Math 690 Fall 1999, MW 9:30-11 DRL 4E9
Mathematical Foundations of Computer Security
Office: Room 4E6 in David Rittenhouse Laboratory
Telephone: eight five nine eight three
( Math. Dept. Office: eight eight one seven eight )
Fax: three four zero six three
E-mail: lastname at math
Office Hours: By appointment
- "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone.
CRC Press, 1996. ISBN: 0-8493-8523-7.
- "Cryptography: Theory and Practice" by Stinson. CRC Press, 1996,
The Fourth Printing. ISBN: 0-8493-8521-0.
About This Course
"What is to distinguish a digital dollar when it is as easily reproducible
as the spoken word? How do we converse privately when every syllable is
bounced off a satellite and smeared over an entire continent? How should a
bank know that it really is Bill Gates requesting from his laptop in Fiji
a transfer of $100,000,.....,000 to another bank? Fortunately, the
mathematics of cryptography can help. Cryptography provides techniques
for keeping information secret, for determining that information has not
been tampered with, and for determing who authored pieces of information."
(From the Foreword by R. Rivest to the "Handbook of Applied Cryptography"
by Menezes, van Oorschot, and Vanstone.)
Overview of Cryptography, Mathematical Background, Number-Theoretic
Reference Problems, Public-Key Parameters, Pseudorandom Numbers and Sequences,
Public-Key Encryption, Hash Functions and Data Integrity, Identification
and Entity Authentication, Digital Signatures, Key Establishment and Other
Security Protocols, Formal Automated Analysis of Security Protocols,
Key Management Techniques, Quantum Cryptography.
J.P. Anderson. Computer Security Technology Planning Study.
ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972)
[NTIS AD-758 206].
M. Bishop's History of Computer Security Web Site at UC Davis.
- O. Goldreich. "Modern Cryptography, Probabilistic Proofs and
Pseudo-randomness." Springer-Verlag, 1999. ISBN: 3-540-64766-X.
O. Goldreich. Foundations of Cryptography (Fragments of a Book).
- B. Schneier. "Applied Cryptography : Protocols, Algorithms, and Source
Code in C." John Wiley & Sons, 1995. ISBN: 0471117099.
Ron Rivest's Cryptography and Security Page at MIT.
The Cypherpunks Home Page at UC Berkeley.
Crypto FAQ site at RSA Security.
- M. Matsui. Linear cryptanalysis method for DES cipher.
In: Advances in Cryptology, Eurocrypt '93, Lecture Notes in Computer
Science 765, pages 386-397, Springer-Verlag, 1993.
- M. Matsui. The first experimental cryptanalysis of the
data encryption standard. In: Advances in Cryptology, Crypto '94,
Lecture Notes in Computer Science 839, pages 1-11, Springer-Verlag, 1994.
J. Clark and J. Jacob. A Survey of Authentication Protocol Literature.
Version 1.0, November, 1997.
- R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic
Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.
J.C. Mitchell, M. Mitchell, and U. Stern. Automated Analysis of Cryptographic
Protocols Using Murphi, IEEE Symp. Security and Privacy, Oakland, 1997, pages
In the news ...
Topics Covered So Far
- Basic Concepts of Cryptology, Substitution Ciphers, Permutation Ciphers,
Vigenere Cipher, Rotor Machines, Attack Models, Needham-Schroeder Key Exchange
- Overview of Probability Theory: Probability Distribution, Random Variable,
Conditional Probability, Bayes Theorem, Expected Value.
- Symmetric Ciphers, Block Ciphers, One-Time Pad, Information-Theoretic
Properties of One-Time Pad, Perfect Secrecy, Misuses of One-Time Pad,
- Stream Ciphers, Linear Feedback Shift Register, Golomb's Randomness
Postulates, Linear Complexity, Non-linear Filters, Knapsack Keystream
- Feistel Networks, Data Encryption Standard, S-boxes, Key Schedule,
DES Properties, DES Modes of Operation, Message Authentication Code,
Exhaustive Search Attack, Triple DES, DESX, Matsui's Linear Cryptanalysis
- Public-Key Cryptography Overview, Merkle Puzzles.
- Introduction to Number Theory:
G.C.D., Euler's Phi Function, Fermat's Little Theorem and Euler's
Generalization, Chinese Remainder Theorem, Modular Exponentiation by
Repeated Squaring, Prime Factors of (b^n) - 1. Finite Fields,
Existence of Generators, Polynomial Rings, Splitting Fields, Existence
and Uniqueness of Finite Fields with Prime Power Number of Elements.
Roots of Unity, Quadratic Residues, Legendre Symbol, Jacobi Symbol,
Law of Quadratic Reciprocity, Computation of Square Roots Modulo p.
- Diffie-Hellman Key Exchange, Person-in-the Middle Attack. Discrete
Logarithm, Random Self-Reduction, Giant-Step Baby-Step Algorithm,
Pohlig-Hellman Algorithm, ElGamal Public-Key Cryptosystem.
- RSA Public-Key Cryptosystem, Attacks on RSA: Pollard's p - 1
Algorithm, Low Private Exponent, Low Public Exponent.
- Digital Signatures, Selective Forgery, Existential Forgery,
Signature Schemes Based on RSA: PKCS #1, Signature Schemes Based on Discrete
Logarithm: ElGamal Signature Scheme, Digital Signature Standard.
- Hash Functions, Preimage Resistance, Second Preimage Resistance,
Collision Resistance, Compression Functions, Merkle-Damgard Iteration
Construction, Cryptographic Message Authentication Code, Information-Theoretic
Message Authentication Code.
- Key Distribution and Authentication Protocols: TMN Protocol, Kerberos,
Wide-Mouthed Frog, Woo-Lam, Yahalom.
- Guest Lecture. Alfred Maneki: Strand Spaces.
- Guest Lecture. Sylvan Pinsky: Secure Composition Problem.
- Guest Lecture. Catherine Meadows: Formal Methods in
the Analysis of Cryptographic Protocols.
- Guest Lecture. James P. Anderson: 35 years of computer security
- Probabilistic Tests for Primality: Solovay-Strassen Test, Miller-Rabin
Take-Home Midterm Due in Class Monday, November 1
This is a complete list of assignments due November 1.
- Stinson, pp. 39-40, Exercise 1.1 (b).
- Stinson, p. 67, Exercises 2.1 and 2.3.
- Stinson, pp. 110-111, Exercises 3.2, 3.3, 3.4, and 3.5.
Take-Home Final Exam Due in DRL 4E6 Wednesday, December 15 at 4 p.m.
This is a complete list of assignments due December 15.
- Using the Fundamental Theorem of Arithmetic, prove that the product
of (1 - 1/p) over all primes p is zero.
- Prove that if (2^n) - 1 is a prime, then n is a prime,
and if (2^n) + 1 is a prime, then n is a power of 2.
The first type of prime is called a Mersenne prime, and the second type
is called a Fermat prime.
- Show that there exists a natural number N such that
whenever p is a Fermat prime or a Mersenne prime,
discrete logarithm in F_p is computable in O((log^N)(p))
bit operations. Show that this implies that breaking the Diffie-Hellman
Key Exchange Protocol is easy for Fermat primes and Mersenne primes.
- Stinson, pp. 159-160, Exercises 4.8 and 4.9.
- Stinson, p. 230, Exercise 6.4.