CIS 800/002: Topics in Cryptography

This course is a research seminar on selected topics in cryptography, both applied and theoretical. A tentative list of topics includes:

Project Guidelines

For the research project, you should try to do something nontrivial but tractable. If you're more applied, an implementation or experiments are fine; if you're more theoretical, you can understand a difficult area or try to prove an extension of existing work. You will write a research report describing the papers you read, what you tried to do, and any results, in the format of a conference paper. 10-15 pages if you're working alone, 15-20 pages if you're working with a partner.

Tentative Schedule

	Topic	Readings	Hands-on Exploration
8/28	Introduction; practical cryptography overview: stream ciphers, block ciphers, hash functions Notes from lecture	Optional additional references: Katz & Lindell Ch. 2-4 Handbook of Applied Cryptography Ch. 1, Ch. 7, Ch. 9	When you visit a https web site, look at the connection and certificate information and make a note of what ciphers and key sizes are being used. Try installing Wireshark, capturing some of your traffic, and inspecting a few cryptographic protocols (https, ssh, etc.).
9/4	Practical cryptography overview continued: message authentication codes, public-key cryptography, digital signatures Notes from lecture	New directions in cryptography by Diffie and Hellman (1976) A method for obtaining digital signatures and public-key cryptography by Rivest, Shamir, and Adleman (1978) Optional additional references: Katz & Lindell Ch. 7,9,10,12 Jean Gallier's Notes on Public Key Cryptography and Primality Testing Handbook of Applied Cryptography Ch. 2.5, Ch. 3, Ch. 8, Ch. 11
9/11	Guest lecture: Brett Hemenway on oblivious transfer and multiparty computation Brett's slides
9/18	Factoring and discrete log algorithms Notes from lecture	A tale of two sieves by Pomerance (1996) (paper presentation by Chris K.) Optional further reading: Factoring integers with the number field sieve by Buhler, Lenstra, and Pomerance (1993) Factorization of a 768-bit RSA modulus by Kleinjung et al. (2010) Function Field Sieve Method for Discrete Logarithms over Finite Fields by Adleman and Huang (1999) A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic by Barbulescu, Gaudry, Joux, and Thomé (2013)	Install CADO-NFS and try your hand at factoring some large numbers.
9/25	How is SSL broken? Let us count the ways: MD5, BEAST, RC4... Notes from lecture Hamidhasan's presentation notes Hamidhasan's slides	MD5 to be considered harmful today by Sotirov, Stevens, Appelbaum, Lenstra, Molnar, Osvik, de Weger (2009) (paper presentation by Hamidhasan A.) Here come the xor ninjas by Duong and Rizzo (2011) On the security of RC4 in TLS by AlFardan, Bernstein, Paterson, and Schuldt (2013) Optional further reading: MD5 to be considered harmful someday by Kaminsky (2004) Counter-cryptanalysis by Stevens (2013)	Use HashClash to construct your own MD5 collision.
10/2	Side-channel attacks Notes from lecture	Introduction to differential power analysis by Kocher, Jaffe, Jun, and Rohatgi (2011) Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems by Kocher (1996) Remote timing attacks are practical by Brumely and Boneh (2003) (paper presentation by Antonis P.) Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1 by Bleichenbacher (1998) Optional further reading Differential power analysis by Kocher, Jaffe, and Jun (1999) Keyboard acoustic emanations revisited by Zhang, Zhou, and Tygar (2005) Cross-VM side channels and their use to extract private keys by Zhang, Juels, Reiter, and Ristenpart (2012) Remote timing attacks are still practical by Brumely and Tuveri (2011) Compression and information leakage of plaintext by Kelsey (2002) The CRIME attack by Rizzo and Duong (2012) Lest we remember: Cold boot attacks on encryption keys by Halderman, Schoen, Heninger, Clarkson, Paul, Calandrino, Feldman, Appelbaum, and Felten (2008)	Use a memory extracting tool to dump the contents of your RAM to a file. Then browse through it to see what you can find. You can try the strings utility or the tools here.
10/9	Random number generation; entropy failures	When Private Keys are Public: Results from the 2008 Debian OpenSSL Vulnerability by Yilek, Rescorla, Shacham, Enright, and Savage (2009) (paper presentation by Rafi R.) Mining your Ps and Qs: Detection of widespread weak keys by Heninger, Durumeric, Wustrow, and Halderman (2012) (paper presentation by Bekah O.)	Take a look at OpenSSL's random number generation code. Take a look at the Linux random number generation code.
10/16	Introduction to lattices Notes from lecture	The two faces of lattices in cryptology by Nguyen (2001) Optional additional references: Daniele Micciancio's lecture notes: Lecture 1 and 2 Oded Regev's lecture notes: Lecture 1	Install Sage and use it to explore lattices and lattice basis reduction algorithms.
10/23	Lattices and public-key cryptanalysis; Coppersmith's method Notes from lecture	Twenty years of attacks on the RSA cryptosystem by Boneh (paper presentation by Yang L.) Using LLL-reduction for solving RSA and factorization problems: A survey by May
10/30	Lattice-based cryptography Notes from lecture	Lattice-based cryptography by Miccancio and Regev (2008) (paper presentation by Justin H.) The learning with errors problem by Regev (2010) On ideal lattices and learning with errors over rings by Lyubashevsky, Peikert, and Regev (2010) (paper presentation by Kevin S.)
11/6	Fully-homomorphic encryption Notes from lecture	Homomorphic encryption from learning with errors: Conceputally-simpler, asymptotically-faster, attribute-based by Gentry, Sahai, and Waters (2013) (paper presentation by Kevin T.)
11/13	Polynomial lattices and error-correcting codes Notes from lecture	Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding by Cohn and Heninger (2011) (paper presentation by Arthur A.) Approximate common divisors via lattices by Cohn and Heninger (2012)
11/20	Privacy-enhancing technologies	Tor: The second-generation onion router by Dingledine, Mathewson, and Syverson (2004) (paper presentation by Harjot G.) Off-the-record communication, or, why not to use PGP by Borisov, Goldberg, and Brewer (2004) (paper presentation by Andrew R.) Bitcoin: A Peer-to-Peer Electronic Cash System by Nakamoto (2008) (paper presentation by Nikos V.)	Try using the Tor browser. Try using OTR.
11/27	No class; Thanksgiving schedule
12/4	Probably no class.

CIS 800/002, Fall 2013
Topics in Cryptography

Course Overview

Project Guidelines

Tentative Schedule

Additional Resources

CIS 800/002, Fall 2013 Topics in Cryptography

Course Overview

Project Guidelines

Tentative Schedule

Additional Resources

CIS 800/002, Fall 2013
Topics in Cryptography