University of California, Berkeley,
CS294-90: Cryptography and Cryptanalysis, Spring, 2013

Time MW 10:30-12:00
Location: 310 Soda Hall

Instructor and Office Hours

John L. Manferdelli and David A. Wagner
Email: johnmanferdelli@hotmail.com
Office: Soda 711
Office Hours: M 2:00-4:00 (and by appointment)

Class Description

Typically, people do not make a living at cryptography or cryptanalysis, yet many people benefit from a deeper understanding of both.

Cryptography is virtually the only mechanism for providing confidentiality, authentication, privacy and integrity in distributed systems, including the internet, and systems with radio based communications. So cryptography is a basic tool for computer scientists.

You can't really design a good cryptosystem if you don't know how they break. That's what cryptanalysis is all about. More importantly, it's hard to know how to use cryptosystems properly if you don't know how they break and how they are designed.

This class will be a hands on study of both cryptography and cryptanalysis with less focus on theory and more focus on actual practice.

We'll cover much of the following (depending on class interest):

Classical ciphers: Enigma, Purple, M-209, SIGABA.
Random Numbers: Estimates and learning, entropy estimation and HMM, independence.
Block Ciphers: DES, FEAL-4, AES, modes of operation. related keys, weak keys, integral attacks, differential cryptanalysis of DES and FEAL-4, linear cryptanalysis of DES and FEAL, cryptanalysis of AES candidates, solving algebraic equations.
Stream Ciphers: Linear shift registers, non-linear shift registers, RC4, complexity and Berlekamp-Massey, approximation attacks, correlation, immunity, WEP attack.
Cryptographic hashes and one way functions: Dobbertin's attack on MD4, Differential Crypto, SHA-0, SHA-1, SHA-2, SHA-3.
Public Key Schemes: Distribution of primes, factoring, sieves, discrete logs, index calculus, Pollard rho, Elliptic curves, MOV attacks, reduction techniques, point counting, ECC parameters.
Protocols and their discontents: TLS, IPSEC, proof of possession, CMS, splicing attacks, key management and side channel attacks.
Using cryptography in real systems.

Required Background: Algorithms, discrete math (probability, beginning group theory, elementary number theory), linear algebra, and the ability to program (for analysis of cryptosystems). See me if you have any questions.

Textbook

There is no textbook but I'll post extensive notes. You can find some references here.

Mail

I keep a course mailing list for announcements. Please send me your email address. If you need to send me an email, please prepend the subject line with "[CS290]".

Grading

The grade will be derived from one take-home exam and a modest class project covering some aspect of cryptography agreed on with the instructor. There will be homework but it won't be graded. However, many of the homework problems can be expanded into class projects and will be helpful for the take-home exam.

A Word from Our Sponsors

The material on this web site is provided "as is" without any warranty. There are likely to be mistakes. If you find any mistakes or if there is material that you believe might infringe on the right of a third party, please let me know.

Please comply with the University of California, Berkeley Rules of Academic Conduct.

Schedule (Subject to Change)

Date

Topics, readings, and assignments

Week 1
January 23, 2013

Topic: Introduction
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 2
January 28/30, 2013

Topic: Cryptography joins the 20th Century
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 3
February 4/6, 2013

Topic: Cryptography in 1975: Block Ciphers and DES
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 4
February 11/13, 2013

Topic: Block Ciphers: FEAL and AES
Lecture Notes: Lecture Notes and Lecture Notes
Homework Assignment: Homework

Week 5
February 20, 2013
Februrary 18 is a holiday.

Topic: Modes of operation
Lecture Notes: see previous notes.
Homework Assignment: Homework

Week 6
February 25/27, 2013

Topic: One way functions and cryptographic hashes
Lecture Notes: Lecture Notes and Lecture Notes
February 27: Special Guest Lecture, Jesse Walker,
Hash function construction and SHA-3
Homework Assignment: Homework

Week 7
March 4/6, 2013

Topic: Public key cryptography: RSA
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 8
March 18/20, 2013

Topic: RSA and MACs
Lecture Notes: Lecture Notes
Homework Assignment: Homework

March 25-29, 2013

Topic: Intersession break. Work on your projects!
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 9
April 1/3, 2013

Topic: Public key cryptography: Discrete log systems
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 10
April 8/10, 2013

Topic: Random numbers and cryptographic protocols
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 11
April 15, 2013. No class April 17, 2013.

Topic: Elliptic Curve Cryptography
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 12
April 22/24, 2013

Topic: Elliptic curve based systems
Lecture Notes: Lecture Notes
Homework Assignment: Homework

Week 13
April 30/May 1, 2013

Topic: Presentation of class projects. Take home exam distributed on May 1.
Presentation Schedule: Presentation Schedule

Week 15
May 6-17, 2013

Take home exam due on May 8, 2013 5PM PDT, mail exams to instructor
Projects due.

Date	Topics, readings, and assignments
Week 1 January 23, 2013	Topic: Introduction Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 2 January 28/30, 2013	Topic: Cryptography joins the 20th Century Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 3 February 4/6, 2013	Topic: Cryptography in 1975: Block Ciphers and DES Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 4 February 11/13, 2013	Topic: Block Ciphers: FEAL and AES Lecture Notes: Lecture Notes and Lecture Notes Homework Assignment: Homework
Week 5 February 20, 2013 Februrary 18 is a holiday.	Topic: Modes of operation Lecture Notes: see previous notes. Homework Assignment: Homework
Week 6 February 25/27, 2013	Topic: One way functions and cryptographic hashes Lecture Notes: Lecture Notes and Lecture Notes February 27: Special Guest Lecture, Jesse Walker, Hash function construction and SHA-3 Homework Assignment: Homework
Week 7 March 4/6, 2013	Topic: Public key cryptography: RSA Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 8 March 18/20, 2013	Topic: RSA and MACs Lecture Notes: Lecture Notes Homework Assignment: Homework
March 25-29, 2013	Topic: Intersession break. Work on your projects! Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 9 April 1/3, 2013	Topic: Public key cryptography: Discrete log systems Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 10 April 8/10, 2013	Topic: Random numbers and cryptographic protocols Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 11 April 15, 2013. No class April 17, 2013.	Topic: Elliptic Curve Cryptography Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 12 April 22/24, 2013	Topic: Elliptic curve based systems Lecture Notes: Lecture Notes Homework Assignment: Homework
Week 13 April 30/May 1, 2013	Topic: Presentation of class projects. Take home exam distributed on May 1. Presentation Schedule: Presentation Schedule
Week 15 May 6-17, 2013	Take home exam due on May 8, 2013 5PM PDT, mail exams to instructor Projects due.

University of California, Berkeley, CS294-90: Cryptography and Cryptanalysis, Spring, 2013

Time MW 10:30-12:00 Location: 310 Soda Hall