This course for graduate students and advanced undergraduates will discuss security protocol design and analysis and the related areas of cryptography.

- "Cryptography: Theory and Practice. Third Edition" by Stinson. Chapman & Hall/CRC, 2005. ISBN: 1584885084.

- "Foundations of Cryptography: Volume 1, Basic Tools" by Goldreich. Cambridge University Press, 2001. ISBN: 0521791723.
- O. Goldreich. Foundations of Cryptography - Volume 2.
- R. Focardi, R. Gorrieri (Eds.) Foundations of Security Analysis and Design. Tutorial Lectures. Springer Lecture Notes in Computer Science, Volume 2171, 2001. ISBN 3-540-42896-8.
- "Handbook of Applied Cryptography" by Menezes, van Oorschot, and Vanstone. CRC Press, Fifth Printing, 2001. ISBN: 0-8493-8523-7.
- Goldwasser-Bellare lecture notes on cryptography at MIT.
- Dodis cryptography lecture notes at NYU.
- J. Clark and J. Jacob. A Survey of Authentication Protocol Literature. Version 1.0, November, 1997.
- R. Kemmerer, C. Meadows, and J. Millen. Three Systems for Cryptographic Protocol Analysis. Journal of Cryptology, Vol. 7, no. 2, 1994.
- Kerberos: The Network Authentication Protocol.
- The Kerberos Network Authentication Service (V5) Internet Draft.
- F. Butler, I. Cervesato, A. Jaggard, and A. Scedrov. A formal analysis of some properties of Kerberos 5 using MSR. In: S. Schneider, ed., 15-th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June, 2002. IEEE Computer Society Press, 2002, pp. 175-190. Preliminary version [.pdf].
- The TLS Protocol Version 1.0 RFC 2246.
- The SSL Protocol Version 3.0 Internet Draft.
- D. Wagner and B. Schneier. Analysis of the SSL 3.0 Protocol.
- J. Mitchell, V. Shmatikov, and U. Stern. Finite-State Analysis of SSL 3.0.
- J.C. Mitchell, M. Mitchell, and U. Stern. Automated Analysis of Cryptographic Protocols Using Murphi, IEEE Symp. Security and Privacy, Oakland, 1997, pages 141-153.
- J.P. Anderson. Computer Security Technology Planning Study. ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206].
- M. Bishop's History of Computer Security Web Site at UC Davis.
- O. Goldreich. "Modern Cryptography, Probabilistic Proofs and Pseudo-randomness." Springer-Verlag, 1999. ISBN: 3-540-64766-X.
- Ron Rivest's Cryptography and Security Page at MIT.
- The Cypherpunks Home Page at UC Berkeley.
- Crypto FAQ site at RSA Security.

- Exercise 1.5 on p. 39 of Stinson.
- Exercise 1.16ab on p. 40 of Stinson.
- Exercise 1.18 on p. 40 of Stinson.
- Exercise 1.26 on p. 43 of Stinson.
- Exercise 1.29ab on p. 44 of Stinson.
- Exercise 2.2 on p. 70 of Stinson.
- Prove that the Caesar cipher does not have perfect secrecy.

- Prove that if
*(2^n) - 1*is a prime, then*n*is a prime, and if*(2^n) + 1*is a prime, then*n*is a power of*2*. The first type of prime is called a Mersenne prime, and the second type is called a Fermat prime. - Using the Fundamental Theorem of Arithmetic, prove that
the product of
*(1 - 1/p)*over all primes*p*is zero. - Exercise 5.3c on p. 226 of Stinson.
- Exercise 5.7 on p. 226 of Stinson.
- Exercise 5.8 on p. 226 of Stinson.
- Exercise 5.10 on p. 226 of Stinson.
- Exercise 5.12 on p. 227 of Stinson.
- Exercise 5.13 on p. 227 of Stinson.
- Exercise 5.14 on p. 228 of Stinson.
- Exercise 5.15ab on pp. 228-229 of Stinson.
- Exercise 5.16ab on pp. 229-230 of Stinson.
- Exercise 5.20 on p. 230 of Stinson.

- Exercise 4.6 on p. 157 of Stinson.
- Exercise 4.9ab on p. 157 of Stinson.
- Exercise 4.10 on pp. 157-158 of Stinson.
- Exercise 5.25 on p. 231 of Stinson.
- Exercise 5.32 on p. 232 of Stinson.
- Exercise 6.12 on pp. 277-278 of Stinson.