Course Description -

Cryptography provides a critical foundation upon which much of computer security is based. Cryptography is necessary to provide both integrity and confidentiality of the data that is exchanged in a computer network. There are many methods of encryption, and each has its strengths and weaknesses in terms of performance, security, and requirements for management of secret information used to hide or disclose information.

This course will provide an intensive overview of the field of cryptography, providing a historical perspective on early systems, building to the number theoretic foundations of modern day cryptosystems. Students will learn how cryptosystems are designed, and to match cryptosystems to the needs of an application. Students will also study basic cryptanalysis and will be presented with real life breaches of common cryptosystems so that they better understand the dangers that lurk in cryptosystem design and in the design of systems that rely on cryptography.

Relationships to CS 530 and CS 556
I have received many inquires regarding the difference between this class and the Cryptography class (CS 556).

CS 556 should be considered as an "advanced" cryptography class with emphasis on the theoretic side of cryptography. The Applied Cryptograph class is a more "introductory" cryptography class with emphasis on the applied side of cryptography (less emphasis on mathetical proofs). There will be some overlap between the Applied Cryptograph class and CS 530. This course is meant to be taken either concurrently or before CS 530.

Tentatively, starting in Fall of 2007, this course will be offered as CS 531.

Academic Integrity Policy
Please make sure you read the Academic Integrity Policy of this course.
Required: Optional:
  • S.Y. Yan, Number Theory for Computing, 2nd Edition, Springer, 2002.
    (If you are not comfortable with mathematics, this is a good book to start to get you warmed up.)
Syllabus / Topics Covered
The following schedule and topics are tentative and are subject to change without notice. (The Handbook of Applied Cryptography is denoted as HAC below.)
  • Wk 1-2: Overview of Cryptography (HAC Ch 1)
    • Introduction to various cryptographic concepts
    • Attacks
    • Security models
  • Wk 3: Pseudorandom Bits and Sequences (HAC Ch 5)
    • Normal and Chi-square distributions
    • Five basic statistical tests for randomness
    • Cryptographically secure pseudorandom bit generators
  • Wk 4-5: Stream Ciphers (HAC Ch 6)
    • LFSR (Linear Feedback Shift Register)
    • Non-linear FSR
    • Stream ciphers based on LFSR
    • RC4
  • Wk 6-7: Block Ciphers (HAC Ch 7)
    • Modes of operations
    • Classical ciphers and their cryptanalysis
    • DES
  • Wk 8: The AES Block Cipher (FIPS publication 197)
  • Wk 9: Public-key Parameters (HAC Ch 4)
    • Legendre and Jacobi symbols
    • Primality tests (Fermat.s test, Miller-Rabin test, AKS test)
    • Generating probable prime numbers
    • Generating provable prime numbers
  • Wk 10: Number-theoretic Reference Problems (HAC Ch 3)
    • Integer factorization
    • RSA problem
    • Diffie-Hellman problem
    • Square root modulo n problem
    • Discrete logarithm problem
  • Wk 11: Public-key Encryption (HAC Ch 8)
    • Chinese remainder theorem and residue number system
    • RSA public-key encryption
    • Diffie-Hellman key exchange
    • ElGamal public-key encryption
    • Rabin public-key encryption
  • Wk 12-13: Hash Functions and Data Integrity (HAC Ch 9)
    • MAC (message authentication code)
    • MDC (modification detection code)
    • One-way hash function
    • Collision resistant hash function
    • Yuval.s birthday attack
    • Breaks of hash functions
  • Wk 14: Digital Signatures (HAC Ch 11)
    • RSA signature scheme
    • Fiat-Shamir signature scheme
    • ElGamal signature scheme
    • One-time signature schemes
Academic Calendar
A link to the USC academic calendar is provided here for your convenience.
Most class related announcements will be done through e-mail via an e-mail reflector setup by the instructor. Please see instructions on how to get on this list (you should do this as soon as possible).

Please do not ask the following types of questions in your e-mail (although they are appropriate for office hours):

  • Here is my understanding of X. Am I right (or is this correct)?
    (You can do this for just about everything and in many different ways. I do not have the bandwidth to deal with too many questions like this.)

  • I don't understand X. Could you explain X to me?
    (It's your responsiblity to come to lectures and ask questions during lectures if there is something you do not understand.)
Lecture Slides from a Previous Semester
Lecture slides from Fall 2006 (CS 599) are provided below for your information. Our class may not follow these slides exactly.
There will be 6-8 homework assignments consisting of small programming assignments.
A midterm and a final examination will be given. The dates for these exams are posted near the top of the class home page. Any scheduling conflicts regarding the midterm exam date must be resolved with the instructor at least one week before the exam date. The date of the final examination is firm and cannot be changed.
The grading breakdown is as follows [BC: Modified 10/15/2007]:
Homeworks:   35%
Midterm Exam:   25%
Final Exam:   40%

Pleaes also note the following:

  • The above percentages will be used to calculate your total score. Final grades (A,B,C,D,or F) will be determined using a modified curve (i.e., we won't necessarily assign an equal number of failing grades as passing grades) based on this total score. No other methods will be considered. (So, please do not ask the instructor to take how much you have improved since the beginning of the semester into account. You are expected to try your best from the beginning!)

  • We will assign grades of C and below to individuals who do not perform satisfactorily in the above areas. (i.e., you should not assume a B- or even C if you perform unsatisfactorily.) However, we hope that everyone will perform well.

  • Your assignments are your own work! No group assignments are allowed or will be tolerated. You are free to talk to other students about assignments but no actual material (files, code fragments, etc.) should be shared. We will act harshly at any sign of copying.

  • We will not assign incompletes unless it is for a documented medical reason (in accordance with USC policy).
Late Policy
All homeworks must be turned in on time. Late submissions will receive severe penalties. Due to clock skews, electronic submissions of homework assignments will be accepted within 15 minutes after the specified deadlines without penalties. If you submit with the next 24 hours, you will receive 75% of your grade. You will receive a score of zero afterwards (and your assignment will not be graded).

If you are unable to complete a homework assignment due to illness or family emergency, please see the instructor as soon as possible to get an extension. A doctor's note is required as proof of illness or emergency. In general, when you get sick, it's best to see a doctor and get a note just in case you may need it later.

Regrading Policy
All requests to change grading of homework or exams must be submitted in writing within one week of the time the initial grade was given. Requests must be specific and explain why you feel your answer deserves additional credit. A request to re-grade an assignment can result in the entire assignment being re-evaluated and as a result the score of any part of the assignment be increased or lowered as appropriate.
Office Hours
The instructor's office hours are held twice a week for one hour each. If you are not available during the designated time for office hours, you are always welcome to make an appointment (and reserve a timeslot) to see the instructor.
Extra Credits
No extra credit assignments will be given for this class. So, there is not need to ask. Try your best from the beginning!
Class Newsgroup
Please use the social forum of the moodle for students-to-students discussions. The main purpose of this forum is for the students to discuss things about homeworks and lecture materials with each other. Students may not exchange answers here because it would violate academic integrity policy of USC. Posting of small code segments (no more than 5 lines) is allowed as long as it is meant to clarify discussions.

The instructor and the TA do not normally read this forum. Please do not post questions for them here.

Please make sure that you have read the Academic Integrity Policy of this course.

Implicit Student Agreement
All work including homeworks, programming assignments and exams must be that of the individual student. It is often productive to study with other students. However, if any portions of homeworks or programming assignments are found to be shared between two (or more) students, zero credit will be given to all students concerned and all students will be disciplined. This policy is in the interest of those students who do their own work, which hopefully applies to all of you in this class.

This policy also holds for programming assignments. In this class, we will use sophisticated automated program checkers to detect cheating. Be aware that the program checkers have demonstrated very good results and are widely used within the academic community. Any student caught cheating will be given zero credit and will be disciplined.

It is the students responsibility to submit their assignments in time.

There is no specific prerequisites for this course, but students are expected to be familiar with programming in C/C++ on the UNIX platform. No special assistance or consideration will be offered if your background is inadequate.

Student Responsibilities
During the semester you are responsible for completing the assigned readings, homeworks, programs, and exams.

You are expected to read all the papers in detail. Not all details will be covered in class.  We will assume knowledge of material covered in EE450 and a C language programming proficiency from CSci402 or its equivalent. If you covered the introductory material at some other school it is YOUR responsibility to fill in any missing background. Feel free to ask me for advice on appropriate introductory readings if you feel your background is insufficient.

We expect you to attend every class meeting. If you do happen to miss a session, you are responsible for finding out what material was covered and if any administrative announcements were made. You must do so BEFORE the next session (e.g., if there is an assignment given during the missed session, you are still responsible for completing it by the next week along with the other students).  You are advised to read the papers for a particular lecture before attending the lecture. This will greatly enhance your understanding of the subject matter.

The instructor must treat all students equally and cannot give special treatment to any particular student. Therefore, please do not ask special favors from the instructor because of your circumstances. This may seem unfair to you because you believe that your circumstances are special (understandably, everone does). But the rule the instructor must follow is that whatever he offers you, he must offer to the entire class.
Auditing is not permitted for this class.
Additional Resources
(The resources below are provided for your information. Please note that the instructor has not read most of them. Please use these resources at your own risk!)


  • C Programming (by Steve Holmes at the University of Strathclyde in Glasgow, England) - includes notes on make, separate compilation, file I/O, etc.
  • Makefile tutorial (at Indiana University)
  • C/C++ at USC from USC ISDWeb
  • Steve's Software Trek (by Steve Karg) - includes some useful C/C++ source code for string manipulation, INI file manipulation, etc.

   [Please see copyright regarding copying.]