This course offers an introduction to this fascinating subject. After a quick treatment of historic cryptographic schemes, we will set out the formal definitions to be able to investigate perfectly-secret and computationally-secure encryption, pseudorandomness, hash functions, and message authentication codes and block ciphers. While these primitives are referred to as symmetric-key primitives (because the involved parties use the same keys), another important class are public-key (or asymmetric) primitives which allow for public-key encryption and digital signatures. The most well-known example is the widely-used RSA system.
If time allows, we will cover more advanced cryptographic notions such as secret sharing, bit commitment, zero-knowledge and multi-party computation.
Over the last years, cryptography has been transformed from an ad-hoc collection of mysterious tricks into a rigorous science based on firm mathematical grounds. Our treatment will therefore be rather formal and precise in the mathematical definitions. In particular, this is NOT a course in computer security. You will not learn how to break or hack systems. We will not teach you "how to secure your system"; cryptography is only one aspect of security.
There will be material and research articles to read which are not in the book. Here is a useful list of other text books and references by Jon Katz.
There will be homework exercises every week, handed out after the Tuesday lecture, to be handed in one week later before the start of the next lecture session. The answers should be in English. If you can, please send your solutions to Joachim (firstname.lastname@example.org) (LaTeX-generated PDFs preferred, but readable scans of handwritten solutions are fine). Cooperation is allowed, but everyone has to hand in their own solution set in their own words.
Instead of a final exam, students are required to study a research paper about a topic not covered in class and give a 30-minute presentation (20 minutes talk, 10 minutes questions) to the class in the week of 5 December. A list of possible topics is now online. For help in understanding the paper and preparing the presentation, students will have individual meetings with Joachim or Christian.
The final grade for the course consists by 2/3 of the average homework grade (ignoring the worst 2 grades) and 1/3 of the grade given for the final presentation.
Questions about the material are always welcome, and should be sent to Joachim.
Overview of the course, historical crypto systems
Chapter 1 of [KL] (available online).
Perfectly-Secure Encryption, Shannon's theorem
Chapter 2 of [KL]
Computationally Secure Private-Key Encryption and Pseudorandomness
Chapters 3.1-3.4 of [KL]
Pseudorandom Functions and Chosen-Plaintext Security
rest of Chapter 3 of [KL]
Message Authentication Codes, CBC-MAC and CCA encryption
Chapters 4.1-4.5 and 4.9 of [KL]
Collision-Resistant Hash Functions, Merkle-Damgaard construction, Application to MACs
rest of Chapter 4 of [KL]
Practical Block Ciphers: DES and AES
Chapter 5 of [KL]
midterm break: time to relax and enjoy reading
New Directions in Cryptography by Whitfield Diffie and Martin Hellman, 1976.
Private-Key Management and the Public-Key Revolution
Chapter 9 of [KL]
Algorithmic Number Theory
Chapters 7 and 8 of [KL]
Chapter 10 in [KL] (except of Section 10.5, El Gamal)
Homomorphic Public-Key Encryption: El Gamal and Paillier Encryption
Sections 10.5 and 11.3 in [KL]
Digital Signature Schemes: Definitions, RSA Full-Domain Hash,
Sections 12.1-12.3, 13.3, 12.8 in [KL]
|Tuesday, 6 Dec||Student presentations (topics & schedule)|
|Thursday, 8 Dec||Student presentations (topics & schedule). We begin at 10:30!|
|13 Dec||No class, no exercises this week. Please hand in the homework by e-mail.|
|end of semester|