a prime, and if (2^n) + 1 is a prime, then n is a power of 2. The first type of prime is called a Mersenne prime, and the second type is called a Fermat prime.
Show that there exists a natural number N such that whenever p is a Fermat prime or a Mersenne prime, discrete logarithm in F_p is computable in O((log^N)(p)) bit operations. Show that this implies that breaking the Diffie-Hellman Key Exchange Protocol is easy for Fermat primes and Mersenne primes.
Stinson, pp. 159-160, Exercises 4.8 and 4.9.
Stinson, p. 230, Exercise 6.4.

This is a complete list of assignments due December 15.