What this course is about

The primary focus of this course will be on definitions and constructions of various cryptographic objects, such as pseudo-random generators, encryption schemes, digital signature schemes, message authentication codes, block ciphers, commitment schemes and others time permitting. We will try to understand what security properties are desirable in such objects, how to properly define these properties, and how to design objects that satisfy them.

Once we establish a good definition for a particular object, the emphasis will be on constructing examples that provably satisfy the definition. Thus, a main prerequisite of this course is mathematical maturity and a certain comfort level with proofs. I will be doing proofs in class, and you will be doing them on the homeworks.

In addition to proofs, we will also study many practical cryptosystems, such as RSA, ElGamal, Diffie-Hellman, DES, RC4, SHA-1 and so on. However, instead of simply taking these acronyms as a black-box, we will see precisely how they are built, and what security level they achieve in various scenarios. No programming will be required for this course.

At the end of this course, you should be able to make sense of a good portion of current cryptography research papers and standards.

What this course is not about

This course will not teach you how to make your computer ``secure''. Cryptography is only one tool in computer security. The rest of computer security has to deal with such fascinating things as buggy code, poorly managed and ever-too-curious humans, the power consumption of smart cards, etc. We will mostly abstract all that away. I will, however, point out where the limitations of our models are and what else is needed for actual security.

This course will also not teach you how to implement the techniques we discuss in the most efficient manner. We will stop at cryptographic algorithms. The underlying number-theoretic algorithms will be discussed only briefly; the most advanced and efficient ones require more time than we will have. For example, if you only take this class, you should be able to program RSA, but many existing imlementations will be probably be much more efficient that yours.

Just because I will not teach these topics does not mean they are not worth your while. There are plenty of books and research papers to read and people to talk to if you are interested in pursuing any of these topics.

Topics to be Covered (Subject to Revision!)

Below is a rather ambitious plan for the topics I intend to cover, roughly in order. We will probably have to omit some as we go along. If we have to omit anything, we'll try to omit the extra constructions and keep the definitions.

Last modified: September 6, 2006