You are responsible for everything on this handout. Please read it.
What's This Course About?
We are going to learn about Modern Cryptography. My goal is to for you to understand the theoretical foundations of modern, real-world cryptosystems.
I expect to lecture on some or all of the following topics:
For each of these bulleted items, I could add "and their associated security notions", but don't for space reasons. (It would also be really repetitive.) Just assume it's there, because security notions are a big part of the course.
Course material is subject to change depending on how fast we go, and depending on student interests. There are so many things we could talk about!
- blockciphers and tweakable blockciphers
- symmetric encryption schemes (e.g. CBC and counter modes-of-operation)
- cryptographic hash functions (e.g. MD5, SHA1, SHA2)
- message authentication schemes (e.g. CBC-MAC, HMAC)
- authenticated encryption schemes (e.g. encrypt-then-MAC, OCB)
- "hard problem" primitives for public-key crypto (e.g. RSA)
- public-key encryption schemes (e.g. El Gamal and the KEM-DEM paradigm)
- digital signature schemes (e.g. FDH-RSA)
- randomness extraction
Is this a theory course, or a practical course?
Both! As I said a moment ago, this course is about the theoretical foundations of practical cryptosystems. Why does SSL/TLS use HMAC, and why should you believe this is a sound choice? How does the Diffie-Hellman key exchange work, and under what assumptions does it provide a "secure" session key? Why shouldn't I use "raw" RSA to encrypt my data? I have a fast implemenation of AES, what can I do (securely) with it? And so on. We will use theory to answer questions about cryptographic practice, and use cryptographic practice to motivate the theory.
That said, most people who take this course do view it as a "theory" course, in the sense that we'll devote a lot of time to abstractions, formal definitions, and proofs. These are the backbone of modern cryptography. (If we had more time, we would dive into important implementation details, and get our hands dirty with real-world crypto libraries.)
We will talk some about higher-level protocols like SSL and IPSec, and touch on topics such as certificates and trust chains. But at least 90% of the course will be about the pieces you need to build those higher-level objects.
How do I know if I'm prepared for this course?
It is hard to give a list of prerequisites for this course. It is essential that you have (or quickly develop) the ability to think carefully and precisely about abstract mathematics. I suppose we call this "mathematical maturity".
More concretely: you should be comfortable with basic discrete probability theory and algorithms; and knowing how to structure, write, and understand mathematical proofs will be critical for success in this course. If you know some algebra (for example, if you know what is a group), some number theory (for example, how to do modular arithmetic) that is great, but definitely not required. We will cover the parts of algebra and number theory that we need.
How is my grade determined?
85% of your grade will be determined by homework assignments. Expect 4-6 of them during the term. When computing the overall contribution of homework to your final grade, I will throw out the lowest of your scores.
For the remaining 15% of your grade, you will be required to select a recent paper from a top-tier venue (CRYPTO, EUROCRYPT, ASIACRYPT, CCS, IEEE Security and Privacy) and write a 3-5 page summary of it. More on this as the term progresses.
In any case, this is an elective course, so I expect that you are in the class because you are interested in the material and are prepared to put in serious effort. I reserve the right to adjust your final course grade up or down by as much as 5%, depending on my personal opinion of your performance in the course. (I've never actually downgraded anyone, as people I might be tempted to downgrade usually weed themselves out. But I still reserve the right to do so.)
More details about homework.
As the vast majority of your grade is determined by homework, let me say a bit more.
Your score for each homework assignment will be determined by the correctness of your solutions, and by the clarity of your presentation. Let me stress this point: if your solution is correct, but your presentation is sloppy, you will not receive full credit. Learning to communicate with logical, well organized, and concise prose and mathematics is an important part of academic maturity; these are skills that good scientists continue to hone throughout their careers. So, please, put serious effort into your solution write-ups.
Homework solutions should be typeset in LaTeX. It is the typesetting language of scientific publications, so get to know it. If you absolutely cannot handle LaTeX , then you should turn in neatly hand-written solutions. Do not turn in ASCII text -- math in ASCII is like nails on a chalkboard. (And math in MS Word is not much better...)
Stick to the notation we develop in class. When you need to create your own notation, think hard about it! Vague, under-defined, or otherwise imprecise notation hampers understanding, and generally makes me grumpy. (You don't want me to be grumpy.)
You may work in groups of up to three people on homework assignments. If you work with one or more person then you should turn in a single writeup. I urge you to understand everything that you turn in. If you let group-mates carry you on homework assignments, it will be obvious and I will take a negative view on this when grading.
Late homeworks will be accepted only under extreme circumstances, e.g. death in the family, incapacitating personal illness, emergency involving your children, attending a conference. Please talk to me as soon as possible if you think you will need to be late turning in an assignment.
Fully acknowledge the source of any outside ideas, whether it be a book, paper, website, or colleague. It's the right thing to do, and it's necessary for writing good research papers. You may share ideas with someone else as long as you acknowledge them. Failure to acknowledge outside sources will also make me grumpy.
What textbook(s) will we use?
There is no official textbook. I will make somewhat frequent reference to the Bellare-Rogaway course notes, although these are very much in draft form. The Handbook of Applied Cryptography is a useful resource, and free. Also, Katz and Lindell's Introduction to Modern Cryptography provides a nice treatment of most of the material we will cover (and more), but uses a different approach to making security statements. We will also make use of papers and other on-line resources, which I will make available on the course page.
When/Where do we meet?
Tuesday 8:30-10:25, Thursday 9:35-10:25 (CSE E119)
Office Hours: TBD and by appointment, MAE (Materials Engineering) 209 [map]
Do you have any hints for success?
- Read the course notes and ASK QUESTIONS when things are unclear.
- Work hard. (Duh!)
- Come to class on time.
- Participate in class!
- Don't be afraid to struggle on your own with the material. Your classmates and the web are great resources, but nothing will strengthen your mind as much as honest effort.
- That said, there is no shame in asking for help.
- Be polite to your classmates. You may be better than them at mathematics, writing proofs, etc., but that doesn't make you a superior person.
- Don't plagiarize, or try to fake your way through this class.
A reminder about academic honesty...
All forms of academic dishonesty, cheating, and fraud will be treated in accordance with UF policy. If you are not clear as to what constitutes academic dishonesty in this course, please come and talk to me. Better safe than sorry!