|
|
Applied Cryptography -
CSCI 531, Spring 2014
|
|
General Information
|
-
Time |
: |
MW 9:30am - 10:50am |
Location |
: |
OHE 120 |
Instructor |
: |
Bill Cheng
(for office hours, please see
instructor's web page),
E-mail:
<bill.cheng@usc.edu>.
(Please do not send HTML-only e-mails. They will not be read.)
|
TA |
: |
(none)
|
Grader |
: |
Xiang Li,
E-mail:
<xli101@usc.edu>.
(The grader will hold office hours the week after the announcement of each assignment's grades.)
|
Midterm Exam |
: |
during class, Wed, 3/12/2014 (firm) |
Final Exam |
: |
8am-10am, Fri, 5/9/2014 (firm)
|
|
|
Class Resources
|
-
Description |
: |
textbooks, topics covered, grading policies, additional resources, etc.
|
Papers |
: |
required technical papers
|
Lectures |
: |
slides from lectures in HTML and PDF formats
|
Participation |
: |
rules about roll calls.
|
Homeworks |
: |
homework assignments
(please also see important information about programming assignments
at the bottom of this page.)
|
Newsgroup |
: |
Google Group for discussing
course materials and programming assignments. You are required to be
a member of this group. (This group is by invitation only.)
|
|
|
News
|
(in reversed chronological order)
- 9/16/2014: Ernst & Young, one of the major accounting firm in the country
will be recruiting on campus this week. They sent me an announcement
to be forwarded to my classes. Please take a look at the requirements if you are
interested. (Please note that I'm not affiliated with them.)
- 4/30/2014: The final exam will be closed book,
closed notes, and closed everything, except
for a single "crib sheet / cheat sheet". (You can write or print whatever
you want on it on both sides of the cheat sheet. Magnifying glasses are
not allowed, so don't print too small! You will be required
to turn in the cheat sheet together with the exam paper.)
Also, no calculators, cell phones, or any electronic gadgets are allowed.
Please bring a photo ID. Your ID will be collected at the beginning
of the exam and will be returned to you when you turn in your
exam. There will be assigned seating.
The final exam will cover everything from math background for AES
(slide 13 of lecture 13)
to the end of the last lecture.
Here is a quick summary of the topics (not all topics covered are listed):
- Block Ciphers
- AES
- math for Rijndael
- xtime()
- multiplication in GF(28)
- multiplicative inverse in GF(28)
- extended Euclidean algorithm
- table method
- multiplication of polynomials with coefficients in
GF(28)
- components and structure of Rijndael
- SubBytes() and InvSubBytes()
- ShiftRows() and InvShiftRows()
- MixColumns() and InvMixColumns()
- AddRoundKey()
- key expansion
- equivalent inverse cipher
- security of Rijndael
- Generating Primes
- math background
- quadratic residue
- square root
- Legendre and Jacobi symbols
- pseudosquares
- Blum integers
- integer factorization
- Pollard's rho factoring algorithm
- primality proving algorithms
- using the factorization of n-1
- Pocklington's theorem
- probabilistic primality tests
- Fermat's test
- Carmichael number
- Solovey-Strassen test
- Miller-Rabin test
- generating probable primes
- RANDOM-SEARCH(k,t)
- incremental search
- generating provable primes
- Public-key Encryption
- background
- extended Euclidean algorithm
- modular exponentiation algorithm
- Chinese remainder theorem
- residue number system
- Garner's algorithm
- RSA
- the RSA problem
- key generation
- security of RSA
- small exponent problem
- forward search attack
- multiplicative properties
- common modulus attack
- cycling attack
- message concealing
- Diffie-Hellman
- the Diffie-Hellman problem
- ElGamal
- key generation
- encryption/decryption
- randomized encryption
- Rabin
- key generation
- encryption/decryption
- finding square roots
- Pseudorandom Bit Generators
- linear congruential generator
- polynomial-time statistical tests
- statistics background
- normal distribution
- chi-square distribution
- five basic tests
- frequency (mono-bit) test
- serial (two-bit) test
- poker test
- runs test
- autocorrelation test
- cryptographically secure PRBG
- RSA pseudorandom bit generator
- Blum-Blum-Shub pseudorandom bit generator
- Stream Ciphers
- synchronous vs. self-synchronizing stream ciphers
- LFSR
- connection polynomial
- linear complexity
- Berlekamp-Massey algorithm
- Non-linear FSR
- Stream ciphers based on LFSRs
- Geffe generator
- correlation attacks and correlation immunity
- summation generator
- non-linear filter generator and knapsack generator
- clock controlled generators
- alternating step generator
- shrinking generator
- Stream ciphers not based on LFSRs
- RC4 (FMS attack excluded)
- SEAL
- Hash Functions
- keyed hash functions
- unkeyed hash functions
- hash function properties
- compression
- ease of computation
- preimage resistance
- 2nd-preimage resistance
- collision resistance
- computational resistance for MACs
- Yuval's birthday attack
- one-way functions
- compression functions
- DES-based one-way functions
- other one-way functions
- iterated hash functions
- Merkle's meta-method for hashing
- Merkle Damgard strengthening
- padding
- unkeyed hash functions
- single-length and double-length MDCs
- MD5
- MD5 & SHA-1 seriously broken
- keyed hash functions
- HW6, HW7
- 4/28/2014: Office hour tomorrow (Tuesday, 4/29/2014) has been moved to 1:40pm - 2:40pm.
Sorry about the inconvenience.
- 4/13/2014: Office hour tomorrow (Monday, 4/14/2014) will only be half an hour long and.
it will go from 1:30pm to 2:00pm. Sorry about the inconvenience.
- 4/2/2014: Office hour tomorrow (Thursday, 4/3/2014) will be cut to only half an hour.
It will go from 12:40pm to 1:10pm. Sorry about the inconvenience.
- 3/5/2014: Office hour today has been moved to 1:30pm - 2:25pm.
Sorry about the inconvenience.
- 3/4/2014: Article about bug in GnuTLS library (used to implement SSL but mostly used in Linux systems).
This one is similar to the Apple bug! (Thanks to Sreenarayan Ashokkumar for forwarding this article to me.)
- 3/3/2014:
The midterm exam will be closed book,
closed notes, and closed everything (and no "cheat sheet").
Also, no calculators, cell phones, or any electronic gadgets are allowed.
Please bring a photo ID. Your ID will be collected at the beginning
of the exam and will be returned to you when you turn in your
exam. There will be assigned seating.
The midterm exam will cover everything from the beginning of the
semester till the end of DES
(slide 12 of lecture 13 on 3/3/2014).
Here is a quick summary of the topics (not all topics covered are listed):
- overview
- functions
- bi-jections and inverses
- one-way functions and trapdoor one-way functions
- permutations
- encryption schemes
- max number of permutations
- model of communication and channels
- types of adversaries
- types of cryptanalysis
- symmetric-key encryption
- model of communication and channels
- block ciphers
- substitution ciphers
- mono-alphabetic substitution cipher
- homophonic substitution cipher
- polyalphabetic substitution cipher
- transposition ciphers
- composition of ciphers and product ciphers
- stream ciphers
- Vernam ciphers and one-time pad
- key space issues
- digital signatures
- signing and verification transformations
- authentication and identification
- entity vs. data origina authentication
- public-key cryptography
- necessity of authentication
- digital signature from reversible public-key encryption
- cryptographic hash functions
- one-wayness
- weak collision-resistance
- strong collision-resistance
- keyed vs. unkeyed hash functions
- protocols and mechanisms
- key management
- symmetric-key and trusted third party
- public-key and certificate authority
- attacks
- ciphertext-only
- known-plaintext
- chosen-plaintext
- chosen-ciphertext
- security models
- unconditional security
- complexity-theoretic security
- provable security
- computational security
- ad hoc security
- block ciphers
- classical ciphers
- simple transposition ciphers
- mono-alphabetic substitution cipher
- polygram substitution cipher
- homophonic substitution cipher
- cryptographic codes
- polyalphabetic substitution cipher
- Vigenere cipher and variants
- Jefferson cylinders and rotors and the Enigma machine
- cryptanalysis of classical ciphers
- language statistics
- method of Kasiski
- index of coincidences (auto-correlation only) [BC: updated 3/9/2014]
- block cipher analysis
- True Random Cipher
- complexity of attacks
- birthday paradox
- modes of operation
- cascade cipher and multiple encryption
- meet-in-the-middle attacks
- known-plaintext unicity distance
- attacks on multiple encryption
- DES
- product ciphers
- Fiestel
- DES algorithm
- DES key scheduling
- DES properties
- DES weak and semi-weak keys
- cryptanalysis of DES
- HW1, HW2, HW4
- 2/26/2014: Article about Apple not testing its implementation of SSL properly.
Here's the actual bug.
- 1/10/2014:
- In case you did not hear the user ID and password for accessing protected
area of this web site during the first lecture, please visit the
request access page after
semester starts and submit the requested information.
(You do not have to be registered for the course to get the password.
You just need to have an USC e-mail address.)
- Watch this area for important announcements.
|
|
Prerequisites
|
CS 102L (Data Structures) or graduate standing. It is assumed that
you know how to write programs in C/C++, and how to debug them and
make them work correctly.
|
|
Important
Information about Programming Assignments
|
All homework assignments are programming assignments to be done in C/C++.
No other programming language will be accepted and your program must
compile and run with a Makefile on nunki.usc.edu. (Sorry, no Java.)
You must be familiar with the Unix development environment
(vi/pico/emacs, cc/gcc or g++/CC, make, etc.)
If you are not familiar with Unix, please read Unix for the Beginning Mage,
a tutorial written by Joe Topjian.
If a student signs up late for this class,
he/she is still required to turn all projects and homeworks
on time or he/she will receive a score of 0 for these assignments.
No exceptions!
|
|
|