Welcome to CS 590 (Practical and Applied Cryptography)!
Instructor: Christina Garman (clg@purdue.edu)
OVERVIEW
In 2016 more than 2 billion records and $450 billion were lost due to publicly-reported criminal and nation-state cyberattacks across the globe, and over 100 million medical records were stolen in the United States alone. The failure of our existing security infrastructure motivates the need for improved technologies, and cryptography provides a powerful tool for doing this. Over the past several years though, we have seen a number of serious vulnerabilities in the cryptographic pieces of systems, some with large consequences.
This course will teach cryptography and cryptographic design principles as they are applied to real world systems, both in how to correctly use cryptography to build secure systems as well as examining flaws and "breaks" in already deployed systems. We will also discuss the mistakes that led to these flaws, how these flaws could have been prevented, and various tools and techniques that exist for building cryptographic systems in practice. Students will have the opportunity to implement cryptographic schemes and explore cryptographic failures in practice, as well as engage in a semester-long research project related to applied cryptography. The course will be largely lecture-based.
Time: Tu/Th 4:30pm-5:45pm
Location: Lawson 1106 and livestreaming on Brightspace
Prerequisites:
CS 526 (Information Security) or CS 426 (Computer Security) or permission of the instructor
Programming experience: Some of the assignments will require programming knowledge and we will be implementing cryptographic schemes, so you should be comfortable programming.
Strongly recommend either: CS 355 (Introduction to Cryptography) or CS 555 (Cryptography and Data Security) but not required.
OFFICE HOURS
My office hours will be TBA in my office (Lawson 1185), as well as online.
I will be available by appointment as well.
GRADING
The course will be largely lecture based, though we will occasionally be reading and discussing papers. We will also have a few projects, both in implementing cryptographic schemes as well as exploring cryptographic failures in practice. Finally, there will be a semester-long research project related to applied cryptography.
While this is a lecture-based course, discussion will still be very important, so part of your grade will include a participation component. So please attend class! If you cannot make class for any reason (such as job interviews, etc.), please let me know as you will not be penalized for this.
Assignments: 50%
Midterm: 20%
Course Project: 20%
Class participation: 10%
Final grades will be assigned on a curve at the end of the course.
SCHEDULE
This schedule is subject to change.
TBD
| Week | Topic | Readings |
|---|---|---|
| Week 1 | Introduction | Reflections on Trusting Trust Optional: The Security Mindset Optional: How to Think Like a Security Professional |
| Week 2 | Basics of Cryptography | Historical Cryptography |
| Week 3 and 4 | Introduction to Symmetric Cryptography | Symmetric Key Cryptography Notes Optional: Authenticated Encryption Deep Dive |
| Week 5 and 6 | Introduction to Public Key Cryptography | Public Key Cryptography Notes Notes on Algebra and Number Theory Twenty Years of Attacks on the RSA Cryptosystem Optional: The Discrete Logarithm Problem Optional: Main Computational Assumptions in Cryptography |
| Week 7 | TLS | Lessons Learned in Implementing and Deploying Crypto Software Optional: https://tlseminar.github.io/ |
| Week 8 | TLS Attacks | |
| Week 9 | Protocols (Authentication, SSH, DNSSEC, Secure Messaging, etc.) |
|
| Week 10 | Cryptographic Hardware | |
| Week 11 | Cryptographic Side-channels | |
| Week 12 | Provable Security | |
| Week 13 | Multi-party computation (MPC) | |
| Week 14 | Zero-knowledge proofs | |
| Week 15 | Ethics, Law, and Policy | |
| Week 15 | Make-up/Catch-up/Relevant current topics |
PROJECTS
All projects will be submitted on Brightspace unless otherwise noted.
ASSIGNMENTS
All assignments will be submitted on Brightspace unless otherwise noted.
Assignment 1: Due Tuesday January 26th, 2021 at 4:30pm
PAPER LIST
TBA
Students are expected to have read the associated paper(s) BEFORE each class.
If you have any suggestions for papers that you would like to present, please let me know!
ADDITIONAL RESOURCES
A Few Thoughts on Cryptographic Engineering
No textbook is required, but if you would like additional resources the following may be useful:Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone
Modern Cryptography: Theory and Practice by Wenbo Mao
Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell
Resources for Cryptographic Background
COMPUTER SCIENCE DEPARTMENT ACADEMIC INTEGRITY POLICY
The Department of Computer Science expects and enforces the highest standards of academic integrity and ethics. The Department takes severe action against academic dishonesty, which may include failing grades on an assignment or in a course, up to a recommendation for dismissal from the University.
Academic dishonesty is defined as any action or practice that provides the potential for an unfair advantage to one individual or one group. Academic dishonesty includes misrepresenting facts, fabricating or doctoring data or results, representing another's work or knowledge as one's own, disrupting or destroying the work of others, or abetting anyone who engages in such practices.
Academic dishonesty is not absolute because the expectations for collaboration vary. In some courses, for example, students are assigned to work on team projects. In others, students are given permission to collaborate on homework projects or to have written materials present during an examination. Unless otherwise specified, however, the CS Department requires all work to be the result of individual effort, performed without the help of other individuals or outside sources. If a question arises about the type of external materials that may be used or the amount of collaboration that is permitted for a given task, each individual involved is responsible for verifying the rules with the appropriate authority before engaging in collaborative activities, using external materials, or accepting help from others.
A student accused of academic dishonesty must be afforded due process as defined by Purdue University procedures. The Dean of Students Office may be notified concerning an academic dishonesty incident as provided by Purdue University procedures.
Last modified Tue 19 January 2021.