Foundations of Cryptography
CS579A/CpE579A Spring 2012
Antonio R. Nicolosi
Thursdays, 6:15–8:45pm, EAS 229
Office hours: Mondays 4pm–5pm, Babbio 624
Office hours: Fridays 1pm–2pm, Babbio 642
This course introduces the fundamental notions underlying the design
and evaluation of cryptographic primitives. Emphasis will be placed
on understanding the process by which security goals are abstracted
into suitable definitions amenable to mathematical treatment.
Definitions are then exemplified by proof-of-concept constructions,
practical mechanisms, or both, and their applications to address
concrete security concerns are discussed. The coursework includes
several programming assignments and presumes familiarity with the C
Topics to be covered include: perfect (Shannon) secrecy, one-time pad,
pseudo-randomness, block and stream ciphers, security notions for
encryption schems, cryptographic hash functions, message
authentication codes, public-key cryptosystems, key distribution,
digital signatures, certificates, public key infrastructure (PKI).
Various security standards and protocols such as DES, AES, SHA-1, HMAC,
Diffie-Hellman, ElGamal, RSA, OAEP, Rabin, PSS/PSS-R are also discussed.
Work Load Breakdown & Grading
- Work load breakdown
2.5 hrs/week: Class attendance
3.5 hrs/week: Readings, Reverse homework
3.0 hrs/week: Programming assignments
25%: Class participation, Reverse homework
40%: Final exam
30%: Programming assignments
Introduction. Perfect secrecy.
One-time-pad encryption. Characterizations of perfect secrecy.
Limitations of perfect secrecy. Towards the computational approach:
Indistinguishability-based definitions of secrecy.
Concrete security and asymptotic security.
Computational indistinguishability and
(computationally) secure symmetric-encryption.
Pseudo-randomness I: Pseudo-random number generators (PRNG, or
The computational one-time pad.
Pseudo-randomness II: Properties of PRNGs. Example of how (not to)
compose PRNGs. The cascading construction. Forward security for
Pseudo-randomness III: Pseudo-random functions (PRFs) and
pseudo-random permutations (PRPs and strong PRPs/blockciphers).
The Feistel transform and the design of DES.
Applications of PRFs/s-PRPs: Chosen-Plaintext Attacks (CPA) security.
Modes of operation: CTR, OFB, CFB, CBC.
Data origin and Message Authentication Codes (MACs).
Data integrity and cryptographic hash functions
(collision resistant vs. universal hash functions).
Toward asymmetric cryptography: The key exchange problem. Merkle
puzzles. The Diffie-Hellman Key Exchange protocol.
Review of basic facts about finite groups and number theory.
Easy and hard problems in Zp*.
Quadratic residuosity in Zp*.
The Pohlig-Hellman cipher and Shamir's no-key protocol.
Public-key encryption: Security notions and applications.
Easy and hard problems in Zn*.
Quadratic residuosity in Zn*.
Rabin encryption. The RSA family of permutations.
Chosen-ciphertext (CCA) security. RSA-OAEP encryption.
Digital signatures and the notion of Public-Key Infrastructure.
- February 16:
Lab 0 due.
- March 22:
March 29 April 5:
Lab 1 due.
May 1 May 5:
Lab 2 due.
- May 3:
Misc On-line Resources
Permission hereby granted for anyone to copy, modify, and redistribute
any lecture note material from this class that belongs to the