What this course is about

Below are few of the representative questions we will study in this course. How can one transmit a message so that the legal recipient can read it while the eavesdropper cannot? How can one digitally sign a message so that everybody can be convinced that the message is authentic and nobody can forge its signature? How can one proof the knowledge of some secret information without revealing this secret information? How can two people agree on a random secret over an insecure channel of communication?

We will give answers to these and many other exciting questions using the approach of modern cryptography. In this approach, we will try to understand what security properties are desirable in a given application, how to formally define these properties, and finally how to design objects that satisfy them. In this regard, we will study and define many useful ``building blocks'' (so called cryptographic primitives) that help solve many complicated cryptographic problems. This objects include pseudo-random generators, encryption schemes, digital signature schemes, message authentication codes, block ciphers, identification schemes and others time permitting.

Once we establish a good definition for a particular object, the emphasis will be on constructing examples that provably satisfy the definition. Thus, a main prerequisite of this course is mathematical maturity and a certain comfort level with proofs. I will be doing proofs in class, and you will be doing them on the homework. Still, this is not going to be a dry mathematical class: interaction, discussions and class participation will be strongly encouraged.

Finally, remember that the objects we study have numerous practical applications. In particular, secondary topics that we will cover only briefly will be current cryptographic practice and the history of cryptography and cryptanalisys. At the end of this course, you should be able to make sense of a good portion of current cryptography research papers and standards.

What this course is not about

This course will not teach you how to make your computer secure. Cryptography is only one tool in computer security. The rest of computer security has to deal with such fascinating things as buggy code, poorly managed and ever-too-curious humans, the power consumption of smart cards, etc. We will mostly abstract all that away. I will, however, point out where the limitations of our models are and what else is needed for actual security.

This course will also not teach you how to implement the techniques we discuss in the most efficient manner. We will stop at cryptographic algorithms. The underlying number-theoretic algorithms will be discussed only briefly; the most advanced and efficient ones require more time than we will have. For example, if you only take this class, you should be able to program RSA, but many existing imlementations will be probably be much more efficient that yours.

Finally, this course will not teach you how to design the next great block cipher, such as DES or AES, or the next cryptographic hash function, such as SHA or MD5. (There are very interesting techniques people use for that, but, unfortunately, our current understanding of these techniques does not allow us to prove any security properties of the resulting constructions.) Nor will this course teach you how to ``break'' such designs.

Just because I will not teach these topics does not mean they are not worth your while. There are plenty of books and research papers to read and people to talk to if you are interested in pursuing any of these topics.



Last modified: September 3, 2002